Page 1 H3C SecPath F5000-A5 Firewall Installation Manual Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Manual Version: 5PW101-20090424...
Page 2 Copyright © 2008-2009, Hangzhou H3C Technologies Co., Ltd. and its licensors All Rights Reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd. Trademarks H3C, , Aolynk,...
Page 3: About This Manual
About This Manual Organization H3C SecPath F5000-A5 Firewall Installation Manual is organized as follows: Chapter Contents Briefly introduces the product specifications, as 1 Firewall Overview well as the features and applications of the H3C SecPath F5000-A5. Introduces the slots and numbering rules of the 2 Arranging Slots and Numbering Interfaces H3C SecPath F5000-A5.
Page 4 Convention Description Alternative items are grouped in braces and separated by vertical bars. { x | y | ... } * A minimum of one or a maximum of all can be selected. Optional alternative items are grouped in square brackets and [ x | y | ...
Page 5 Obtaining Documentation You can access the most up-to-date H3C product documentation on the World Wide Web at this URL: http://www.h3c.com. The following are the columns from which you can obtain different categories of product documentation: [Products & Solutions]: Provides information about products and technologies, as well as solutions. [Technical Support &...
Page 6: Table Of Contents
Table of Contents 1 Firewall Overview ······································································································································1-1 Introduction ·············································································································································1-1 Physical Description································································································································1-2 Front View ·······································································································································1-2 Rear View ········································································································································1-3 System Specifications ·····························································································································1-4 MPU–NSQ1MPUA0 ························································································································1-4 LPU–NSQ1GT8C40 ························································································································1-7 LPU–NSQ1XP20 ·····························································································································1-9 Dimensions and Weight·················································································································1-10 Voltage and Current ······················································································································1-10 Fan Tray ········································································································································1-11 Operating Environment··················································································································1-11 Components··········································································································································1-11 MPU–NSQ1MPUA0 ······················································································································1-11 LPU–NSQ1GT8C40 ······················································································································1-17 LPU–NSQ1XP20 ···························································································································1-22 Power Supply Module····················································································································1-23...
Page 7: Firewall Overview
Firewall Overview Introduction The H3C SecPath F5000-A5 firewall (hereinafter referred to as the F5000-A5) is a high-end core firewall product developed by Hangzhou H3C Technologies Co., Ltd. (hereinafter referred to as H3C) to deliver extremely high-performance security solutions for large-sized enterprises, carriers and data center networks.
Page 8: Physical Description
Physical Description Front View Figure 1-1 Front view of the F5000-A5 (15) (14) (13) (12) (11) (10) (1) Left mounting bracket (2) Main processing unit (MPU) (3) Right mounting bracket (4) Chassis handle (5) Weight-bearing warning label (50 kg/110.2 lb.) (6) Fan tray (8) Blank panel for PoE PSU (reserved PoE (7) AC power module (PWR1)
Page 9: Rear View
Rear View Figure 1-2 Rear view of the F5000-A5 (1) Warning label (2) Handle on the rear chassis panel (3) Upper slide rail for the air filter (optional) (4) Air filter (optional) (5) Lower slide rail for the air filter (optional) (6) Chassis handle (7) Weight-bearing warning label (50 kg/110.2 lb.) (8) Grounding screw and sign...
Page 10: System Specifications
System Specifications MPU–NSQ1MPUA0 Front view Figure 1-3 Front view of the MPU (1) Link status LED of the management (2) Data reception/transmission LED of the Ethernet port (LINK) management Ethernet port (ACT) (4) Data reception/transmission LED of the HA port (3) Link status LED of the HA port (LINK) (ACT) (5) CF card eject button (CF CARD)
Page 11 Item Specification AUX port 1 (9600 bps to 115200 bps, 9600 bps by default) Management Ethernet port 1 (10Base-T/100Base-TX/1000Base-T) HA port 1 (10Base-T/100Base-TX/1000Base-T) 256 MB by default for the built-in CF card CF card 256 MB, 512 MB, or 1 GB for an optional external CF card 2 (USB 0: operating in the host mode;...
Page 12 Table 1-2 Description of the device status LEDs Status Description No power input or the MPU is faulty. Slow blinking (1 Hz) The MPU is operating normally. The application software is being loaded (in this state, never RUN (green) Fast blinking (8 Hz) power off the device or hot-swap the MPU;...
Page 13: Lpu-Nsq1Gt8C40
CF card LED Table 1-5 Description of the CF card LED Status Description No CF card is present or the CF card is not recognizable. A CF card is in position and has been detected. CF (green) The system is accessing the CF card. Do not remove the CF Blinking card in this state.
Page 14 Technical specifications Table 1-6 Technical specifications of NSQ1GT8C40 Item Description DDR2 SDRAM Memory type and size 1 memory slot 512 MB (default), 1 GB (maximum) 10 Mbps, half/full duplex Electrical interfaces 100 Mbps, half/full duplex 1000 Mbps, full duplex 4 (electrical/optical) 10 Mbps, half/full duplex Combo interfaces Electrical interfaces...
Page 15: Lpu-Nsq1Xp20
Status Description No link is present on the corresponding interface. Solid green A 1000 Mbps link is present on the interface. GE0 through GE11 Blinking green Data is being transmitted or received at 1000 Mbps. (yellow/green) Solid yellow A 10/100 Mbps link is present on the interface. Blinking yellow Data is being transmitted or received at 10/100 Mbps.
Page 16: Dimensions And Weight
LPU LEDs Table 1-9 Description of the LEDs on NSQ1XP20 Status Description No power input or the LPU is faulty. Slow blinking (1 Hz) The LPU is operating normally. The application software is being loaded (in this state, RUN (green) Fast blinking (8 Hz) never power off the device or hot-swap the LPU;...
Page 17: Fan Tray
Fan Tray Table 1-12 Technical specifications of the fan tray Item Specification Rated voltage 12 VDC Total fan power consumption 50 W Dimensions (H × W × D) 227 × 31 × 413.3 mm (8.94 ×1.22 × 16.27 in.) Table 1-13 Description of the fan tray LEDs Status Description RUN (green)
Page 18 Memory module The memory module is used for storing data exchanged between the system and the CPU. The default memory size of the MPU is 2 GB, which is the maximum memory size supported by the MPU. The MPU provides two memory slots for memory modules of the same size. You can use DDR2 SDRAM-1GB for the MPU of the device.
Page 19 The CF card is hot-swappable. When the CF LED is blinking, do not unplug the CF card. Otherwise, the file system on the CF card may be damaged. Console port Introduction The F5000-A5 provides an RS232 asynchronous serial console port, which can be connected to a computer for system debugging, configuration, maintenance, management, and host software loading.
Page 20 RJ-45 pin Signal direction DB-9 Signal — For the connection of the console cable, refer to the section talking about connecting a console cable in Chapter 4 “Installing the Firewall.” AUX port Introduction The AUX port is an RS232 asynchronous serial port used for remote configuration or dialup backup. You need to connect the local modem to the remote modem through the PSTN to reach the remote device for remote system debugging, configuration, maintenance, and management.
Page 21 Figure 1-9 AUX cable Table 1-18 AUX cable connector pinouts RJ-45 Signal direction DB-25 DB-9 Signal — For how to connect the AUX cable, refer to the section talking about connecting the AUX Cable to a modem in Chapter 4 “Installing the Firewall.” Management Ethernet port/HA port The management Ethernet port is a 10Base-T/100Base-TX/1000Base-T RJ-45 auto-sensing interface.
Page 22 Table 1-19 Technical specifications of the management Ethernet port/HA port Item Description Connector type RJ-45 1 management Ethernet port Port quantity 1 HA port Interface type Automatic MDI/MDIX Ethernet_II Frame formats Ethernet_SNAP 10 Mbps, half/full duplex Interface speed and duplex mode 100 Mbps, half/full duplex 1000 Mbps, full duplex Maximum transmission distance...
Page 23: Lpu-Nsq1Gt8C40
Never replace the clock module battery when the device is powered on. The system time gets lost once the clock module battery is removed. You need to set the system time again through the command line interface. Use the clock datetime time date command in user view to set the system date and time. For details about the clock datetime command, refer to H3C SecPath Series Security Products User Manual.
Page 24 Technical specifications for Ethernet interfaces Technical specifications for electrical Ethernet interfaces Table 1-21 Technical specifications for electrical Ethernet interfaces Item Description Connector type RJ-45 Interface type Automatic MDI/MDIX Ethernet_II Frame formats Ethernet_SNAP 10 Mbps, half/full duplex Interface speed and duplex mode 100 Mbps, half/full duplex 1000 Mbps, full duplex When 10/100 Mbps and half/full duplex mode are specified for an electrical Ethernet interface, the...
Page 25 Item Description 62.5/125 9/125 μm 9/125 μm 9/125 μm 9/125 μm μm Fiber type single-mode single-mode single-mode single-mode multimode fiber fiber fiber fiber fiber Maximum 0.55 km 10 km (6.21 40 km (24.86 40 km (24.86 70 km (43.50 transmission (0.34 miles) miles) miles)
Page 26 Before using an optical fiber to connect a network device, verify that the optical fiber connector matches the optical module. Before connecting an optical fiber, make sure the received optical power at the local end does not exceed the upper threshold of the receiving optical power of the optical module. Otherwise, the optical module may be damaged.
Page 27 Table 1-24 Crossover cable connector pinouts Category-5 RJ-45 Signal direction Signal direction RJ-45 twisted pair White (Orange) TX– Orange White (Green) — Blue — — White (Blue) — RX– Green — White (Brown) — — Brown — You can refer to the tables above when distinguishing between and preparing these two types of Ethernet cables.
Page 28: Lpu-Nsq1Xp20
LPU–NSQ1XP20 Introduction to 10 GE interfaces NSQ1XP20 provides two XFP interfaces (10GBASE–R), which operate in the LAN PHY mode rather than the WAN PHY mode. An XFP interface operating in the LAN PHY mode supports a maximum data-rate of 10.3125 Gbps. The LED for an XFP interface is on the right of the interface, indicating the status of the interface.
Page 29: Power Supply Module
Figure 1-13 An XFP transceiver No XFP transceivers are shipped with the F5000-A5. Use only the XFP transceivers provided by H3C. The device cannot recognize other XFP transceivers. For how to connect XFP transceivers, refer to the section talking about connecting Ethernet cables in Chapter 4 “Installing the Firewall.”...
Page 30 Table 1-26 AC power module specifications Item Specification Rated voltage range 100 VAC to 240 VAC; 50/60 Hz Maximum input current 10 A Maximum power consumption 650 W Dimensions (H × W × D) 40.2 × 140 × 353.5 mm (1.58 × 5.51 ×13.92 in.) Table 1-27 Description of the AC power LED Status Description...
Page 31: Port Lightning Arrester (Optional)
Table 1-29 Description of the DC power LED Status Description No power input is present. Solid green The power module is working normally. Solid red The power module is faulty. Figure 1-15 DC power module (1) Captive screw (2) Power input terminals (3) Power switch (4) Power LED (5) Power module handle...
Page 32: Signal Lightning Arrester (Optional)
The following power lightning arrester can be installed on the F5000-A5. The specifications for the power lightning arrester are as follows: Maximum discharge current: 6500 A, protection voltage: 220 VAC to 500 VAC. For the installation of a power lightning arrester, refer to Chapter 4 “Installing the Firewall.” Signal Lightning Arrester (Optional) Generally, you need to install a signal lightning arrester between a signal cable and the connected device.
Page 33 Table of Contents 2 Arranging Slots ands Numbering Interfaces ··························································································2-1 Slot Arrangement ····································································································································2-1 Numbering Interfaces······························································································································2-1 Examples ················································································································································2-2 Numbers of interfaces on NSQ1GT8C40························································································2-2 Numbers of interfaces on NSQ1XP20·····························································································2-2...
Page 34: Arranging Slots Ands Numbering Interfaces
Arranging Slots ands Numbering Interfaces Slot Arrangement The F5000-A5 supports many types of interfaces, such as Console, AUX, GigabitEthernet, and Ten-GigabitEthernet interfaces. This chapter describes how these interfaces are numbered. Figure 2-1 Slot arrangement on the F5000-A5 The numbers 0 through 4 in Figure 2-1 represent Slot 0 through Slot 4 on the device respectively. Actually, these numbers are not silk-screened on the device.
Page 35: Numbers Of Interfaces On Nsq1Gt8C
The HA port is permanently Inner-Ethernet0/1. Examples Numbers of interfaces on NSQ1GT8C40 If the LPU is installed in Slot 1, GigabitEthernet interfaces on the LPU are numbered as follows: GigabitEthernet 1/0 GigabitEthernet 1/1 GigabitEthernet 1/2 GigabitEthernet 1/3 GigabitEthernet 1/4 GigabitEthernet 1/5 GigabitEthernet 1/6 GigabitEthernet 1/7 GigabitEthernet 1/8...
Page 36 Table of Contents 3 Preparing for Installation ··························································································································3-1 Environment Requirements ····················································································································3-1 Temperature and Humidity Requirements ······················································································3-1 Cleanness Requirements ················································································································3-1 Ventilation Requirements ················································································································3-2 Electrostatic Discharge Prevention ·································································································3-2 Electromagnetic Interference Prevention ························································································3-4 Lightning Protection·························································································································3-4 Cabinet-Mounting Requirements·····································································································3-5 Safety Precautions ··································································································································3-5 Safety Signs ····································································································································3-5 General Safety Recommendations ·································································································3-5 Electricity Safety ······························································································································3-5 Installation Tools, Meters and Devices ···································································································3-6...
Page 37: Preparing For Installation
Preparing for Installation Environment Requirements The device is designed for indoor application. To ensure the normal operation and prolong the service life, the installation site must meet the requirements mentioned hereunder. Temperature and Humidity Requirements The temperature and humidity in the equipment room shall be maintained at an appropriate level. A long-time high relative humidity will quite likely result in poor insulation performance, electric leakage, mechanical property change, and corrosion.
Page 38: Ventilation Requirements
Table 3-3 Concentration limit of some harmful gases in the equipment room Max (mg/m 0.006 0.05 0.01 Ventilation Requirements The fans of the F5000-A5 draw air in through the inlet vents on the left and out through the exhaust vents on the right. Figure 3-1 Ventilation method for the F5000-A5 Make sure that: There is a minimum clearance of 10 cm (3.9 in.) around the inlet vents and exhaust vents for heat...
Page 39 Make sure that the device and the floor are well grounded. Take dust-proof measures for the equipment room. Maintain the humidity and temperature at a proper level. Always wear an ESD-preventive wrist strap or antistatic clothing when touching a circuit board or optical module.
Page 40: Electromagnetic Interference Prevention
Figure 3-2 Wear an ESD-preventive wrist strap (1) ESD-preventive wrist strap (2) Snap fastener (3) ESD socket (4) Connector Electromagnetic Interference Prevention All possible interference sources, external or internal, affect the device in the way of capacitance coupling, inductance coupling, electromagnetic radiation, and common impedance (including the grounding system) coupling.
Page 41: Cabinet-Mounting Requirements
Install a lightning arrester at the input end of the power supply to enhance the lightning protection capability of the power supply. Install a special lightning arrester at the input end of outdoor signal lines to which interface modules of the device are connected to enhance the lightning protection capability. For the installation of the power lightning arrester and signal lightning arrester, refer to “Installing a Power Lightning Arrester (Lightning Protection Busbar) (Optional)”...
Page 42: Installation Tools, Meters And Devices
Make sure the device is correctly grounded. Do not open or close the chassis cover when the device is powered on. Connect the interface cables for the firewall correctly. Use laser with caution. Do not directly stare into apertures or fiber connectors that emit laser radiation.
Page 43: Checklist Before Installation
Checklist Before Installation Table 3-4 Checklist before installation Item Requirements There is a minimum clearance of 10 cm (3.9 in.) around the inlet vents and exhaust vents for heat dissipation of Ventilation the router chassis. A ventilation system is available at the installation site. Temperature 0°C to 45°C (32°F to 113°F) Relative humidity...
Page 44 Item Requirements Installation accessories supplied with the firewall Installation tools User supplied tools Documents shipped with the firewall Reference Electronic documents...
Page 45 Table of Contents 4 Installing the Firewall ································································································································4-1 Preparations············································································································································4-1 Installation Flowchart ······························································································································4-1 Installing the Firewall in a Rack ··············································································································4-1 Dimensions of the Firewall ··············································································································4-2 Installing an N68 Rack·····················································································································4-2 Installing Mounting Brackets onto the Firewall················································································4-2 Install the Firewall in a Rack············································································································4-3 Installing Generic Modules······················································································································4-4 PGND Cable Connection ························································································································4-5 Importance of the PGND Cable·······································································································4-5...
Page 46: Installing The Firewall
Installing the Firewall Preparations Before installing the firewall, make sure that you have read through Chapter 3 “Preparing the Installation.” Make sure all the requirements mentioned in Chapter 3 “Preparing the Installation” are satisfied. Installation Flowchart Figure 4-1 Installation flowchart for the F5000-A5 Start Install the firewall to the specified position...
Page 47: Dimensions Of The Firewall
Dimensions of the Firewall The F5000-A5 is designed to fit standard 19-inch racks. The following table describes the dimensions of the firewall. Table 4-1 Dimensions of the device Item Description Dimensions without foot pads and mounting 308 × 436 × 476 mm (12.13 × 17.17 × 18.74 in.) brackets (H ×...
Page 48: Install The Firewall In A Rack
Figure 4-3 Structure of mounting brackets (1) Left mounting bracket (2) Right mounting bracket Install mounting brackets to the firewall Before installing the firewall in the rack, fix the mounting brackets respectively to the left and right sides of the front panel of the firewall. Figure 4-4 shows how to install the mounting brackets. Figure 4-4 Install mounting brackets to the firewall Install the Firewall in a Rack Follow these steps to install the firewall in a rack:...
Page 49: Installing Generic Modules
Step4 Put the firewall on the support tray and slide the firewall along the slide rails to an appropriate place. Step5 Fix the firewall in the rack horizontally and firmly by fastening the mounting brackets onto the rack posts with pan-head screws. The size of pan-head screws should satisfy the installation requirements (maximally M6) and the surface of the screws should be anti-rust treated.
Page 50: Pgnd Cable Connection
PGND Cable Connection Importance of the PGND Cable A correct connection of the protection ground (PGND) cable on the device chassis is an essential safeguard against lightning strokes and electromagnetic interference (EMI). When installing or using the firewall, make sure the PGND cable is correctly connected. The power input end of the firewall is equipped with a noise filter.
Page 51: Installing A Port Lightning Arrester (Optional)
Step3 Fasten the grounding screw, which is attached with the OT terminal, into the grounding screw hole with a screwdriver. Step4 Connect the other end of the PGND cable to the ground. Generally, the cabinets installed in equipment rooms are equipped with a ground bar. If a grounding bar is available, you can connect the PGND cable of the firewall to the grounding bar as follows: a) Use a cable stripper to strip off the insulation rubber about 15 mm (0.59 in.) from the PGND cable.
Page 52: Tools
Port protective unit–single port, maximum discharge current (8/20μs waveform): 5 kA, output voltage (10/700μs waveform): core-core < 40 V, core-ground < 600 V. Tools Philips or flat-blade screwdriver Multimeter Diagonal pliers Installation Procedures Follow these steps to install a port lightning arrester: Step1 Use a double-faced adhesive tape to stick the port lightning arrester to the firewall.
Page 53: Precautions
Precautions Pay attention that the performance of the port lightning arrester may be affected in the following cases: The IN and OUT ends of the port lightning arrester are incorrectly connected. The IN end should be connected to the external cable while the OUT end should be connected to the Ethernet interface of the firewall.
Page 54: Selecting And Installing A Signal Lightning Arrester (Optional)
After the AC power cord connector of the device is plugged into a multi-purpose socket of the power lightning arrester (lightning protection busbar), if the green LED is on while the red LED is off, the lightning protection is functioning normally. Pay attention when the red LED is on.
Page 55: Connecting The Power Cables
Connecting the Power Cables Power Supply Interface and PGND Terminal You can use AC power modules for AC power input or DC power modules for DC power input for the F5000-A5. Table 4-2 shows the specifications for the power supply interface and PGND terminal. Table 4-2 Power supply interface and PGND terminal of the device Item Description...
Page 56: Connecting The Dc Power Cord
Connection procedure Follow these steps to connect the AC power cord: Step1 Make sure that the PGND terminal is securely connected to the ground. Step2 Move the power switch of the power module to the OFF position. Step3 Move the bail latch holder to the left. Step4 Connect one end of the supplied AC power cord to the AC power socket of the firewall, and the other end to an AC power outlet.
Page 57 Figure 4-12 DC power module (1) Captive screw (2) DC input terminals (3) Power switch (4) Power LED (5) Power module handle DC power cables Figure 4-13 DC power cables (1) Naked crimping terminal, OT, 6mm^2, M4, tin plating, naked ring terminal, 12 to 10 AWG (2) Heat shrink tube (3) Label 1 (+) (4) Power cable, 600V, UL10455, 5.3 mm^2, 10AWG, black, 45 A...
Page 58: Connecting Interface Cables
Step1 Move the power switch to the OFF position. Step2 Remove the DC input terminals with a Philips screwdriver. Step3 Attach the end marked with “–“ of the supplied blue DC power cable to the negative terminal (–) on the power module and fasten the screw.
Page 59: Connecting The Aux Port To A Modem
Figure 4-14 Connect the Console cable (1) Console port (2) RJ-45 connector (3) Serial interface on the configuration terminal (4) DB-9 (female) connector (5) Console cable Connecting the AUX Port to a Modem The AUX port is usually used for remote configuration or dial backup. You need to connect the local modem to the remote modem through PSTN and then to the remote device.
Page 60: Connecting The Management Ethernet Port And Ha Port Cables
Figure 4-15 Connect the AUX cable (1) AUX port (AUX) (2) RJ-45 connector (3) AUX cable (4) Modem (5) DB-25 (male) or DB-9 (female) connector Connecting the Management Ethernet Port and HA Port Cables The management Ethernet port and HA port are 10Base-T/100Base-TX/1000Base-T RJ-45 auto-sensing interfaces.
Page 61: Connecting Ethernet Cables
Figure 4-16 Connect the management Ethernet port (1) Management Ethernet port (MANAGEMENT) (2) RJ-45 connector of the Ethernet cable (3) Console port (CONSOLE) (4) RJ-45 connector of the Console cable (5) Ethernet interface on the terminal (6) RJ-45 connector of the Ethernet cable (7) Serial interface on the terminal (8) DB-9 (female) connector (9) Ethernet cable...
Page 62 Figure 4-17 Remove the dust cover Step2 Align an SFP transceiver with the optical SFP transceiver receptacle, with the side having a release lever facing outward. Then insert it into the receptacle. Figure 4-18 Insert an optical transceiver Step3 Identify the Rx and Tx ports on the SFP transceiver module. Plug the two LC connectors at one end of the fiber cable into the Rx and Tx ports of the local SFP transceiver and the two LC connectors at the other end to the Rx and Tx ports of the peer SFP transceiver.
Page 63: Verifying Installation
Figure 4-19 Connect fiber cables Step4 After power-on, check the SFP LED. For the status of the SFP LED, refer to the table describing the behaviors of the LEDs on NSQ1GT8C40 in Chapter 1 “Firewall Overview.” Upon the connection of an XFP transceiver, you need to check the XFP LED. For details, refer to the table describing the behaviors of the LEDs on NSQ1XP20 in Chapter 1 “Firewall Overview.”...
Page 64 The firewall is correctly connected to other devices, such as the configuration terminal. It is very important to verify the installation because instability and poor grounding of the firewall and an unmatched power supply will affect the operation of the firewall. 4-19...
Page 65 Table of Contents 5 Starting and Configuring the Firewall ·····································································································5-1 Setting up a Configuration Environment ·································································································5-1 Connecting the Firewall to a Configuration Terminal ······································································5-1 Setting the Parameters for the Configuration Terminal···································································5-1 Firewall Power-on ···································································································································5-4 Checklist for Firewall Power-on·······································································································5-4 Powering on the Firewall ·················································································································5-5 Checklist/Operations after Power-on·······························································································5-5 Startup Process·······································································································································5-5 Configuration Fundamentals···················································································································5-6...
Page 66: Starting And Configuring The Firewall
Starting and Configuring the Firewall You can only use the console port to make initial configuration of the firewall. Setting up a Configuration Environment Connecting the Firewall to a Configuration Terminal For the connection of the firewall to the configuration terminal, refer to “Connecting the Console Cable” in Chapter 4 “Installing the Firewall”.
Page 67 Figure 5-2 Select a port for local configuration connection Step3 Set serial port parameters Figure 5-3 Set serial port parameters Set the properties of the serial port in the COM1 Properties dialog box, as shown in Table 5-1.
Page 68 Table 5-1 Set serial port parameters Item Value Bits per second 9600 bps (default) Data bits Parity None Stop bits Flow control None In case SecureCRT is used to configure the F5000-A5 firewall, flow control of the serial port must be set to Xon/Xoff;...
Page 69: Firewall Power-On
Figure 5-5 Set HyperTerminal properties Firewall Power-on Checklist for Firewall Power-on Before powering on the firewall, check that: The power cord and ground cable are correctly connected. The voltage of the power source conforms to voltage requirements of the firewall. The console cable is correctly connected.
Page 70: Powering On The Firewall
Powering on the Firewall Turn on the power source. Turn on the power switch on the power module of the firewall. Checklist/Operations after Power-on After powering on the firewall, check that: The LEDs on the MPU are normal. For the status of the LEDs, refer to “Table 1-2 Description of the device state LEDs”...
Page 71: Configuration Fundamentals
Press Ctrl+B at this prompt to enter the extended Boot menu; otherwise, the system starts to read and decompress the application program. To enter the extended Boot menu, press Ctrl+B within four seconds as the system displays “Press Ctrl+B to enter extended boot menu”. Otherwise, the system reads and decompresses the application program.
Page 72: Command Line Interface
Step7 Perform reliability configuration for the firewall if necessary. For the configuration details of the protocols or functions of the firewall, refer to H3C SecPath Series Security Products User Manual. Command Line Interface Features of the Command Line Interface The command line interface (CLI) of the firewall enables you to configure, manage, and maintain the firewall.
Page 73 Table of Contents 6 Maintaining Software·································································································································6-1 Overview ·················································································································································6-1 Files ·················································································································································6-1 BootWare Program File ···················································································································6-1 Application Files ······························································································································6-1 Configuration Files···························································································································6-2 Software Maintenance Methods······································································································6-3 BootWare Menu ······································································································································6-5 Main Menu·······································································································································6-5 Serial Submenu ·······························································································································6-7 Ethernet Submenu···························································································································6-8 File Control Submenu······················································································································6-9 BootWare Operation Submenu ·······································································································6-9 Storage Device Operation Submenu·····························································································6-10 Upgrading BootWare and Applications Through a Serial Port······························································6-10 Introduction to Xmodem ················································································································6-10 Modifying Serial Port Parameters··································································································6-11...
Page 74: Maintaining Software
Maintaining Software Overview Files Three types of files need to be managed on the firewall: BootWare program file Application file Configuration file BootWare Program File The BootWare program file is used for booting the application program when the firewall starts and is stored in the flash memory.
Page 75: Configuration Files
Note that: An application file with the attribute of M, B, or S can be used for system startup, but one with an attribute of N/A (that is, an application file without a specific attribute assigned to it) cannot. You can modify the names of application files at the CLI after the application program is started. You can modify the attributes of application files on the BootWare menu or the CLI after the application program is started.
Page 76: Software Maintenance Methods
Uses the default configuration file (if any) to initialize the configuration. The default configuration file is startup.cfg. Note that you can use the startup saved-configuration cfgfile command to define the configuration file to be used at the next system boot. Uses the default settings if the default configuration file does not exist.
Page 77 The BootWare program is upgraded together with the Comware application program. You do not need to upgrade the BootWare program separately. After you upgrade the Comware application program to the latest version and restart the device, the system checks whether the current BootWare version is consistent with the one in the host application.
Page 78: Bootware Menu
BootWare Menu Main Menu When the firewall is powered on, it first runs the basic segment and then the extended segment of BootWare. The following information is displayed on the configuration terminal: System start booting... Booting Normal Extend BootWare..************************************************************************* H3C SecPath F5000-A BootWare, Version 1.00 ************************************************************************* Copyright (c) 2004-2008 Hangzhou H3C Technologies Co., Ltd.
Page 79 To enter the extended BootWare menu, press Ctrl+B within four seconds after the system displays “Press Ctrl+B to enter extended boot menu”. Otherwise, the system reads and decompresses the main application file. If you want to enter the extended BootWare menu after the system starts main application file decompression, you need to restart the firewall.
Page 80: Serial Submenu
Table 6-1 BootWare main menu Menu item Description <1> Boot System Load and boot system applications from a CF card. Enter the serial port submenu. <2> Enter Serial SubMenu For detailed description of this submenu, refer to “Serial Submenu“ on page 6-7. Enter the Ethernet submenu.
Page 81: Ethernet Submenu
|Note:the operating device is cfa0 | <1> Download Application Program To SDRAM And Run | <2> Update Main Application File | <3> Update Backup Application File | <4> Update Secure Application File | <5> Modify Serial Interface Parameter | <0> Exit To Main Menu ====================================================================== Enter your choice(0-5): Items on this submenu are described in Table 6-2.
Page 82: File Control Submenu
Menu item Description <3> Update Backup Application File Upgrade the backup application file <4> Update Secure Application File Upgrade the secure application file <5> Modify Ethernet Parameter Modify Ethernet interface parameters <0> Exit To Main Menu Return to the main menu File Control Submenu Select 4 on the main menu to enter the file control submenu, where you can view, modify, or delete application files.
Page 83: Storage Device Operation Submenu
Table 6-5 BootWare operation submenu Menu item Description <1> Backup Full BootWare Back up the entire BootWare. <2> Restore Full BootWare Restore the entire BootWare. <3> Update BootWare By Serial Upgrade BootWare through a serial port. <4> Update BootWare By Ethernet Upgrade BootWare through an Ethernet interface.
Page 84: Modifying Serial Port Parameters
If the check fails, the receiving program sends a negative acknowledgement character and the sending program retransmits the packet. Modifying Serial Port Parameters In actual applications, you may need to make the serial port baud rate higher to reduce upgrading time or make it lower to guarantee transmission reliability.
Page 85 Figure 6-3 Modify the baud rate on the terminal Step5 Select Call > Call to establish a new connection. Figure 6-4 Establish a new connection Step6 Press Enter on the console terminal. The system displays the current baud rate and returns to the previous menu.
Page 86: Upgrading An Application
Upgrading an Application The application upgrading on a serial port is implemented on the serial submenu. Step1 Select 2 on the main menu to enter the serial submenu. For details about this submenu, refer to “Serial Submenu” on page 6-7. The following example shows how to upgrade the main application file main.bin: To accelerate the upgrading speed, you can modify the serial port baud rate before upgrading the main application file.
Page 87: Upgrading Bootware
Download successfully! 14092032 bytes downloaded! The system then prompts you to enter the target file name. Input the File Name: Step5 Input the file name. If the file name is different from that of any existing file in the storage medium, the application file is saved using the specified file name, for example, Input the File Name:main.bin Updating File cfa0:/main.bin..
Page 88 |<3> Update Basic BootWare |<4> Modify Serial Interface Parameter |<0> Exit To Main Menu ===================================================================== Enter your choice(0-4): To accelerate the upgrade speed, you need to modify the serial port baud rate. Step4 Select 4 to modify the serial baud rate to 115200 bps. To ensure communication between the device and the terminal, you need to make the baud rate of the terminal consistent with that of the serial port.
Page 89: Upgrading Bootware And Applications Using Tftp
After the application file is downloaded, the following information appears on terminal interface, indicating a successful upgrade. Download successfully! 14092032 bytes downloaded! Updating Basic BootWare? [Y/N] Step8 Upgrade the BootWare. If you enter N, the system displays: Not update the Basic! Updating Extend BootWare? [Y/N] The system stops upgrading the basic segment and asks you whether to upgrade the extended segment or not.
Page 90: Upgrading An Application Using Tftp On The Bootware Menu
The firewall can serve as the TFTP client. The filer server serves as the TFTP server. You can upload/download the application file on the firewall to/from the file server. There are two approaches to upgrading BootWare and application files using TFTP: On the BootWare menu At the CLI Upgrading an Application Using TFTP on the BootWare Menu...
Page 91 The TFTP server is not provided with the device. You need to purchase and install it. You can upgrade applications and the BootWare through the console port or the management Ethernet port. Configure Ethernet port parameters on the BootWare menu. Enter the main menu and select 3 to enter the Ethernet submenu.
Page 92 Item Description Name of the target file after the file is downloaded to the firewall. The extension of the target file needs to be the same as that of the download file. Target File Name Note that: The first “main.bin“ is the previous file name automatically remembered in the system.
Page 93: Upgrading And Backing Up An Application Using Tftp At The Cli
Upgrading and Backing Up an Application Using TFTP at the CLI Set up a TFTP upgrading environment The firewall serves as the TFTP client and the PC serves as the TFTP server. For the procedures of setting up a upgrading environment, refer to “Upgrading an Application Using TFTP on the BootWare Menu”.
Page 94 The file main.bin exists. Overwrite it? [Y/N]:y Verifying server file... Deleting the old file, please wait... File will be transferred in binary mode Downloading file from remote TFTP server, please wait...| TFTP: 14092032 bytes received in 907 second(s) File downloaded successfully. When you download an application file, if a file with the same name exists on the firewall, the system asks you whether to overwrite the existing file on your device.
Page 95: Upgrading Bootware And Applications Using Ftp
Table 6-9 Command output description for upgrading and backing up an application file Field Description Download the file to be upgraded from the tftp 192.168.80.200 get main.bin main.bin server. Whether to overwrite the existing file with the The file main.bin exists. Overwrite it? [Y/N]: same name.
Page 96 Figure 6-10 Set up an FTP upgrading environment The firewall serves as the FTP client and the PC serves as the FTP server. Connect the management Ethernet port on the firewall to the PC using a crossover Ethernet cable. Ensure the connectivity between the firewall and the PC. In this example, configure the IP address of the management Ethernet port as 192.168.80.10 while that of the PC as 192.168.80.200.
Page 97: Upgrading And Backing Up An Application Using Ftp At The Cli
123456. Log into the FTP server. <H3C>ftp 192.168.80.200 Trying 192.168.80.200 ... Press CTRL+K to abort Connected to 192.168.80.200. 220 3Com 3CDaemon FTP Server Version 2.0 User(192.168.80.200:(none)):guest 331 User name ok, need password Password: 230 User logged in [ftp] After you log into the server, you can update and backup an application file using the CLI.
Page 98 When you download an application file, if a file with the same name exists on the firewall, the system asks you whether to overwrite the existing file on your device. You need to enter Y for confirmation. For details about the get command, refer to H3C SecPath Series Security Products User Manual. You can upgrade a configuration file in the way you upgrade an application file.
Page 99 Field Description [ftp]quit Quit FTP client view. 221 Service closing control connection Close the service control connection. Firewall serving as the FTP client and PC serving as the FTP server Set up an FTP upgrading environment. Figure 6-11 Set up an FTP upgrading environment Router FTP Server Ethernet...
Page 100 Enable FTP server on the firewall. # Enable FTP server. [H3C] ftp server enable # Add FTP username and password. [H3C] local-user guest New local user added. [H3C-luser- guest] service-type ftp [H3C-luser- guest] password simple 123456 [H3C-luser-guest] authorization-attribute level 3 Table 6-12 Output description Field Description...
Page 101 Table 6-13 Output description Field Description C:\Documents and Enable the FTP client program on the PC. Settings\Administrator>ftp ftp> open 192.168.80.10 In FTP client view, log into the IPv4 FTP server. User (192.168.80.10:(none)) Input the username configured on the FTP server. 331 Password required for guest Input the password.
Page 102: Maintaining Application And Configuration Files
When you download an application file, if the file name already exists on the server, the system overwrites the existing file without any prompt. For details about the get command, refer to H3C SecPath Series Security Products User Manual. You can backup a configuration file in the way you backup an application file. Table 6-14 Command output description for enabling FTP server Field Description...
Page 103: Setting Application Files Attributes
Displaying all files at the CLI <H3C>dir Directory of cfa0:/ drw- Nov 28 2000 04:09:30 logfile -rw- 24802996 Nov 04 2007 17:03:26 F5000-A5.bin -rw- 1355 Nov 04 2007 17:22:12 startup.cfg -rw- 24802996 Nov 13 2037 13:21:20 main.bin 505480 KB total (456576 KB free) File system type of cfa0: FAT16 Table 6-15 Output description Field...
Page 104 |<1> +Main |<2> -Main |<3> +Backup |<4> -Backup |<0> Exit ====================================================================== Enter your choice(0-4): You can set the file attribute to M (main) or B (backup), or cancel the setting. For details about attributes, refer to “Overview” on page 6-1. In the example, 1 is selected and the system changes the attribute of the file main.bin from B to M + B.
Page 105: Deleting A File
Deleting a File Deleting a file on the BootWare menu Step1 Select 3 from the file control submenu. The following information appears: Deleting the file in cfa0: 'M' = MAIN 'B' = BACKUP 'S' = SECURE 'N/A' = NOT ASSIGNED ====================================================================== |NO.
Page 106: Dealing With Password Loss
For details about the delete and undelete commands, refer to H3C SecPath Series Security Products User Manual. Dealing with Password Loss When the BootWare password, user password or super password is lost, resort to the following methods: BootWare Password Loss Contact your local sales agent to set a new password in the event of BootWare password loss.
Page 107: Dealing With User Password Loss
The BootWare password you entered is displayed in the form of asterisks. The BootWare password can contain up to 32 characters. If you enter more than 32 characters to set the BootWare password, the system will automatically use the first 32 characters. Dealing With User Password Loss If you lose your password, you cannot enter the system.
Page 108: Dealing With Super Password Loss
Execute the save command after modifying the user password to save the new password. You are recommended to save the modification to the configuration file used by default. Dealing With Super Password Loss The super password enables you to switch between four super levels. In the case of super password loss, you cannot perform higher level operations.
Page 109: Backing Up The Entire Bootware
Backing Up the Entire BootWare To backup the entire BootWare, you need to backup the basic segment and then the extended segment of the BootWare. Step1 Select 1 on the BootWare operation submenu. The system displays: Will you backup the Basic BootWare? [Y/N] Step2 Enter Y.
Page 110 Table of Contents 7 Maintaining Hardware ·······························································································································7-1 Preparing Tools·······································································································································7-1 Precautions ·············································································································································7-1 Structure of the Firewall ··························································································································7-1 Installing and Removing an MPU············································································································7-3 Structure of an MPU ························································································································7-3 Installing an MPU ····························································································································7-3 Removing an MPU ··························································································································7-4 Installing and Removing an LPU·············································································································7-5 Structure of LPUs ····························································································································7-5 Installing an LPU ·····························································································································7-7 Removing an LPU ···························································································································7-8 Installing and Removing a Blank Panel ··································································································7-9...
Page 111: Preparing Tools
Maintaining Hardware Preparing Tools Phillips screwdrivers: P1-100mm, P2-150mm, P3-250mm Flat-blade screwdrivers: P4-75mm ESD-preventive wrist straps, ESD-preventive gloves Antistatic bags, antistatic pads Except an ESD-preventive wrist strap, none of the above installation tools are shipped with the device. Precautions Maintain the firewall hardware under the guidance of the local dealer or technical support engineers appointed by H3C.
Page 112 Figure 7-1 F5000-A5 structure (15) (14) (13) (12) (11) (10) (1) Left mounting bracket (2) MPU (3) Right mounting bracket (4) Chassis handle (5) Weight-bearing warning label (50 kg/110.2 lb.) (6) Fan tray (8) Blank panel for PoE power module (7) AC power module (PWR1) (reserved PoE slot) (9) Blank panel for DC power module (PWR2)
Page 113: Installing And Removing An Mpu
Installing and Removing an MPU Structure of an MPU Figure 7-2 Interior structure of the MPU (1) Guide pin (2) Left release latch (3) CPU heatsink (4) Memory module and slot (5) Built-in CF card (6) Right release latch (7) Bus connector (8) Power connector (9) RESET button (10) External CF card LED (CF)
Page 114: Removing An Mpu
Figure 7-3 Insert the MPU into the slot Step4 Fasten the captive screws by turning them clockwise with a Philips screwdriver. Figure 7-4 Fasten the captive screws Step5 Turn on the power switch of the firewall if the firewall is powered off. Step6 After the MPU is powered on, the RUN LED (green) flashes fast (8 Hz).
Page 115: Installing And Removing An Lpu
Figure 7-5 Loosen the captive screws Step3 Pull the two ejector levers at both ends of the MPU outward to release the MPU, and then gently pull the MPU out along the slide rails. Figure 7-6 Pull out the MPU To protect the removed MPU, place it in an antistatic bag.
Page 116 Figure 7-7 NSQ1GT8C40 (1) CPU heatsink (2) Positioning hole (3) Left release latch (4) Memory module and slot (5) Bus connector (6) Right release latch (7) Bus connector (8) Power connector (9) Run LED (RUN) (10) LED for SFP interface 11 (SFP11) (11) LED for SFP interface 10 (SFP10) (12) SFP interface 11 (13) SFP interface 10...
Page 117: Installing An Lpu
Installing an LPU NSQ1GT8C40 and NSQ1XP20 are installed in the same way. NSQ1GT8C40 is taken as an example here. Follow these steps to install the LPU: Step1 Face the front panel of the firewall. Step2 Locate the slot where you will install the LPU (slot 1 through slot 4), and remove the blank panel from the position.
Page 118: Removing An Lpu
If there is a great resistance when you push an LPU into a slot, first remove the blank panels above and below the slot, then install the LPU, and finally install the removed blank panels to prevent dust from entering the chassis. Do not insert or remove an LPU when the RUN LED on the LPU is blinking fast.
Page 119: Installing And Removing A Blank Panel
Figure 7-12 Pull out the LPU To protect the removed LPU, place it in an antistatic bag. If you do not install a new LPU in the slot, install a blank panel to prevent dust from entering the chassis. For how to install a blank panel, refer to “Installing and Removing a Blank Panel” on page 7-9.
Page 120: Removing A Blank Panel
Figure 7-13 Blank panel for an MPU/LPU slot (1) Front view (2) Side view (3) Oblique rear view (4) EMI gasket The MPU and LPU slots use the same type of blank panels. Figure 7-14 Blank panel for a power module slot (1) Front view (2) Side view (3) Oblique rear view...
Page 121: Installing A Blank Panel
Step1 Face the front panel of the firewall. Step2 Locate the blank panel to be removed, loosen the two captive screws by turning them counterclockwise with a Philips screwdriver. Then, remove the blank panel. Figure 7-15 Remove a blank panel from an LPU slot Place the removed blank panels and screws in a safe place for later use.
Page 122: Installing And Removing A Power Module
Position the blank panel so that the side with EMI gaskets faces upward; otherwise you cannot fasten the captive screws. Installing and Removing a Power Module The device supports both AC and DC power modules. This section describes how to install and remove an AC power module.
Page 123: Installing A Power Module
Installing a Power Module The following describe how to install an AC power module. You can install a DC power module in a similar way. Step1 Face the front panel of the firewall. Step2 Locate the slot where the power module is to be installed, insert the power module into the slot, and gently push the power module in along the slide rails.
Page 124 Step1 Face the front panel of the firewall. Step2 Locate the power module to be removed, and loosen the captive screws on the power module by turning them counterclockwise with a Philips screwdriver. Figure 7-21 Loosen the captive screws Step3 Gently pull the power module out along the slide rails. Figure 7-22 Pull out the power module To protect the removed power module, place it in an antistatic bag.
Page 125: Installing And Removing A Fan Tray
Installing and Removing a Fan Tray Fan Tray Structure Figure 7-23 Fan tray structure (1) Run LED (RUN) (2) Alarm LED (ALM) (3) Handle (4) Fan (5) CAUTION sign (6) Captive screw Installing a Fan Tray Follow these steps to install a fan tray: Step1 Face the front panel of the firewall.
Page 126: Removing A Fan Tray
Step4 Fasten the captive screws by turning them clockwise with a Philips screwdriver. Figure 7-25 Fasten the captive screws Step5 Turn on the power switch of the firewall if the firewall is powered off. The fan LED RUN (green) lights up, indicating the fans run normally.
Page 127 Figure 7-26 Loosen the captive screws Step3 Gently pull the fan tray out along the slide rails. Figure 7-27 Take out the fan tray Do not keep the firewall working without a fan tray for a long time because poor ventilation may result in damage to the firewall.
Page 128: Inserting And Removing A Cf Card
Inserting and Removing a CF Card CF Card and Slot Figure 7-28 CF card and slot (1) Eject button (2) CF card slot (3) CF LED Installing a CF Card Follow these steps to install a CF card: Step1 Check whether the CF card LED is blinking. If yes, the system is accessing the CF card. Proceed with the next step after the LED stops blinking.
Page 129: Installing And Removing A Memory Module
Figure 7-30 Eject the CF card Step3 Press the eject button again to eject the CF card part-way out of the slot, and then pull the card out of the slot. Figure 7-31 Press the eject button to eject the CF card Do not insert or remove the CF card when the firewall is booting or the LED is blinking to avoid hardware damage.
Page 130 You may need to replace a memory module or expand memory in the following situations: More memory is needed to upgrade the application program. The firewall needs to maintain a large routing table or support memory-demanding operations. The memory module is damaged. Use the memory modules provided by Hangzhou H3C Technologies Co., Ltd.
Page 131: Memory Module Structure
Memory Module Structure Figure 7-33 Memory module structure (1) Connector edge (2) Polarization notch (3) Latch notch Memory Module Slot Figure 7-34 Memory module slot (1) Left release latch (2) Memory module slot (3) Right release latch Removing a Memory Module Follow these steps to remove a memory module: Step1 Locate the card (MPU or LPU) to which you will install a memory module and put the card on a flat worktable.
Page 132: Installing A Memory Module
Figure 7-35 Remove a memory module Do not touch the surface-mounted components of the memory module directly with your hands. Hold the memory module only by its non-conductive edge. Because a memory module is vulnerable to ESD, improper operation may cause damage to it. Do not use too much force in the operation.
Page 133: Installing And Removing An Air Filter
Do not touch the surface-mounted components of the memory module directly with your hands. Hold the memory module only by its non-conductive edge. Because a memory module is vulnerable to ESD, improper operation may damage it. Installing and Removing an Air Filter An air filter is an optional accessory.
Page 134 Figure 7-37 Install the air filter slide rails Step6 Gently push the air filter along the slide rails until it is seated in position. Figure 7-38 Insert the air filter Step7 Fasten the captive screws by turning them clockwise with a Philips screwdriver. 7-24...
Page 135: Removing An Air Filter
Figure 7-39 Fasten the captive screws Removing an Air Filter To remove an air filter, reverse the installation procedure. Step1 Face the left side of the chassis, where the air filter is to be removed. Step2 Loosen the captive screws one by one by turning them counterclockwise with a Philips screwdriver. Figure 7-40 Loosen the captive screws Step3 Gently pull out the air filter along the slide rails.
Page 136 Figure 7-41 Pull out the air filter Keep the removed air filter and fastening screws in a safe place for future use. You can clean the air filter with water, but wait until it is completely dry before installing it again. 7-26...
Page 137 Table of Contents 8 Troubleshooting ········································································································································8-1 Troubleshooting MPU ·····························································································································8-1 Symptom 1 ······································································································································8-1 Symptom 2 ······································································································································8-1 Symptom 3 ······································································································································8-2 Troubleshooting LPUs·····························································································································8-2 Symptom 1 ······································································································································8-2 Symptom 2 ······································································································································8-2 Troubleshooting the Power System ········································································································8-3 Symptom 1 ······································································································································8-3 Symptom 2 ······································································································································8-3 Troubleshooting Fans ·····························································································································8-3 Symptom 1 ······································································································································8-3 Symptom 2 ······································································································································8-4 Troubleshooting the Configuration System·····························································································8-4...
Page 138: Troubleshooting
Troubleshooting The barcode stuck on the firewall chassis contains information about production and servicing. Before you return a faulty firewall for servicing, please provide the barcode information of the firewall to your local sales agent. Troubleshooting MPU Symptom 1 Symptom The RUN LED is off, which indicates the MPU is powered off or faulty.
Page 139: Symptom 3
Symptom 3 Symptom The ALM LED is solid on or blinking, which indicates that the firewall is faulty. For example, the ALM LED is on when the CPU is overheated. The system gives the following message: %Jun 25 14:38:45:444 2007 H3C DRVMSG/3/TempCritical: CPU temperature critical in Slot 3, index is 1.
Page 140: Troubleshooting The Power System
Troubleshooting the Power System Symptom 1 Symptom The firewall cannot be powered on. The power LED on the front panel is off. Solution Check that: The power switch of the firewall is turned on. The power cord is properly and firmly connected. The power source of the firewall is turned on.
Page 141: Symptom 2
Symptom 2 Symptom When the firewall is running, the ALM LED turns red and the following information appears: %Jul 5 14:59:03:878 2007 H3C DRVMSG/3/FanPlugIn:Fan 1 Plug In. %Jul 5 14:59:03:879 2007 H3C DRVMSG/3/FanErr:Fan 1 Error. #Jul 5 14:59:03:998 2007 H3C DEV/1/FAN STATE CHANGES TO FAILURE: Trap 1.3.6.1.4.1.2011.2.23.1.12.1.6<fanfailure>: fan ID is 1 %Jul 5 14:59:03:998 2007 H3C DEV/4/FAN FAILED:...
Page 142: Serial Port Response Failure
Solution If the “Data bits” field is set to 5 or 6 in the emulation grogram, illegible characters appear on the screen. Set this field to the default value 8. Check that the current baud setting is 9600 bps. An incorrect baud setting can cause illegible characters.
Page 143: Password Loss
Password Loss If you have lost the BootWare password, user password, or super password, refer to the section talking about dealing with password loss in Chapter 6 “Maintaining Software.” Troubleshooting the Cooling System Symptom When the temperature inside the firewall exceeds 75°C (167°F), the following information appears on the configuration terminal screen: %May 14 21:37:35:271 2007 H3C DRVMSG/3/Temp2High: Environment temperature too high in Slot 0, index is 2.
Page 144: Troubleshooting Application Upgrade
If the temperature inside the firewall exceeds 90°C (194°F) while the fans are working normally and environment is well ventilated, contact your local sales agent. For more information about the display environment command, refer to H3C SecPath Series Security Products User Manual. Troubleshooting Application Upgrade Response Failure of the MPU Serial Port Symptom...
Page 145: Troubleshooting Ftp Upgrading
Solution For symptom 1: Delete some files in the CF card or use a new CF card so that enough space is available for the application program. For symptom 2: Type the correct file name. For Symptom 3: Configure the network port correctly. Make sure the network port is up and you can successfully ping the TFTP server through the network port.
Page 146: Troubleshooting Application File Missing Errors
Troubleshooting Application File Missing Errors Symptom When none of the main, backup, and secure application files exists, the system gives the following message in the startup stage: BootWare Validating... Application program does not exist. Please input BootWare password: If you select 1 on the BootWare menu, the system displays the following information: Starting to get the main application file--cfa0:/main.bin! The main application file does not exist--cfa0:/main.bin! Starting to get the backup application file--cfa0:/backup.bin!
Page 147 Table of Contents Appendix A Regulatory Compliance Information ···················································································· A-1 Regulatory compliance standards·········································································································· A-1 European Directives compliance ··········································································································· A-1 LVD/EMC Directive························································································································· A-1 R&TTE Directive····························································································································· A-2 WEEE Directive–2002/96/EC········································································································· A-3 USA regulatory compliance ··················································································································· A-3 FCC Part 15···································································································································· A-3 FDA················································································································································· A-4 California Code of Regulations······································································································· A-4 Canada regulatory compliance ··············································································································...
Page 148: Appendix A Regulatory Compliance Information
Appendix A Regulatory Compliance Information Regulatory compliance standards Table A-1 Regulatory compliance standards Discipline Standards FCC Part 15 (CFR 47) CLASS A ICES-003 CLASS A VCCI-3 CLASS A VCCI-4 CLASS A CISPR 22 CLASS A EN 55022 CLASS A AS/NZS CISPR22 CLASS A CISPR 24 EN 55024 EN 61000-3-2...
Page 149: R&Tte Directive
R&TTE Directive This product complies with the European Directive 1999/5/EC R&TTE declaration statements: H3C Coporation tímto prohlašuje, že tento Router je ve shodě se základními Česky [Czech] požadavky a dalšími příslušnými ustanoveními směrnice 1999/5/ES. Undertegnede H3C Corporation erklærer herved, at følgende udstyr Router Dansk [Danish] overholder de væsentlige krav og øvrige relevante krav i direktiv 1999/5/EF.
Page 150: Weee Directive-2002/96/Ec
Português H3C Corporation declara que este Router está conforme com os requisitos [Portuguese] essenciais e outras disposições da Directiva 1999/5/CE. Slovensko H3C Corporation izjavlja, da je ta Router v skladu z bistvenimi zahtevami in [Slovenian] ostalimi relevantnimi določili direktive 1999/5/ES. Slovensky H3C Corporation týmto vyhlasuje, že Router spĺňa základné...
Page 151: California Code Of Regulations
This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications.
Page 152: Appendix B Safety Information Sicherheits Informationen安全信息
Appendix B Safety Information Sicherheits informationen 安全信息 Overview Überblick 概述 This section introduces part of the safety precautions that should be followed during the installation and maintenance of the equipment. And for the safety statements and warnings, there followed the translations of both German and Chinese to comply with the national requirements.
Page 153: Conventions Used Symbole Erläuterung应用惯例
Lesen Sie bitte alle Arbeitsanweisungen und Sicherheitvorschriften sorgfältig durch, bevor Sie mit dem Arbeiten beginnen. Nur durch Beachtung dieser Hinweise lässt sich das Unfallrisiko minimieren. Die in anderen Handbüchern aufgeführten Symbole Anmerkung, Achtung, Warnung und Gefahr beinhalten nicht alle zu beachtenden Sicherheitvorschriften. Sie dienen lediglich der Ergänzung. Deshalb muss sich das für die Installation und Instandhaltung der Ausrüstung verantwortliche Personal mit allen Sicherheitshinweise vertraut machen.
Page 154: General Requirements Allgemeine Anforderungen通用要求
Table B-1 Safety symbol and description Sicherheitssymbole und Beschreibung 安全标识和描述 Safety Symbol Description Symbole Erläuterung 安全标识描述 Generic alarm symbol: To suggest a general safety concern Alarm: Hinweis auf ein generelles Sicherheitsproblem 一般注意标识：用于一般安全提示 ESD protection symbol: To suggest electrostatic-sensitive equipment. ESD-Schutz: Hinweis auf Beschädigung infolge elektrostatischer Entladung 防静电标识：用于表示静电敏感的设备...
Page 155: Electricity Safety Elektrische Sicherheit 用电安全
The unit/system must be connected to the protection ground before operation permanently. And the cross-section of protective earthing conductor shall be at least 2.5mm Das System muss vor der ständigen Inbetriebnahme geerdet werden. Der Querschnitt der Erdverbindung sollte mindestens 2.5mm betragen.
Page 156: Power Cable Zuleitung电缆
当有液体进入机架或机架有损坏时，请立即切断电源。 When operation is performed in a damp environment, make sure that water is kept off the equipment. Muss in einem feuchten Umgebung gearbeitet werden, ist sicherzustellen, dass kein Wasser in die Ausrüstung dringen kann. 在潮湿环境下进行安装时，请避免液体进入设备。 Non-standard and improper high voltage operations may result in fire and electric shock. Therefore, AC cable bridging and wiring through a certain area must follow the local rules and regulations.
Page 157 Das Entfernen und Anbringen von Zuleitungen ist strengstens verboten. Kurzschlüsse zwischen innerem und äußerem Leiter können Lichtbögen oder Funkenflug verursachen, was zu Feuer oder einer Augenverletzung führen kann. 禁止安装和移动带电的线缆。因为导电体和带电的线缆，即使短暂接触，也会引起电火花或电弧，从而导致失火或是伤害眼睛。 Before the power cable is installed or removed, the power switch must be turned off. Das System muss stets abgeschaltet werden, bevor die Zuleitung angebracht oder entfernt wird.
Page 158: Thunderstorm Gewitter 防雷击
Thunderstorm Gewitter 防雷击 High voltage and AC operations or operations on a steel tower and a mast on a thunderstorm day are prohibited. In order to prevent the equipment from being damaged by lightning, proper grounding is required. Arbeiten mit Hochspannung und Wechselstrom oder Arbeiten auf Stahltürmen und masten während eines Gewitters sind verboten.

This manual is also suitable for:

Secpath f5000-a5 H3c secpath f5000-a5 advanced vpn firewall host system

3Com H3C SECPATH F5000-A5 ADVANCED VPN FIREWALL 12-PORT GIGABIT ETHERNET MODULE Installation Manual

Table of Contents

Arranging Slots Ands Numbering Interfaces

Item Requirements Installation Tools User Supplied Tools Documents Shipped with the Firewall Reference Electronic Documents

Starting and Configuring the Firewall

Maintaining Software

Maintaining Hardware

Troubleshooting

Appendix A Regulatory Compliance Information/Appendix B Safety Information Sicherheits Informationen安全信息

Appendix A Regulatory Compliance Information

Appendix B Safety Information Sicherheits Informationen安全信息

Quick Links

Chapters

Troubleshooting

Need help?

Questions and answers

Related Manuals for 3Com H3C SECPATH F5000-A5 ADVANCED VPN FIREWALL 12-PORT GIGABIT ETHERNET MODULE

Summary of Contents for 3Com H3C SECPATH F5000-A5 ADVANCED VPN FIREWALL 12-PORT GIGABIT ETHERNET MODULE

This manual is also suitable for:

Table of Contents