Page 1 H3C SecPath U200 Series Unified Threat Management Products Installation Manual Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Manual Version: 5PW101-20090520...
Page 2 Copyright © 2009, Hangzhou H3C Technologies Co., Ltd. and its licensors All Rights Reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd. Trademarks H3C, , Aolynk,...
Page 3 About This Manual Organization H3C SecPath U200 Series Unified Threat Management Products Installation Manual is organized as follows: Chapter Contents Briefly introduces the product specifications, as well as the features 1 Product Overview and applications of the H3C SecPath U200 series UTM devices. Describes the interface cards and interface modules supported by 2 Interface Modules the H3C SecPath U200 series UTM devices.
Page 4 Convention Description Optional alternative items are grouped in square brackets and [ x | y | ... ] * separated by vertical bars. Many or none can be selected. The argument(s) before the ampersand (&) sign can be entered 1 to n &<1-n>...
Page 5 Documentation Feedback You can e-mail your comments about product documentation to info@h3c.com. We appreciate your comments. Environmental Protection This product has been designed to comply with the requirements on environmental protection. For the proper storage, use and disposal of this product, national laws and regulations must be observed.
Page 6: Table Of Contents
Table of Contents 1 Product Overview ······································································································································1-1 Introduction ·············································································································································1-1 Features ··········································································································································1-1 Physical Description································································································································1-2 U200-A ············································································································································1-2 U200-M············································································································································1-3 U200-S ············································································································································1-4 Technical Specifications··························································································································1-5 Processor and Storages ··················································································································1-5 Dimensions and Weight···················································································································1-5 Fixed Interfaces and Slots···············································································································1-6 Power Input ·····································································································································1-6 Operating Environment Specifications ····························································································1-6 Components············································································································································1-7 Processor and Storages ··················································································································1-7 Front Panel LEDs ····························································································································1-7 Fixed Interfaces ·······························································································································1-8 AC Power Input ·····························································································································1-14...
Page 7: Product Overview
Product Overview Introduction The H3C SecPath U200 Series Unified Threat Management Products are new-generation UTM devices designed for enterprise users. The U200 series comprises three models: U200-A: Designed for large- and medium-sized enterprise users U200-M: Designed for medium-sized enterprise users U200-S: Designed for small- and medium-sized enterprise users In addition to traditional firewall functions, the U200 series protect network security by providing a wide range of functions including virtual firewall, security zone, intrusion detection and protection, gateway...
Page 8: Physical Description
policy control. With security zones, security administrators can classify interfaces with different security requirements into different zones. This simplifies policy maintenance and separates network services and security services. Packet filtering: Applies standard or extended ACL rules between security zones to implement packet filtering based on UDP or TCP port information.
Page 9: U200
Rear view Figure 1-2 U200-A rear view (1) (2) (3) (1) Grounding screw and symbol (2) OPEN BOOK symbol (3) AC power switch (ON/OFF) (4) AC power socket (5) Slot 1 (with an NSQ1GT2UA0 module (6) Slot 2 (with an NSQ1GT2UA0 module installed) installed) The open book symbol is used to remind the operator to read the relevant chapters when performing...
Page 10 Rear view Figure 1-4 U200-M rear view (1) Grounding screw and symbol (2) OPEN BOOK symbol (3) AC power switch (ON/OFF) (4) AC power socket (5) Slot 1 (with an NSQ1GT2UA0 module installed) For detailed description of the OPEN BOOK symbol, refer to the note under Figure 1-2. U200-S Front view Figure 1-5 U200-S front view...
Page 11: Technical Specifications
Rear view Figure 1-6 U200-S rear view (1) AC power socket (2) Slot (with 2GE) (3) OPEN BOOK symbol (4) Grounding screw and sign For detailed description of the open book symbol, refer to the note under Figure 1-2. Technical Specifications Processor and Storages Table 1-1 Processor and storages of the U200 series Description...
Page 12: Fixed Interfaces And Slots
Fixed Interfaces and Slots Table 1-3 Interface (fixed) and slot specifications Description Item U200-A U200-M U200-S Console port 1 (9600 bps to 115200 bps, 9600 bps by default) 1 (host mode, reserved without software support) interface 6 (GE0 to GE5) 5 (GE0 to GE4) interfaces 10/100/1000 Mbps electrical interfaces, MDI/MDIX autosensing...
Page 13: Components
Components Processor and Storages Processor A U200 series device uses a multi-core microprocessor as its data forwarding and service processing engine. Flash A U200 series device uses a 32 MB flash for storing BootWare and APP. Memory The memory temporarily stores data for the running system and buffering data to be forwarded. By default, the U200-A and U200-M are equipped with a 1 GB memory while the U200-S has a 512 MB memory.
Page 14: Fixed Interfaces
Status Description The system is powered off or faulty. The interface module is operating normally as SYS (green) Slow blinking (at 1 Hz) configured. Fast blinking (at 8 Hz) Software is being loaded or the system is not working. The power module is not working or faulty. PWR (green) The power module is supplying power normally.
Page 15 Attribute Description Connection to an ASCII terminal Connection to the serial interface of a local PC to run the Services terminal emulation program Command line interface Console cable The console cable is an 8-core shielded cable. The RJ-45 connector at one end of the cable is for the console port on the UTM device, and the DB-9 female connector at the other end is for the serial port on a configuration terminal.
Page 16 LEDs in the upper corners to indicate its status. Table 1-10 Description of Ethernet interface LEDs Status Description No link is present. LINK A link is present. No data is being received or transmitted. Blinking Data is being received or transmitted. Specifications Table 1-11 Technical specifications of the Ethernet interfaces Item...
Page 17 When working in the forced mode, Ethernet does not support MDI/MDIX autosensing. Cable connecting electrical Ethernet interfaces Ethernet electrical interfaces usually use category-5 twisted pair cables. Ethernet cables fall into two categories: Standard cables: Also known as straight-through cables. At both ends of a standard cable, wires are crimped in the RJ-45 connectors in the same sequence.
Page 18 Category-5 RJ-45 Signal direction Signal direction RJ45 twisted pair — Blue — — White (Blue) — Green — White (Brown) — — Brown — You can refer to the tables above when trying to identify or preparing the two types of Ethernet cables.
Page 19 At present, the USB interface provided on a U200 series device is a reserved module without software support. Use the USB flash drives provided by H3C only, because the U200 series may be incompatible with other USB flash drives. Avoid removing the USB flash drive when its LED is flashing. Doing so may cause the file system on the drive to get corrupted.
Page 20: Ac Power Input
The CF card is hot-swappable. When the device is reading from or writing to the CF card or performing any other file system related operation, the CF card LED blinks. Do not unplug the CF card in this state because doing so can corrupt the file system in it. AC Power Input Table 1-14 lists the AC power specifications for the U200 series.
Page 21: Power Lightning Arrester (Optional)
For single-port use, maximum discharge current (8/20μs waveform): 5 kA, output voltage (10/700μs waveform): core-core < 40 V, core-ground < 600 V. For the installation of the port lightning arrester, refer to the “Installing a Port Lightning Arrester” section in Chapter 4 “Installing the U200 Series Device.” Power Lightning Arrester (Optional) Before connecting an outdoor AC power cable to the device directly, you can connect the AC power input to a lightning protection busbar to protect the device against lightning strikes.
Page 22: System Software
System Software The U200 series operate on the H3C Comware V5 or i-Ware software platform, integrating a rich set of security features including virtual firewall, attack prevention, load balancing, and P2P traffic management. Combining network and security technologies perfectly, the series can be deployed in various complex network environments to provide strong security protection.
Page 23 Table of Contents 2 Interface Cards and Interface Modules ···································································································2-1 2GE Module ············································································································································2-1 NSQ1GT2UA0 Module····························································································································2-3 NSQ1GP4U0 Module······························································································································2-4 NSQ1WLAN0 Module ·····························································································································2-6 Arranging Slots and Naming Interfaces ··································································································2-7 Slot Arrangement·····························································································································2-7 Naming Interfaces ···························································································································2-7 Examples·········································································································································2-7...
Page 24: Interface Cards And Interface Modules
Interface Cards and Interface Modules Currently, the U200 series do not support hot-swapping of interface modules. With the hot swapping feature, you can remove an interface module after stopping it with the remove slot number command and then replacing the interface module or plugging in a new interface module as needed without powering off the device.
Page 25 LEDs Table 2-1 Description of the LEDs on the front panel of the 2GE module Status Description No link is present. LINK A link is present. No data is being transmitted or received. Blinking Data is being transmitted or received. Interface specifications Table 2-2 Interface specifications of 2GE Item...
Page 26: Nsq1Gt2Ua0 Module
For how to connect the Ethernet cable, refer to the “Connecting an Ethernet cable for the 2GE module” section in Chapter 4 “Installing the U200 Series Device.” NSQ1GT2UA0 Module Introduction The NSQ1GT2UA0 module is a MIM high-speed Layer 3 Gigabit Ethernet interface module. The module provides two RJ-45 electrical interfaces that support the Layer-3 routing function.
Page 27: Nsq1Gp4U0 Module
NSQ1GP4U0 Module Introduction The NSQ1GP4U0 module is a high-speed Layer 3 Gigabit Ethernet interface module. The module provides four SFP optical interfaces that support the Layer-3 routing function. Each interface on the NSQ1GP4U0 module is available with an LED indicating its status. The NSQ1GP4U0 module is connected to the processor through a PCIE high-speed bus to provide all functions of a Layer-3 Ethernet interface with high performance.
Page 28 Item Specification Single-mode Multi-mode Single-mode Long haul Long haul Type ultra-long short haul medium haul (1310 nm) (1550 nm) Optical haul transmit power Min. –9.5 dBm –9 dBm –2 dBm –4 dBm –4 dBm Max. 0 dBm –3 dBm 5 dBm 1 dBm 2 dBm Receiving...
Page 29: Nsq1Wlan0 Module
For how to connect the interface cable for the NSQ1GP4U0 module, refer to “Connecting an optical fiber or Ethernet cable to the NSQ1GP4U0 module" in Chapter 4 “Installing the U200 Series Device.” NSQ1WLAN0 Module Introduction The NSQ1WLAN0 module is an 802.11a/b/g mini WLAN interface module that supports the Layer-3 routing function.
Page 30: Arranging Slots And Naming Interfaces
Figure 2-8 Omni antenna for the NSQ1WLAN0 module For how to connect the antenna for the NSQ1WLAN0 module, refer to “Connecting an antenna for the NSQ1WLAN0 module” in Chapter 4 “Installing the U200 Series Device.” Arranging Slots and Naming Interfaces Slot Arrangement The U200 series support interfaces such as console, AUX, Gigabit Ethernet, and WLAN interfaces.
Page 31 If an NSQ1WLAN0 module is installed on the U200-S, the WLAN interface on the module is named as follows: Wlan Radio 1/0...
Page 32 Table of Contents 3 Preparing for Installation ··························································································································3-1 Environment Requirements ····················································································································3-1 Ventilation Requirements ················································································································3-1 Temperature and Humidity Requirements ······················································································3-1 Cleanness Requirements ················································································································3-2 Electrostatic Discharge Prevention ·································································································3-2 Electromagnetic Interference Prevention ························································································3-3 Lightning Protection·························································································································3-4 Workbench Requirements ···············································································································3-4 Rack-Mounting Requirements·········································································································3-4 Safety Precautions ··································································································································3-4 Safety Signs ····································································································································3-4 General Safety Recommendations ·································································································3-5 Electricity Safety ······························································································································3-5...
Page 33: Preparing For Installation
Preparing for Installation Environment Requirements The U200 series are designed for indoor use. To ensure normal operation and prolong service life of the U200 series devices, the installation site must meet the requirements described in this chapter. Ventilation Requirements The fans of a U200 series device draw air in through the inlet vents on the left and out through the exhaust vents on the right.
Page 34: Cleanness Requirements
Cleanness Requirements Dust concentration limits Dust is hazardous to the operating safety of devices. Dust buildup on chassis may result in static absorption, causing poor contact of metal components or points. When indoor humidity is extremely low, this is more likely to happen, shortening the useful life of the devices and causing communication failures.
Page 35: Electromagnetic Interference Prevention
Hold a card, module, or circuit board by its edges when observing or moving it, avoiding direct contact with the components on it. Use of an ESD-preventive wrist strap Follow these steps to wear an ESD-preventive wrist strap: Step1 Put the ESD-preventive wrist strap around your wrist. Step2 Tighten the fastener to ensure good skin contact.
Page 36: Lightning Protection
Keep the device far away from radio stations, radar, and high-frequency devices working at high current. Use electromagnetic shielding when necessary. Lightning Protection By design, a U200 series device is lightning protective, but excessive lightning may still damage the device. To protect the device better, follow these guidelines: Ensure the PGND cable of the chassis is well grounded.
Page 37: General Safety Recommendations
Means the reader be extremely careful. Improper operation may cause device damage or bodily injury. Means the reader be careful. Improper operation may cause device malfunction. General Safety Recommendations Keep the device and installation tools away from walk area. Keep the device far away from a moist area and heat sources. Unplug all external cables before moving the device.
Page 38: Checklist Before Installation
Checklist Before Installation Before you proceed to install your device, check that all requirements listed in Table 3-4 are met and you are aware of all listed operation requirements. Table 3-4 Checklist before installation Item Requirements At least 10 cm (3.94 in.) of clearance is reserved around the inlet vents and exhaust vents for heat dissipation of the device chassis.
Page 39 Item Requirements Install the device in an open rack if possible. If you install the device in a closed cabinet, make sure that the cabinet has a good ventilation system. The rack is sturdy enough to support the weight of the Rack-mounting device and installation accessories.
Page 40 Table of Contents 4 Installing the UTM Device ·························································································································4-1 Preparations············································································································································4-1 Installation Flowchart ······························································································································4-1 Mounting a U200 Series Device ·············································································································4-1 Mounting a U200 Series Device on a Workbench ··········································································4-1 Rack-Mounting a U200 Series Device ····························································································4-2 Installing Generic Modules······················································································································4-4 PGND Cable Connection ························································································································4-4 Importance of PGND Cable Connection ·························································································4-4 Connecting the PGND Cable ··········································································································4-4 Installing a Port Lightning Arrester (Optional) ·························································································4-6...
Page 41: Installing The Utm Device
Installing the UTM Device Preparations Before installing the device, make sure that: You have read through Chapter 3 “Preparing for Installation.” All the requirements mentioned in Chapter 3 “Preparing for Installation” are satisfied. Installation Flowchart Figure 4-1 Installation flowchart Mounting a U200 Series Device You can mount a U200 series device on a workbench or in a rack.
Page 42: Rack-Mounting A U200 Series Device
Length and width of the workbench are larger than the distance between the feet of the device. See Table 4-1 for the dimensions of the U200 series devices. Table 4-1 Dimensions of the U200 series devices Description Item U200-A U200-M U200-S Dimensions without 44.2 ×...
Page 43 Figure 4-3 Rack-mounting brackets for the U200-A/U200-M (1) Left front rack-mounting bracket (2) Right front rack-mounting bracket Before mounting the device in a rack, attach the rack-mounting brackets securely to the left and right front sides of the device, the U200-S for example, as shown in Figure 4-4. Figure 4-4 Attach front rack-mounting brackets to the U200-S Mounting the device in a rack Follow these steps to mount the device in a rack:...
Page 44: Installing Generic Modules
Figure 4-5 Mount the device in the rack Installing Generic Modules Generic modules include CF card, mini interface cards and MIM modules. For their installation procedures, see Chapter 7 “Maintaining Hardware.” PGND Cable Connection Importance of PGND Cable Connection Correct connection of the protection ground (PGND) on the device chassis is an essential safeguard against lightning strikes and EMI.
Page 45 Figure 4-6 Connect the PGND cable (1) Grounding screw hole (2) OT terminal (3) Grounding screw (4) PGND cable (5) Grounding symbol Follow these steps to connect the PGND cable, taking the U200-S for example: Step1 Remove the grounding screw from the device chassis. Step2 Put the supplied OT terminal of the PGND cable on the grounding screw.
Page 46: Installing A Port Lightning Arrester (Optional)
Installing a Port Lightning Arrester (Optional) You need to install lightning arresters only for 10/100 Mbps RJ-45 Ethernet ports. The U200 series devices are not shipped with lightning arresters for ports in case of standard configuration. You can purchase one if needed. Before connecting an outdoor Ethernet cable to an Ethernet port, install a port lightning arrester to protect the device against lightning strikes.
Page 47: Precautions
Figure 4-8 Install a port lightning arrester Indoor Ethernet cables Outdoor Ethernet cable UTM device Port lightning arrester (stuck on the chassis) Grounding cable of the lightning arrester Rack Grounding screw of the device Power input Conversion cable Precautions To ensure the performance of a port lightning arrester, follow these guidelines: Correctly connect the IN and OUT ends of the port lightning arrester.
Page 48: Selecting And Installing A Signal Lightning Arrester (Optional)
Figure 4-9 Install a power lightning arrester When connecting a power lightning arrester, follow these guidelines: Make sure that the protection wire (PE) terminal of the power lightning arrester is well grounded before using it. After the AC power cord of the device is plugged into the multi-purpose socket of the power lightning arrester (or a socket on a lightning protection busbar), check that the green LED is on and the red LED is off to make sure that lightning protection can function normally.
Page 49: Connecting The Power Cable
Serially connected to a signal cable, a signal lightning arrester must satisfy the requirements of network performance indexes such as data transmission bandwidth, as well as the lightning protection performance requirement. Therefore, before installing a signal lightning arrester, you need to consider such performance indexes of the lightning arrester as lightning protection, bandwidth, transmission loss, and port type.
Page 50: Connecting The Ac Power Cord
Table 4-2 Technical specifications of the AC power socket Specification Item U200-A U200-M U200-S Rated voltage range 100 VAC to 240 VAC, 50 Hz or 60 Hz Maximum input current 1.5 A Maximum power 100 W 54 W Connecting the AC Power Cord AC power supply Rated voltage range: 100 VAC to 240 VAC, 50 Hz or 60 Hz.
Page 51: Connecting Interface Cables
Figure 4-12 Connect the AC power cord (1) AC power socket (100 VAC to 240 VAC, 50/60 Hz, 1.5 A) (2) AC power connector (3) AC power cord Connecting Interface Cables Connecting the Console Cable Follow these steps to connect the console cable: Step1 Select a configuration terminal.
Page 52: Connecting Ethernet Cables
When connecting a PC to the device with the console cable, first connect the DB-9 connector to the serial port on the PC, and then the RJ-45 connector to the console port on the device. Connecting Ethernet Cables Connecting an electrical Ethernet port Step1 Connect one end of an Ethernet cable to an electrical Ethernet port on the UTM device and the other end to the Ethernet port on the peer device.
Page 53: Connecting An Ethernet Cable To The Nsq1Gt2Ua0 Module
Check that the status of the LEDs for the connected port is correct. For description of the LEDs on the 2GE module, see Table 2-1 in Chapter 2 “Interface Modules.” Currently, the U200-S supports only the 2GE interface module. Connecting an Ethernet Cable to the NSQ1GT2UA0 Module See the “Connecting an Ethernet Cable to the 2GE Module”...
Page 54: Connecting An Antenna For The Nsq1Wlan0 Module
Check the status of the LINK/ACT LED on the module panel. If the LED is on, an optical link is present; if the LED is off, no optical link is present. In the latter case, the Rx and Tx ports may be connected incorrectly, and you can try to change the positions of the LC connectors of the two fiber optical cables at one end to remove the fault.
Page 55 Table of Contents 5 Starting and Configuring the UTM Device ······························································································5-1 Setting Up a Configuration Environment·································································································5-1 Connecting a U200 Series Device to a Configuration Terminal······················································5-1 Setting the Parameters for the Console Terminal ···········································································5-1 Power-On of the Device ··························································································································5-4 Checklist Before Device Power-On ·································································································5-4 Powering On the Device··················································································································5-4 Checklist/Operations After Power-On ·····························································································5-4 Startup Process·······································································································································5-5...
Page 56: Starting And Configuring The Utm Device
Starting and Configuring the UTM Device You can use only the console port to make initial configuration of a U200 series device. Setting Up a Configuration Environment Connecting a U200 Series Device to a Configuration Terminal For how to connect a U200 series device to the configuration terminal, refer to “Connecting the Console Cable”...
Page 57 Figure 5-2 Select a port for local configuration connection Step3 Set serial port parameters. Set the properties of the serial port in the COM1 Properties dialog box, as shown in Figure 5-3. Table 5-1 Set serial port parameters Item Value Bits per second 9600 bps (default) Data bits...
Page 58 Figure 5-3 Set serial port parameters Step4 Click OK after setting the serial port parameters to enter the HyperTerminal window, as shown below. Figure 5-4 HyperTerminal window Step5 Set HyperTerminal properties. In the HyperTerminal window, select File > Properties from the menu, and select the Settings tab to enter the properties setting dialog box, as shown below.
Page 59: Power-On Of The Device
Figure 5-5 Set the terminal type Power-On of the Device Checklist Before Device Power-On Before powering on the device, check that: The power cord and ground cable are correctly connected. The voltage of the power source conforms to voltage requirement of the device. The console cable is correctly connected, the configuration terminal or PC is powered on, and the emulation program is properly configured.
Page 60: Startup Process
Table 5-2 Normal LED states upon device power-on State Meaning The power module is supplying power PWR (green) normally. A module is installed in the slot and SLOT1/SLOT2/SLOT (green) operating normally. The mainboard is operating normally as SYS (green) Slow blinking (1 Hz) configured.
Page 61 BootWare Size : 1536KB Flash Size : 32MB CPLD Version : 1.0 PCB Version : Ver.A BootWare Validating... Press Ctrl+B to enter extended boot menu... Press Ctrl+B at this prompt to enter the extended BootWare menu, or let the system start to decompress the application program.
Page 62: Configuration Fundamentals
This prompt indicates that the UTM device has entered user view and is ready to configure. Configuration Fundamentals The section covers the generic procedures that you need to follow to configure a U200 series device. Step1 Before configuring the device, you should summarize the networking requirements, including the networking objective, role of the device in the network, division of subnets, WAN type and transmission medium, network security policy and network reliability.
Page 63: Logging In To A U200 Series Device Through A Web Browser
particular view. However, some commonly used commands, such as ping and display current-configuration, can be executed in any view. Logging In to a U200 Series Device Through a Web Browser A U200 series device supports Web-based network management, which allows you to manage and maintain the device with ease.
Page 64 Figure 5-7 Web interface for the U200-M...
Page 65 Table of Contents 6 Maintaining Software·································································································································6-1 Overview ·················································································································································6-1 Files Managed by a U200 Series Device ························································································6-1 BootWare Program File ···················································································································6-1 Application File ································································································································6-1 Configuration Files···························································································································6-2 Software Maintenance Methods······································································································6-3 BootWare Menu ······································································································································6-4 BootWare Main Menu······················································································································6-4 Serial Submenu ·······························································································································6-6 Ethernet Submenu···························································································································6-7 File Control Submenu······················································································································6-8 BootWare Operation Submenu ·······································································································6-8 Storage Device Operation Submenu·······························································································6-9 Upgrading BootWare and Application Through a Serial Interface··························································6-9...
Page 66: Maintaining Software
Maintaining Software Overview Files Managed by a U200 Series Device Three types of files need to be managed on a U200 series device. They are: BootWare program file Application file Configuration file BootWare Program File The BootWare program file is used for booting applications upon device startup and is saved in flash memory.
Page 67: Configuration Files
The application files for system boot can be type M, B and S, but not type N/A (that is, types other than M, B, and S). You can modify the name of an application file using commands after the application boots. You can modify the type of application files of type M, B and N except for type S on the BootWare menu or using commands after the application boots.
Page 68: Software Maintenance Methods
The configuration file name cannot be longer than 64 characters (including drive identifier and a string terminator). If the drive identifier is “CF:/”, the file name can be at most [ 64 – 1 – 4 ] = 59 characters in length; or, errors will occur in file operation. Typically, the file name is recommended to be not more than 16 characters.
Page 69: Bootware Menu
Figure 6-1 BootWare and Comware programs upgrade flow Start Comware application Upgrade Comware ? Choose the right Comware application file Choose an upgrade method Through Ethernet interface Xmodem TFTP Upgrade BootWare Menu BootWare Main Menu When the device is powered on, the system first initializes the memory. After the initialization, the system, the U200-A for example, runs the extended BootWare, and the following information is displayed on the console terminal: The information displayed on the terminal may vary with different BootWare versions.
Page 70 Copyright (c) 2004-2008 Hangzhou H3C Technologies Co., Ltd. Compiled Date : May 7 2008 CPU Type : XLS208 CPU L1 Cache : 32KB CPU Clock Speed : 750MHz Memory Type : DDR2 SDRAM Memory Size : 1024MB Memory Speed : 533MHz BootWare Size : 1536KB Flash Size...
Page 71: Serial Submenu
| <7> BootWare Operation Menu | <8> Clear Super Password | <9> Storage Device Operation | <0> Reboot ============================================================= Enter your choice(0-9): The menu is described in the following table. Table 6-1 BootWare main menu Menu item Description <1> Boot System Boot the system application from the CF card Enter the serial submenu.
Page 72: Ethernet Submenu
| <5> Modify Serial Interface Parameter | <0> Exit To Main Menu ============================================================= Enter your choice(0-5): Items on this submenu are described in Table 6-2. Table 6-2 BootWare serial submenu Menu item Description <1> Download Application Program To SDRAM Download the application to the SDRAM through And Run the serial interface and run the program.
Page 73: File Control Submenu
Menu item Description <5> Modify Ethernet Parameter Modify Ethernet interface parameters. <0> Exit To Main Menu Return to the BootWare main menu. File Control Submenu Select 4 on the BootWare main menu to enter the file control submenu, where you can view the application files, modify file names, and delete files.
Page 74: Storage Device Operation Submenu
Table 6-5 BootWare operation submenu Menu item Description <1> Backup Full BootWare Backup the full BootWare. <2> Restore Full BootWare Restore the full BootWare. <3> Update BootWare By Serial Upgrade BootWare through a serial interface <4> Update BootWare By Ethernet Upgrade BootWare through Ethernet <0>...
Page 75: Modifying Serial Interface Parameters
If the check succeeds, the receiving program sends an acknowledgement character and the sending program proceeds to send another packet. If the check fails, the receiving program sends a negative acknowledgement character and the sending program retransmits the packet. Modifying Serial Interface Parameters In actual applications, you need to make the serial interface baud rate higher to save upgrading time or make it lower to guarantee transmission reliability.
Page 76 Figure 6-3 Modify the baud rate on the terminal Select Call > Call to establish a new connection. Figure 6-4 Re-establish a call connection Then, press the Enter key, and the system will prompt the current baud rate and return to the previous menu.
Page 77: Upgrading The Application
Upgrading the Application The application upgrade through a serial interface is implemented on the serial submenu. Select 2 on the BootWare main menu to enter the serial submenu. For detailed description on this submenu, refer to the “Serial Submenu” section on page 6-6. The following example shows how to upgrade the main application file main.bin: To improve the upgrading speed, you can modify the serial port baud rate before upgrading the main application file (refer to the “Modifying Serial Interface Parameters”...
Page 78: Upgrading Bootware
Then the system prompts you for the file name: Input the File Name: If the input file name, main.bin for example, is unique in the storage device, it is adopted and the system displays: Updating File flash:/main.bin................................................................Done! After naming the application file, return to the BootWare main menu, enter the file control submenu, and set the new file as the default for system boot.
Page 79 After modifying the baud rate of the serial interface and the terminal, return to the BootWare operation submenu and select 1, the system displays the following: Please Start To Transfer File, Press <Ctrl+C> To Exit. Waiting ...CCCCCCCCCCCCCCCCCCCCCCCCC... Select Transfer > Send file… in the terminal window. The following dialog box appears: Figure 6-7 Send File dialog box Click Browse…...
Page 80: Upgrading The Application Using Tftp
Updating Basic BootWare....Done! Updating Extend BootWare? [Y/N]Y The system succeeds in upgrading the basic segment and asks whether to upgrade the extended segment: If you select N, the system completes the upgrade without upgrading the extended segment. If you select Y, the system proceeds to upgrade the extended segment: Updating Extend BootWare....Done! The entire BootWare is thus upgraded successfully.
Page 81 Figure 6-9 Set up a TFTP upgrade environment The U200-S serves as the TFTP client, and PC serves as the TFTP server. Connect Ethernet interface GigabitEthernet 0/0 on the U200-S to the PC using a crossover Ethernet cable. Ensure the connectivity between the U200-S and the PC. In this example, the IP address of GigabitEthernet 0/0 on the client is 192.168.80.10 and that of the PC is 192.168.80.200.
Page 82 Gateway IP Address FTP User Name FTP User Password Table 6-7 Description on the display information of setting Ethernet interface parameters Display information Description '.' = Clear field Shortcut key . is used to clear the current input. '-' = Go to previous field Shortcut key - is used to return to the previous field.
Page 83: Upgrading/Backing Up The Application With Tftp At The Command Line Interface
Step4 After the upgrade is finished, select 0 to return to the BootWare main menu, where you can select 1 to reboot the system from flash memory. If the input application file name is the same with the name of a file on flash memory, the system prompts “The file exists, will you recover it? [Y/N]”.
Page 84 62472 KB total (41855.5 KB free) <H3C> Table 6-8 Description on the display information of the dir command Display information Description '.' Directory of flash:/ Name of the current directory. 62472 KB total (41855.5 KB free) Used space of flash memory (available space) Step3 Upgrade the application.
Page 85: Upgrading The Application With Ftp
File uploaded successfully. When you backup an application file, if a file having the same name with the file to be backed up exists on the server, the system overwrites the file on the server directly. You can backup a configuration file using the same method as backing up an application file. Upgrading the Application with FTP When the application file is large, you can also upgrade it using FTP to save upgrade and maintenance time.
Page 86: Upgrading The Application With Ftp At The Command Line Interface
In this example, the username is guest, and the password is 123456. Step4 Log in to the FTP server. <H3C>ftp 192.168.80.200 Trying 192.168.80.200 ... Press CTRL+K to abort Connected to 192.168.80.200. 220 3Com 3CDaemon FTP Server Version 2.0 User(192.168.80.200:(none)):guest 331 User name ok, need password Password: 230 User logged in [ftp] After you log into the server, you can upgrade an application file through command lines.
Page 87 Step5 Upgrade an application file. Using FTP, you can download an application file from the server to the device, and overwrite the original main application file to upgrade the application. The upgraded application file takes effect when the device reboots. # Download file main.bin from the FTP server to the device and save it as main.bin.
Page 88 Table 6-10 Description on display information for update and backup of an application file on the device Display information Description [ftp]get main.bin main.bin Download the file used for upgrade flash:/main.bin has been existing. Overwrite it? The system prompts whether to overwrite the [Y/N]:y existing file.
Page 89 You can upgrade the application of the U200 series devices through GigabitEthernet 0/0 only. Step2 Enable the FTP service. # Enable FTP server. [H3C] ftp server enable # Add FTP username and password. [H3C] local-user guest [H3C-luser- guest] service-type ftp [H3C-luser- guest] password simple 123456 [H3C-luser-guest] authorization-attribute level 3 Table 6-11 Description on the display information of enabling the FTP service...
Page 90 User (192.168.80.10:(none)): guest 331 Password required for guest Password: 230 User logged in. Table 6-12 Description on the display information of enabling FTP server Display information Description C:\Documents and Settings\Administrator>ftp Enable the FTP client program on the PC. ftp> open 192.168.80.10 In FTP client view, log into the IPv4 FTP server.
Page 91: Maintaining Application And Configuration Files
150 Opening BINARY mode data connection for main.bin. 226 Transfer complete. When you download an application file, if a file having the same name with the downloaded file exists on the PC, the system prompts whether to overwrite the file on the PC. You need to choose Y or N for confirmation.
Page 92: Setting The Application File Type
2294 May/11/2008 14:47:32 N/A flash:/~/startup.cfg 2094 May/11/2008 13:47:34 N/A flash:/~/startup_bac.cfg ========================================================================= Displaying all files through command lines Directory of flash:/ drw- Jun 11 2008 19:09:42 logfile -rw- 11611272 Jun 13 2008 13:21:20 main.bin -rw- 1128 Jun 27 2008 11:07:24 startup.cfg -rw- Jun 11 2008 20:20:38 config.cfg...
Page 93: Deleting A File
| <3> +Backup | <4> -Backup | <0> Exit Enter your choice(0-4): You can set the file type to M (main) or B (backup) or cancel the setting by selecting 1 to 4. In this example, you can select 1 to modify the file type of main.bin from B to M+B. Set the file attribute success! Then the file type of main_bak.bin automatically changes from M to N/A.
Page 94: Specifying A Configuration File For Next Startup
2294 May/11/2008 14:47:32 N/A flash:/~/startup.cfg 2094 May/11/2008 13:47:34 N/A flash:/~/startup_bac.cfg Exit ========================================================================= Enter file no: Step2 Enter the file number, select 4, and the system prompts: The file you selected is flash:/~/startup_bac.cfg,Delete it? [Y/N] Step3 Select Y, and the system displays the following information: Deleting..
Page 95: Dealing With Password Loss
Use the display startup command to verify the configuration. <H3C> display startup Current startup saved-configuration file: flash:/startup.cfg Next startup saved-configuration file: flash:/testcfg.cfg For details about the save and startup saved-configuration cfgfile commands, refer to the accompanying documentation. Dealing With Password Loss When the BootWare password, user password or super password is lost, resort to the following methods: BootWare Password Loss and Modification...
Page 96: Super Password Loss
Step1 Enter the BootWare main menu, and select 6 to boot the system by ignoring the system configuration. The system prompts: Flag Set Successfully. The system prompts that the setting succeeds. Step2 When the BootWare main menu appears again, select 0 to reboot the system. System is rebooting now.
Page 97: Backing Up And Restoring Bootware
==================<EXTEND-BOOTWARE MENU>===================== | <1> Boot System | <2> Enter Serial SubMenu | <3> Enter Ethernet SubMenu | <4> File Control | <5> Modify BootWare Password | <6> Skip Current System Configuration | <7> BootWare Operation Menu | <8> Clear Super Password | <9>...
Page 98: Restoring The Full Bootware
Done! At this moment, backup for the extended segment is finished. Both the basic and extended BootWare are backed up to flash memory. Backing up the full BootWare using the CLI <H3C>bootrom backup Now backuping bootrom, please wait... Backup bootrom! Please wait... Read normal basic bootrom completed! Backup normal basic bootrom completed! Read normal extend bootrom completed!
Page 99: Upgrading/Managing Configuration Through The Web Interface
Now restoring bootrom, please wait... Restore bootrom! Please wait... Read backup basic bootrom completed! Restore basic bootrom completed! Read backup extend bootrom completed! Restore extend bootrom completed! Restore bootrom completed! Upgrading/Managing Configuration through the Web Interface Introduction The U200 series devices are available with a web interface for you to upgrade and maintain the devices with ease.
Page 100 About signature database upgrade The signature database records the traffic patterns of known attacks exploiting various protocols. To keep the effectiveness of your U200 series device as a security device, you must upgrade the signature database timely to include latest updates. You can manually or automatically upgrade the signature database: Automatic upgrade allows the system to download the latest signature database automatically at regular intervals.
Page 101: Upgrading Software Through The Web Interface
Upgrading Software Through the Web Interface You can download a software upgrade file from a TFTP server to a U200 series device through the Web interface. For how to log in to a U200 series device through the Web interface, refer to Chapter 5 “Starting and Configuring the U200 Series Device.”...
Page 102: Upgrading The Signature Database And Maintaining Configuration Files
Make settings on the Web interface to upgrade the application of the UTM device by downloading an upgrade file from the TFTP server. Figure 6-14 Network diagram for software upgrade Configuration prerequisites TFTP service is available on the device working as the TFTP server. The file to be downloaded, that is, source.bin in this example, exists in the main directory on the TFTP server.
Page 103 Figure 6-15 Enter the application security policy configuration page Obtaining version information Select System Management > Device Management > Signature Upgrade from the navigation tree to enter the page displaying the current and the last version information of signature databases. Figure 6-16 Version information On the interface, you can perform the following operations: Displaying information about the current and the last version of the specified signature database.
Page 104 Configure automatic upgrade settings as shown in Table 6-17. Table 6-17 Automatic upgrade settings Item Description Enable the automatic upgrade function by selecting the Enable option. Enable You can proceed with other configuration items only when this option is selected. Specify when to start automatic upgrade and the upgrade interval.
Page 105 Figure 6-19 Page for maintaining device configuration files On the page, you can perform the tasks described in Table 6-19. Table 6-19 Maintain configuration files Task View information about configuration files. Click the icon for a configuration file to specify the path for saving Configuration File the compressed configuration file on the local console PC.
Page 106 Table 6-20 Description of the backup configuration file list Item Description Configuration ID ID of the compressed configuration file. Date Date when the compressed configuration file was created. Software version of the device at the time when the compressed Software Version configuration file was created.
Page 107 Table of Contents 7 Maintaining Hardware ·······························································································································7-1 Preparing Tools·······································································································································7-1 Precautions ·············································································································································7-1 Opening/Closing the Chassis Cover ·······································································································7-1 Internal Structures of the U200 Series Devices······················································································7-3 Removing and Installing Blank Panels····································································································7-4 Removing a Blank Panel ·················································································································7-4 Installing a Blank Panel ···················································································································7-4 Installing and Removing a Mini Card ······································································································7-5 Installing a Mini Card ·······················································································································7-5 Removing the Mini Card ··················································································································7-6 Installing and Removing a MIM Module··································································································7-7...
Page 108: Precautions
Maintaining Hardware Preparing Tools Phillips screwdrivers: P1-100mm, P2-150mm, P3-250mm Flat-blade screwdriver: P4-75mm ESD-preventive wrist strap, ESD-preventive gloves Antistatic bags, antistatic pads The U200 series devices are not shipped with any of the above-mentioned tools. Precautions When maintaining hardware of a U200 series device, follow these guidelines: Maintain hardware under the guidance of a technical support engineer appointed by H3C.
Page 109 Step2 Unplug all interface cables from the rear panel while keeping the ground cable connected, and remove the fastening screws at both sides of the device. Figure 7-1 Remove the screws at both sides of the device Step3 Insert a flat-blade screwdriver into the long narrow unlock slot at the bottom of the chassis, and pry the cover with the head of the screwdriver tipping towards you until the cover becomes loose, as shown in Figure 7-2.
Page 110: Internal Structures Of The U200 Series Devices
Figure 7-4 Remove the chassis cover Internal Structures of the U200 Series Devices Figure 7-5 shows the internal structure of the U200-A, with the chassis cover removed. Figure 7-5 Internal structure of the U200-A (1) Connector for MIM in slot 1 (2) MIM slot 1 (3) Connector for MIM in slot 2 (4) MIM slot 2...
Page 111: Removing And Installing Blank Panels
Figure 7-7 Internal structure of the U200-S (1) Mini card connector (2) Mini card slot (3) Fan tray (4) Power supply Removing and Installing Blank Panels Black panels are used to cover empty interface card/module slots to prevent dust from entering chassis. Removing a Blank Panel You need to remove the blank panel that covers an empty slot before installing an interface card or module in the slot.
Page 112: Installing And Removing A Mini Card
Figure 7-9 Install a blank panel Installing and Removing a Mini Card Installing a Mini Card Follow these steps to install a mini card, taking the 2GE card for example: Step1 Power off the device. Step2 Remove the blank panel from the interface card slot at the rear of the device. For how to remove a blank panel, refer to the “Removing a Blank Panel”...
Page 113: Removing The Mini Card
Step5 Power on the device, and look at the status LED of the slot on the front panel. If the LED stays on after the card completes initialization, the card is operating normally; if the LED goes off, the card fails the self-test.
Page 114: Installing And Removing A Mim Module
Installing and Removing a MIM Module Installing a MIM Module Follow these steps to install a MIM, taking the NSQ1GT2UA0 module for example: Step1 Power off the UTM device. Step2 Remove the blank panel from the intended interface module slot at the rear of the device. For how to remove a blank panel, refer to “Removing a Blank Panel”...
Page 115: Inserting And Removing A Cf Card
Figure 7-16 Loose the captive screws Step3 Pull the MIM module out along the guide rails. Figure 7-17 Uninstall a MIM module Put away the removed MIM in an antistatic bag. If you are not installing a new MIM in the empty interface module slot, install a blank panel to prevent dust from entering the chassis.
Page 116: Removing The Cf Card
Figure 7-18 Insert a CF card into the CF card slot If the application program for booting the UTM device is stored in an external CF card, make sure that the right CF card has been correctly installed in the slot; otherwise the device will fail to boot up. Removing the CF Card Follow these steps to remove the CF card: Step1 Make sure that the CF card LED is not flashing before proceeding with the next step.
Page 117 Do not remove the CF card when the UTM device is booting or the LED is flashing to avoid hardware damage. To protect the CF card, put it away in an antistatic bag. 7-10...
Page 118 Table of Contents 8 Troubleshooting ········································································································································8-1 Troubleshooting the Power System ········································································································8-1 Troubleshooting Fans ·····························································································································8-1 Troubleshooting the Configuration System·····························································································8-2 No Display on the Terminal Screen·································································································8-2 Garbled Characters Displayed on the Terminal Screen··································································8-2 Serial Port Response Failure ··········································································································8-2 Dealing With Password Loss ··················································································································8-3 Troubleshooting the Cooling System ······································································································8-3 Troubleshooting Interface Cards/Modules, Cables and Connections ····················································8-3...
Page 119 Troubleshooting The barcode stuck on the U200 series device chassis contains information about production and servicing. Before you return a U200 series device for serving, please provide its barcode information to your sales agent. Troubleshooting the Power System Symptom The device cannot be powered on. The power LED on the front panel is off. Solution Follow these steps to troubleshoot the power system: Step1 Remove the chassis cover.
Page 120 Troubleshooting the Configuration System If the system runs normally at power-on, the boot information is displayed on the configuration terminal. If the configuration system is faulty, the terminal screen may display nothing or garbled characters. No Display on the Terminal Screen Symptom The configuration terminal displays nothing at power-on.
Page 121 Dealing With Password Loss If you have lost the BootWare password, user password, or super password, refer to “Dealing With Password Loss” in Chapter 6 “Maintaining Software.” Troubleshooting the Cooling System Symptom The temperature inside the device exceeds 45°C (113°F). Solution Follow these steps to troubleshoot the cooling system: Step1 Check the fans for stopped ones.
Page 122 Table of Contents Appendix A Regulatory Compliance Information ···················································································· A-1 Regulatory compliance standards·········································································································· A-1 European Directives compliance ··········································································································· A-1 LVD/EMC Directive························································································································· A-1 WEEE Directive–2002/96/EC········································································································· A-2 USA regulatory compliance ··················································································································· A-2 FCC Part 15···································································································································· A-2 FDA················································································································································· A-2 Canada regulatory compliance ·············································································································· A-2 ICES-003 ········································································································································...
Page 123: Appendix A Regulatory Compliance Information
Appendix A Regulatory Compliance Information Regulatory compliance standards Table A-1 Regulatory compliance standards Discipline Standards FCC Part 15 (CFR 47) CLASS A ICES-003 CLASS A VCCI-3 CLASS A VCCI-4 CLASS A CISPR 22 CLASS A EN 55022 CLASS A AS/NZS CISPR22 CLASS A CISPR 24 EN 55024 EN 61000-3-2...
Page 124: Weee Directive-2002/96/Ec
This device must accept any interference received, including interference that may cause undesired operation. If the customer modifies the equipment without the authorization of H3C and 3Com, which directly or indirectly contribute to the equipment incompliance with FCC requirements for Class A digital devices, H3C is not liable for such interference problem and the expenses incurred therefrom shall be covered by the customers.
Page 125: Japan Regulatory Compliance
Japan regulatory compliance VCCI These products comply with the requirements of VCCI Class A Information Technology Equipment (ITE). Warning: If this equipment is used in a domestic environment, radio disturbance may arise. When such trouble occurs, the user may be required to take corrective actions. EN55022 / CISPR 22 Compliance These products comply with the requirements of EN55022/CISPR 22 for Class A Information Technology Equipment (ITE).
Page 126: Appendix B Safety Information Sicherheits Informationen安全信息
Appendix B Safety Information Sicherheits informationen 安全信息 Overview Überblick 概述 This section introduces part of the safety precautions that should be followed during the installation and maintenance of the equipment. And for the safety statements and warnings, there followed the translations of both German and Chinese to comply with the national requirements.
Page 127: Conventions Used Symbole Erläuterung应用惯例
说明：为了避免可能发生的事故，请在进行任何操作前，仔细阅读设备操作手册和本章节的安全规范。手册中出现的说明、注意、警告、危险，不能涵盖所有的安全预防，仅仅是在整个操作过程中的安全提示和补充。因此，负责安装和日常维护本设备的人员必须具备安全操作基本技能。操作人员要按照当地的安全规范进行操作。出现在产品手册中的安全预防措施仅仅是当地安全规范的补充。在操作本设备时，请认真执行产品手册规定的安全规范。 Conventions Used Symbole Erläuterung 应用惯例 The symbols in this manual are shown in the following table. They are used to remind the reader of the safety precautions during equipment installation and maintenance. Die Symbole in diesem Handbuch verwendeten sind in der folgenden Tabelle dargestellt.
Page 128 为了避免对人和设备造成伤害，请认真执行下列要求： Read all the instructions before operation. Lesen Sie alle Anweisungen sorgfältig durch, bevor Sie mit dem Arbeiten beginnen. 在进行操作前仔细阅读手册内容。 When installing the unit, always make the ground connection first and disconnect it last. Beachten Sie, dass bei der Installation des Systems stets zuerst die Erdverbindung angebracht wird und das die Erdverbindung stets als letztes getrennt wird.
Page 129: Power Cable Zuleitung电缆
können durch eine DC RPS Energiequelle angetrieben werden, aber die DC RPS Energiequelle muß von H3C geliefert werden. 设备可以使用 DC RPS 电源供电，如果用户希望使用 DC RPS 电源为设备供电，那么必须向杭州华三通信技术有限公司购买指定型号的 DC RPS 电源。 Power Cable Zuleitung 电缆 Note: Installation and removal of live power cable is prohibited strictly. Transient contact between the core of power cable and conductor may generate electric arc or spark or electric arc, which may lead to fire or eye injury.
Page 130: Laser Laser激光辐射
Anmerkung: Für mit Gleichstrom betriebene Ausrüstung benutzen Sie bitte eine 1.0 mm oder 16 AWG Zuleitung. Für mit Wechselstrom betriebene Ausrüstung benutzen Sie bitte eine 1.0 mm oder 16 AWG Zuleitung. 说明： DC 电源设备，请使用 1.0mm 或 16AWG 电缆； AC 电源设备，请使用 1.0mm 或...

This manual is also suitable for:

U200-a U200-m U200-s U200-m/a 2-port 10/100/1000 module U200-m/a 4-port 1000x module U200-s 2-port 10/100/1000 module

3Com SECPATH U200-CS Installation Manual

English

Deutsch

Appendix A Regulatory Compliance Information

Appendix B Safety Information Sicherheits Informationen安全信息

Quick Links

Chapters

Need help?

Questions and answers

Related Manuals for 3Com SECPATH U200-CS

Summary of Contents for 3Com SECPATH U200-CS

This manual is also suitable for:

Table of Contents