H3C SecPath F100-C Installation Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Firewall
  5. SecPath F100-C
  6. Installation manual
H3C SecPath F100-C Installation Manual

H3C SecPath F100-C Installation Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

H3C SecPath F100-C Firewall
Installation Manual
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Manual Version: T2-08044D-20070430-C-1.02

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SecPath F100-C and is the answer not in the manual?

Questions and answers

Related Manuals for H3C SecPath F100-C

Summary of Contents for H3C SecPath F100-C

  • Page 1 H3C SecPath F100-C Firewall Installation Manual Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Manual Version: T2-08044D-20070430-C-1.02...
  • Page 2 Copyright © 2006-2007, Hangzhou H3C Technologies Co., Ltd. and its licensors All Rights Reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd. Trademarks H3C,...

  • Page 3: About This Manual

    About This Manual Related Documentation In addition to this manual, each H3C SecPath Series Security Products documentation set includes the following: Manual Content It introduces the functional features, H3C SecPath Series principles and guide to configuration and Security Products operation for H3C SecPath Series Operation Manual Security Gateways/Firewalls.
  • Page 4 Organization H3C SecPath F100-C Firewall Installation Manual is organized as follows: Chapter Contents Profiles the system characteristics and applications. Product appearance and 1 Product Overview system description are also available in this chapter. Focuses on environment requirements for system installation, precautions 2 Preparing for before and during the installation.
  • Page 5 Conventions The manual uses the following conventions: I. Command conventions Convention Description The keywords of a command line are in Boldface Boldface. Command arguments are in italic. italic Items (keywords or arguments) in square brackets [ ] are optional. Alternative items are grouped in braces { x | y | ...
  • Page 6 II. GUI conventions Convention Description Button names are inside angle brackets. < > For example, click <OK>. Window names, menu items, data table field names are inside square brackets. For example, pop up the [New User] window. Multi-level menus are separated by forward slashes.

  • Page 7: Table Of Contents

    Chapter 3 Installing the H3C SecPath F100-C ......3-1 3.1 Installation Procedure ............3-1 3.2 Installing the H3C SecPath F100-C ........3-2 3.2.1 Placing the H3C SecPath F100-C on a Table..3-2 3.2.2 Mounting the H3C SecPath F100-C on a Vertical Surface ................3-2 3.3 Connecting PGND Wire .............3-4 3.4 Connecting the Power Cord..........3-5...
  • Page 8 H3C SecPath F100-C Firewall Table of Contents 3.6 Connecting the H3C SecPath F100-C to LAN....3-8 3.7 Connecting the H3C SecPath F100-C to WAN ....3-10 3.8 Verifying Installation ............3-10 Chapter 4 Starting and Configuring the H3C SecPath F100-C..4-1 4.1 Starting the H3C SecPath F100-C........4-1 4.1.1 Setting Up a Configuration Environment....4-1...
  • Page 9 Installation Manual H3C SecPath F100-C Firewall Table of Contents 6.2 Troubleshooting the Console Terminal ......6-1...
  • Page 10 List of Figures List of Figures Figure 1-1 Front panel of the H3C SecPath F100-C....1-2 Figure 1-2 Rear panel of the H3C SecPath F100-C ....1-3 Figure 3-1 Installation procedure ..........3-1 Figure 3-2 Bottom of the H3C SecPath F100-C chassis ..3-3 Figure 3-3 Wall-mounting the H3C SecPath F100-C ....3-4...
  • Page 11 Installation Manual H3C SecPath F100-C Firewall List of Tables List of Tables Table 1-1 Technical specifications of the H3C SecPath F100-C ..................1-3 Table 1-2 LEDs on the H3C SecPath F100-C ......1-4 Table 1-3 Attributes of the console port ........1-5 Table 1-4 Attributes of the Ethernet interface ......1-6 Table 2-1 Temperature and humidity requirements in the equipment room..............2-2...

  • Page 12: Chapter 1 Product Overview

    Chapter 1 Product Overview Chapter 1 Product Overview 1.1 Introduction H3C SecPath F100-C Firewall (referred to as the H3C SecPath F100-C) is designed for small office home office (SOHO) users. H3C SecPath F100-C provides the standard-compliant uplink Ethernet interface, and can interoperate with the products of other vendors at every layer, which protects customer’s investment.

  • Page 13: Hardware Features

    ( 2 ) ( 3 ) (1) Ethernet LED LAN3 (2) Ethernet LED LAN2 (3) Ethernet LED LAN1 (4) Ethernet LED LAN0 (5) WAN LED (6) System LED (SYS) (7) Power LED (PWR) Figure 1-1 Front panel of the H3C SecPath F100-C...

  • Page 14: Figure 1-2 Rear Panel Of The H3C Secpath F100-C

    (6) Ethernet interface 2 (LAN2) (7) Ethernet interface 3 (LAN3) (8) Grounding screw (9) WAN interface (WAN) Figure 1-2 Rear panel of the H3C SecPath F100-C II. System specifications Table 1-1 Technical specifications of the H3C SecPath F100-C Item Description...

  • Page 15: Table 1-2 Leds On The H3C Secpath F100-C

    (noncondensing) III. LEDs There are seven LEDs, which are described in Table 1-2, on the cover of the H3C SecPath F100-C firewall. Table 1-2 LEDs on the H3C SecPath F100-C Description OFF: No link is present. LAN0/LAN1/LAN2/LA ON: A link is present.

  • Page 16: Table 1-3 Attributes Of The Console Port

    ON or OFF: The system is faulty. OFF: No power is supplied. ON: Power is being supplied. IV. Interface attributes The H3C SecPath F100-C firewall provides the console port, 10 Mbps interface and 10/100 Mbps Ethernet interfaces. Console port Table 1-3 Attributes of the console port...

  • Page 17: Table 1-4 Attributes Of The Ethernet Interface

    Installation Manual H3C SecPath F100-C Firewall Chapter 1 Product Overview Ethernet interface Table 1-4 Attributes of the Ethernet interface Item 10BASE-T 10/100BASE-T Connector RJ-45 10/100 Mbps auto-sensing 10 Mbps Auto-MDI/MDIX Operating mode Half/full duplex Half/full duplex Only Layer 2 switching available...

  • Page 18: Chapter 2 Preparing For Installation

    H3C SecPath F100-C Firewall Chapter 2 Preparing for Installation Chapter 2 Preparing for Installation 2.1 Site Requirements Install the H3C SecPath F100-C indoors and make sure the environment meets the following requirements for its normal and durable usage. 2.1.1 Temperature/Humidity The equipment room must maintain adequate temperature and humidity.

  • Page 19: Cleanliness

    Installation Manual H3C SecPath F100-C Firewall Chapter 2 Preparing for Installation Table 2-1 Temperature and humidity requirements in the equipment room Temperature Relative Humidity 10% to 90% 0°C to 40°C (32°F to 104°F) 2.1.2 Cleanliness The equipment room must be free of explosion hazards and the electrical and magnetic conductible dust as well.

  • Page 20: Esd Prevention

    0.05 0.01 2.1.3 ESD Prevention Although the H3C SecPath F100-C takes measures to prevent electrostatic discharge (ESD), its card circuits and even the device can be badly damaged when excessive static electricity is present. On the communication network connected to your device, the...

  • Page 21: Lightning Protection

    Add a special device to the input end of the signal cable which lies in the open air for a better protection from the lightning. 2.1.6 Checking the Installation Site When installing the H3C SecPath F100-C, make sure that:...

  • Page 22: Safety Precautions

    The workbench is well earthed. 2.2 Safety Precautions Be sure that you observe all safety precautions when you install your H3C SecPath F100-C and pay adequate attention to the following icons: Caution means care should be taken in these operations during installation and use.

  • Page 23: Tools, Meters, And Devices

    Installation Manual H3C SecPath F100-C Firewall Chapter 2 Preparing for Installation 2.3 Tools, Meters, and Devices I. Tools ESD-preventive wrist strap II. Cables PGND wire, power cord and power supply unit (PSU) Console cable Optional cables, such as network cable, AUX cable, and synchronous /asynchronous serial interface cable III.

  • Page 24: Figure 3-1 Installation Procedure

    Installation Manual H3C SecPath F100-C Firewall Chapter 3 Installing the Chapter 3 Installing the H3C SecPath F100-C 3.1 Installation Procedure Start Install the device to given position Connect PGND wire Connect power cord Connect console terminal Connection check before poweron...

  • Page 25: Chapter 3 Installing The H3C Secpath F100-C

    Mounting it on a vertical surface 3.2.1 Placing the H3C SecPath F100-C on a Table It is simple to place the H3C SecPath F100-C firewall on a clean and flat table. When placing it, make sure: The table is steady 10 cm (3.9 in) space is left for heat dissipation around the...

  • Page 26: Figure 3-2 Bottom Of The H3C Secpath F100-C Chassis

    Step 1: Install four pan-head screws on a wall or other flat vertical surface and ensure that each screw comes 6 mm (0.2 in) out of the wall. Figure 3-2 Bottom of the H3C SecPath F100-C chassis Step 2: Hang the H3C SecPath F100-C on the screws by the four brackets.

  • Page 27: Connecting Pgnd Wire

    Caution: Properly connect the PGND wire before connecting other cables and use the cable as short as possible to protect the H3C SecPath F100-C from possible lightning, which otherwise may damage the device. At the AC-input end of the H3C SecPath F100-C firewall, there is an AC-noise filter.

  • Page 28: Connecting The Power Cord

    The grounding screw of the H3C SecPath F100-C is on its rear panel. Connect this screw to the earth ground using a PGND wire. The grounding resistance cannot be greater than 5-ohm.
  • Page 29 Step 4: Check that the PWR LED on the front panel of the H3C SecPath F100-C is ON. If the LED is OFF, repeat steps 2 through 4. Caution: If the Power LED is still off after you repeat steps 2 through 4 several...

  • Page 30: Connecting The H3C Secpath F100-C To A Console Terminal

    II. Console cable The console cable is an 8-core shielded cable with an RJ-45 connector at one end for the console port of H3C SecPath F100-C and a DB9 (female) connector at the other end for the serial interface of the terminal.

  • Page 31: Connecting The H3C Secpath F100-C To Lan

    Power off the H3C SecPath F100-C and the console terminal, and then connect the RS232 serial interface on the console terminal to the console port on the H3C SecPath F100-C using the console cable. Verify the connection and power on the H3C SecPath F100-C. In normal cases, the startup information is displayed on the terminal screen.

  • Page 32: Figure 3-6 Ethernet Cable Assembly

    RJ-45 connectors in different sequence. The cable is used for connecting devices of the same type, such as connecting two PCs, two H3C SecPath F100-Cs or a PC to a H3C SecPath F100-C. You can make the crossover cable by yourself.

  • Page 33: Connecting The H3C Secpath F100-C To Wan

    3.7 Connecting the H3C SecPath F100-C to The H3C SecPath F100-C firewall provides a 10 Mbps WAN interface. For its connection, refer to section 3.6 “Connecting the H3C SecPath F100-C to LAN”.
  • Page 34 The grounding wire is correctly connected. The device is correctly connected to other devices, such as a console terminal. Caution: Installation verification is extremely important, because the operations of the H3C SecPath F100-C depend on its stability, grounding, and power supply. 3-11...

  • Page 35: Chapter 4 Starting And Configuring The H3C Secpath F100-C

    I. Connecting the H3C SecPath F100-C to a console terminal Connect the RJ-45 connector of the console cable to the console port on the H3C SecPath F100-C, and the DB9 connector to the serial interface on a PC, as shown in Figure 4-1.

  • Page 36: Figure 4-2 Create A New Connection

    Installation Manual Chapter 4 Starting and Configuring H3C SecPath F100-C Firewall the H3C SecPath F100-C Enter the name of the new connection and click <OK>. See Figure 4-2. Figure 4-2 Create a new connection Step 2: Setting the terminal parameter...

  • Page 37: Figure 4-3 Select Serial Interface

    Installation Manual Chapter 4 Starting and Configuring H3C SecPath F100-C Firewall the H3C SecPath F100-C Figure 4-3 Select serial interface Set the serial interface The [Settings] tab appears as shown in Figure 4-4, and set the serial interface parameters as follows:...

  • Page 38: Figure 4-4 Set Communication Parameter

    Installation Manual Chapter 4 Starting and Configuring H3C SecPath F100-C Firewall the H3C SecPath F100-C Figure 4-4 Set communication parameter Select emulation type Choose [Properties/Settings] to enter the corresponding page and select the emulation as VT100 or Auto detect. Click <OK> and...

  • Page 39: Powering On The H3C Secpath F100-C

    Figure 4-5 Select emulation type 4.1.2 Powering On the H3C SecPath F100-C I. Connection check before power-on Before powering on the H3C SecPath F100-C, check that: Both the power cord and the PGND wire are correctly connected. Proper power supply is used.

  • Page 40: Startup Process

    Turn on the H3C SecPath F100-C. III. Check after power-on After powering on the H3C SecPath F100-C, check that: The LEDs on the front panel of the H3C SecPath F100-C are in normal status. Refer to section 1.2.1 III. “LEDs” for more information about the LEDs status after power-on.
  • Page 41 User interface Con 0 is available. Press ENTER to get started Press <Enter>. The system displays (if login authentication is not enabled): <H3C> This prompt indicates that the H3C SecPath F100-C enters user view, and is ready for your configuration.

  • Page 42: Configuration Fundamentals

    Follow the steps below to configure the H3C SecPath F100-C: Step 1: Figure out detailed networking requirements, including networking objectives, the role of the H3C SecPath F100-C in the network, the subnetting scheme, transmission medium, security policy, and network reliability.

  • Page 43: Command Line Interface

    The command line interface (CLI) of the H3C SecPath F100-C firewall offers series of configuration commands for you to configure and manage the H3C SecPath F100-C. The CLI allows you to: Configure the device through console port at the local.
  • Page 44 Installation Manual Chapter 4 Starting and Configuring H3C SecPath F100-C Firewall the H3C SecPath F100-C appropriate to the view that you access. However, you are allowed to execute in any view some commands in common use, such as ping and display.

  • Page 45: Chapter 5 Maintaining The H3C Secpath F100-C

    Chapter 5 Maintaining the H3C H3C SecPath F100-C Firewall SecPath F100-C Chapter 5 Maintaining the H3C SecPath F100-C The files on the H3C SecPath F100-C fall in to three categories: Boot ROM program file Application program file (host program) Configuration file software...
  • Page 46 H3C SecPath F100-C Firewall SecPath F100-C Set up the configuration environment as shown in Figure 4-1 and boot the H3C SecPath F100-C. When the information “Press Ctrl-B to enter Boot Menu” appears on the terminal screen, press <Ctrl+B>. The system displays:...
  • Page 47 Note that this option works only once when you select it. The system resumes version check after you reboot the H3C SecPath F100-C. II. Boot ROM operation menu of the H3C SecPath F100-C firewall You can select 5 in the Boot menu to enter the Boot ROM...

  • Page 48: Upgrading Application Programs And Boot Rom Program Using Xmodem

    Chapter 5 Maintaining the H3C H3C SecPath F100-C Firewall SecPath F100-C Caution: Upgrade the H3C SecPath F100-C software under the guide of support technicians. When upgrading, make the Boot ROM software match the application program. 5.2 Upgrading Application Programs and...
  • Page 49 Installation Manual Chapter 5 Maintaining the H3C H3C SecPath F100-C Firewall SecPath F100-C Step 2: Select an appropriate download speed, for example, 115200 bps by entering 5. The following message appears: Download speed is 115200 bps. Change the terminal's speed to 115200 bps, and select XModem protocol.

  • Page 50: Figure 5-1 Send File Dialog Box

    Installation Manual Chapter 5 Maintaining the H3C H3C SecPath F100-C Firewall SecPath F100-C Figure 5-1 Send File dialog box Step 5: Click <Browse>. Select the application file to be downloaded and set protocol to XModem. Click <Send>. The following interface pops up:...
  • Page 51 Installation Manual Chapter 5 Maintaining the H3C H3C SecPath F100-C Firewall SecPath F100-C Step 6: After completing downloading, the system begins writing data to the Flash memory, and then displays the following information in the terminal interface, indicating the completion of the downloading: Download completed.
  • Page 52 Installation Manual Chapter 5 Maintaining the H3C H3C SecPath F100-C Firewall SecPath F100-C Caution: If you fail to upgrade the entire Boot ROM program, you cannot restore it on site. Therefore, you can only upgrade the entire Boot ROM program under the direction of technical support engineers and when it is urgently necessary.

  • Page 53: Backing Up And Restoring The Extended Segment Of The Boot Rom Program

    Backuping Boot ROM program to FLASH successed! Step 3: When the Boot ROM operation menu appears again, select 5 to exit and reboot the H3C SecPath F100-C. II. Restoring the extended segment from the Flash memory If faults occur to the extended segment of the Boot ROM program...

  • Page 54: Upgrading The Application Programs Using Tftp

    Start the TFTP server. Start the TFTP server on the PC connected to the Ethernet interface on the H3C SecPath F100-C and set the directory to the file that is to be downloaded. Configure the H3C SecPath F100-C.
  • Page 55 SecPath F100-C Select 1 in the Net port download menu to set parameters for the Ethernet interface on the H3C SecPath F100-C (including the interface in use, IP address of the interface) and parameters for the TFTP server (including IP address of the Ethernet interface on the TFTP server and the filename of the application program).
  • Page 56 Installation Manual Chapter 5 Maintaining the H3C H3C SecPath F100-C Firewall SecPath F100-C Caution: The upgrade should be performed through interface LAN0 on the firewall. The host inet (h): [192.168.1.10] field must be set to the IP address of the TFTP server connected to the Ethernet interface on the firewall.

  • Page 57: Uploading/Downloading Application Programs/Files Using Ftp

    Boot ROM You can download the application program using FTP through the Ethernet interface. In this case, the H3C SecPath F100-C acts as the client and must be connected to the FTP server through one of its fixed Ethernet interfaces.
  • Page 58 SecPath F100-C Start the FTP server. Start the FTP server on the PC connected to the Ethernet interface on the H3C SecPath F100-C and set the directory to the file that is to be uploaded. Configure the H3C SecPath F100-C.
  • Page 59 (o) Caution: The host inet (h): [192.168.1.10] field must be set to the IP address of the FTP server connected to the Ethernet interface on the H3C SecPath F100-C. You are recommended to configure the IP addresses of the network interface on the FTP server and the LAN0 on the H3C SecPath F100-C to be on the same network segment.

  • Page 60: Upgrading Application Programs Using Ftp In Host Software

    Boot ROM program. You only need to connect a FTP client, local or remote, to the H3C SecPath F100-C. When you pass the authentication, you can upload and download configuration files or applications.

  • Page 61: Figure 5-3 Set Up A Local Upload/Download Environment Using

    (FTP Client) (FTP Client) Figure 5-3 Set up a local upload/download environment using Step 1: Connect the PC to the Ethernet interface of the H3C SecPath F100-C. Step 2: Assign an IP address, 10.110.10.10 for example, to the Ethernet interface on the H3C SecPath F100-C.
  • Page 62 “C:\ version” for example. Caution: The IP address assigned to the Ethernet interfaces of the PC and H3C SecPath F100-C must be on the same network segment. Set up a remote upload/download environment using FTP Ethernet interface 10.110.10.10/24...
  • Page 63 Installation Manual Chapter 5 Maintaining the H3C H3C SecPath F100-C Firewall SecPath F100-C II. Enabling FTP sever Follow these steps under the direction of service engineers: Step 1: Configure an authentication method. Note: You can configure AAA authentication as needed. For more information, refer to Operation Manual and Command Manual of this product.
  • Page 64 Boot ROM program Step 1: In the DOS environment, access the directory containing the application program/Boot ROM/configuration file. Execute the ftp command to set up an FTP connection with the H3C SecPath F100-C, for example: C:\version\ftp 10.110.10.10...
  • Page 65 Upon the completion of uploading, the prompt “ftp>” appears again. Enter dir to view the name and size of the uploaded file on the H3C SecPath F100-C. It has the same size as the original file on the host if the uploading is successful.
  • Page 66 Installation Manual Chapter 5 Maintaining the H3C H3C SecPath F100-C Firewall SecPath F100-C Caution: When using FTP to upgrade the application program, make sure that the firewall has enough flash memory. If the memory is not enough, you need to use the delete /unreserved command to permanently delete old version files or other files to save the memory space;...

  • Page 67: Modifying Boot Rom Password

    Installation Manual Chapter 5 Maintaining the H3C H3C SecPath F100-C Firewall SecPath F100-C IV. Detaching the Web file When the downloading using FTP is completed, the Web file is included in the application program. You need to detach it from the application program using the detach command.
  • Page 68 Installation Manual Chapter 5 Maintaining the H3C H3C SecPath F100-C Firewall SecPath F100-C Caution: To enter the Boot menu, you must press <Ctrl+D> within three seconds after the “System starts booting” prompt appears on the configuration terminal; otherwise, the system starts decompressing the program.

  • Page 69: Resetting A Lost Password

    5.7 Resetting a Lost Password Please contact support technicians if your Boot ROM password or user password of the H3C SecPath F100-C is lost. Then you can enter the H3C SecPath F100-C again with their assistance and set a new password.

  • Page 70: Chapter 6 Troubleshooting

    Symptom: Power LED is OFF. Solution: Check that The power switch of the H3C SecPath F100-C is turned on. The switch of the power source is turned on. The power cord of the H3C SecPath F100-C is properly connected. The correct power source is used.
  • Page 71 H3C SecPath F100-C Firewall Chapter 6 Troubleshooting I. Troubleshooting no display on terminal screen Symptom: Nothing is displayed on the terminal screen after the H3C SecPath F100-C is powered on. Solution: Step 1: Check that: The PSU is operating normally.
  • Page 72 Installation Manual H3C SecPath F100-C Firewall Chapter 6 Troubleshooting Reconfigure the parameters if they are not set to these values.

Table of Contents