Stonegate IPS-3200 Series Appliance Installation Manual

Hide thumbs

Table Of Contents

Table of Contents

Quick Links

Download this manual

IPS-3200 Series

Appliance Installation Guide

Table of Contents

Need help?

Do you have a question about the IPS-3200 Series and is the answer not in the manual?

Questions and answers

Summary of Contents for Stonegate IPS-3200 Series

Page 1 IPS-3200 Series Appliance Installation Guide...
Page 2 7,406,534; 7,461,401; 7,721,084; and 7,739,727 and may be protected by other EU, US, or other patents, or pending applications. Stonesoft, the Stonesoft logo and StoneGate, are all trademarks or registered trademarks of Stonesoft Corporation. All other trademarks or registered trademarks are property of their respective owners.
Page 3: Table Of Contents
Thank you for choosing a Stonesoft™ appliance. This guide provides instructions for the initial hardware installation and the maintenance of the IPS-3200 Series appliances. See Product Documentation (page 5) for information on other available documentation. The use of the appliance is subject to the acceptance of the End User License Agreement, which can be found at the Stonesoft website.
Page 4: Installation Procedure
I n s t a l l a t i o n P r o c e d u r e Note – You must have a working Management Center on a separate server to bring the appliance(s) operational. See the Stonesoft Management Center Installation Guide.
Page 5: Product Documentation
P r o d u c t D o c u m e n t a t i o n Press F1 in any Management Client window to view the Online Help. All PDF guides are available: • On the Management Center CD-ROM (in the Documentation folder) •...
Page 6: General Safety Precautions
• If you have to replace the motherboard battery, install it the same way as the original battery. Make sure that the positive side faces up on the motherboard. This battery must be replaced only with the same or an equivalent type recommended by the manufacturer. Dispose of used batteries according to the manufacturer's instructions.
Page 7: Esd Precautions
ESD Precautions Electrostatic discharge (ESD) is generated by two objects with different electrical charges coming into contact with each other. An electrical discharge is created to neutralize this difference, which can damage electronic components and printed circuit boards. Use a grounded wrist strap designed to prevent static discharge.
Page 8: Unpacking The Appliance
Lithium Battery Precautions Caution – The battery must be replaced by authorized service personnel only. Danger of explosion if battery is incorrectly replaced. Replacement battery must be same or equivalent type recommended by the manufacturer. Used batteries must be discarded according to the manufacturer’s instructions.
Page 9: Front Panel
Fr o n t P a n e l Slots for Interface Power Modules Button Indicators USB Ports SSD Drive Serial Port On the front panel, there are slots for the interface modules, a Solid State Disk (SSD) Drive, two USB ports, and a serial port. There are two more USB ports on the back panel of the appliance.
Page 10 LED Indicators The front panel has six LED indicators in the upper right corner. The LEDs provide you with critical information related to different parts of the system. Table 2 Front Panel LEDs Indicates that a power supply cable is detached. When flashing, indicates a fan failure.
Page 11 SSD Drive Indicators The indicators for the Solid State Disk (SSD) Drive are explained below. Power Disk Table 3 SSD Drive Indicators Indicator Status Explanation Power Blue A Solid State Disk is in the drive. Disk Unlit This indicator is not currently used. Front Panel...
Page 12: Back Panel
B a c k P a n e l AC or DC Power IPMI Port (Use Serial Port Connectors not supported (Not used) Two USB Ports VGA Port Ethernet Ports The connectors and ports on the back panel are explained in Connecting the Cables (page 21).
Page 13: Installing The Solid State Disk
I n s t a l l i n g t h e S o l i d S t a t e D i s k If the Solid State Disk (SSD) is not pre-installed in the appliance, you must first install the SSD.
Page 14: Installing Interface Modules
I n s t a l l i n g I n t e r f a c e M o d u l e s This section provides information on installing Stonesoft interface modules into the appliance. You must install an interface module or a placeholder module in each slot before you can make the appliance operational.
Page 15: Rack-Mounting
R a c k - M o u n t i n g This section provides information on installing the Stonesoft appliance into a rack unit. You can install the appliance into a two-post or a four- post rack unit. Caution –...
Page 16 • The appliance must be connected to a grounded power outlet. • Use a regulating uninterruptible power supply (UPS) to protect the appliance from power surges, voltage spikes and to keep your system operating in case of a power failure. •...
Page 17 Installing the Appliance Into a Two-Post Rack  To install the appliance into a two-post rack Locate the two rack-mounting brackets that are meant for the two- post rack installation. Locate the three pairs of supports on the side of the appliance and the corresponding holes on the brackets.
Page 18 Installing the Appliance Into a Four-Post Rack There are two sets of rails that you can use for installing the appliance into a four-post rack. The only difference is the length of the rails. This section explains the installation for both types of rails. ...
Page 19 Align the holes against its corresponding button. Once all are aligned, push the holes toward their corresponding buttons. Secure the rail to the appliance with a screw. Repeat steps 3-5 on the other side of the appliance. Insert the outer rails to the rack. If necessary, push the locking tab on the rail to retreat the outer rails.
Page 20 Line up the rear of the inner rails with the front of the extended outer rails. Slide the inner rails into the outer rails, keeping the pressure even on both sides (you may have to press the locking tabs when inserting).
Page 21: Connecting The Cables
C o n n e c t i n g t h e C a ble s Front Panel Interface Modules Back Panel IPMI Port (Use Serial Port not supported) (Not used) USB Ports VGA Port Ethernet Ports 0-1 The use of the IPMI (Intelligent Platform Management Interface) port on the back panel is not supported.
Page 22 • You are free to choose which Ethernet ports you connect to which network. The Ethernet ports are mapped to Interface IDs during the initial configuration. If you use a bypass interface module and you have configured inline interfaces, ports 0-1 and 2-3 are bypass pairs (fail-open ports).
Page 23 Cable Types Always use standard cabling methods with inline IPS: use crossover cables to connect the appliance to hosts and straight cables to connect the appliance to switches/hubs. Make sure that the copper cables are correctly rated (CAT 5e or CAT 6 in gigabit networks). See the IPS Reference Guide for more information on cabling.
Page 24 • We highly recommend using an uninterruptible power supply (UPS) to ensure continuous operation and minimize the risk of damage to the appliance in case of sudden loss of power. • For a truly redundant power supply, connect each power connector on the appliance to a different UPS, so that the failure of one UPS will not cut off the power to both power supplies.
Page 25: Initial Configuration
I n i t i a l C o n fi g u r a t i o n To start using the appliance, you must activate the network interfaces and establish a secure connection to the Management Server as outlined in the sections below.
Page 26 A list of the appliance partitions is shown. The currently active partition is highlighted. Press Enter. A list of available commands opens. Select Switch to Serial Console and press Enter. The appliance boots up with the serial console activated. • The keyboard and display console is now inactive and must be activated in a similar way before you can use it.
Page 27 • If the connection is successful, the appliance automatically reboots itself and the engine configuration is finished. If you configure the engine with a USB stick, you must set a password for the root account in the Management Client to enable command line access to the engine.
Page 28  To set the keyboard layout Highlight the entry field for Keyboard Layout using the arrow keys and press E . The Select Keyboard Layout dialog opens. NTER Highlight the correct layout and press E NTER Tip: Type in the first letter to move forward more quickly in the list of keyboard layouts.
Page 29 Select the correct timezone in the dialog that opens. Note – The timezone setting affects only the way the time is displayed on the engine command line. The actual operation always uses UTC time. Note – The appliance’s clock is automatically synchronized with the Management Server’s clock.
Page 30 Configuring the Network Interfaces  To map the physical interfaces to Interface IDs Type in the Interface IDs to define how physical interfaces are mapped to the Interface IDs you defined in the engine element. Highlight the Media column and press E to match the speed/ NTER duplex settings to those used in each network.
Page 31 the soft-bypass interface pair(s). In the example below interface 1 is soft-bypassed with interface 2. Note – Setting the appliance to the initial bypass state can be useful during IPS appliance deployment when bypass network interface pairs on the appliance are in the Normal mode. Initial bypass allows traffic to flow through the IPS appliance until the initial configuration is ready and an IPS policy is installed on the appliance.
Page 32  To activate the Initial Configuration Highlight Switch to Initial Configuration and press spacebar to activate. Fill in the IP Address, Netmask and Gateway to Management information according to your environment. • The information must match what you defined for the engine element (Primary Control IP Address).
Page 33 (Optional) Fill in the Key fingerprint (also shown when you saved the initial configuration). This increases the security of the communications. In the third part of the configuration, you select whether you want this engine to work as a Sensor, an Analyzer, or a combined Sensor-Analyzer (depending on the appliance you have purchased).
Page 34: Command-Line Management
the IPS Installation Guide for basic instructions or the Online Help of the Management Client for detailed instructions. Caution – When using the command prompt, use the reboot command to reboot and halt command to shut down the node. Do not use the init command.
Page 35 Reverting to Previously Installed Software Version This procedure allows you to undo a software upgrade. The appliance has two working partitions. One is designated as active and the other as inactive. The inactive partition is used for upgrades and the status is switched between the partitions when the upgrade is ready to be activated.
Page 36 Resetting the Appliance to Factory Settings Note – Perform a factory reset only if you have a specific need to do so. Consult Stonesoft Support before performing this operation if you are unsure of whether this operation is necessary or not. ...
Page 37 Locate the release tab on the left side of the power supply. Release Tab Handle Push the release tab to the right to release the power supply from its locking position. Pull out the power supply using the handle provided. Replace the power supply with a new one.
Page 38 Press the release button to release the lever that locks the disk into position. Lever Release button Pull the lever carefully to remove the disk from the drive. Press the release button on the new disk to release the lever. Insert the disk into the drive.
Page 39: Disposal Instructions
Removing SFP Transceivers If necessary, you can remove the SFP transceivers from the SFP ports. Caution – Invisible laser radiation is emitted from the end of fiber- optic cable and from fiber port. Do not stare into the beam and avoid direct exposure to the beam.
Page 40 StoneGate Appliance Installation Guide This booklet covers the initial installation and configuration tasks specific to your StoneGate Appliance. For information on how to prepare the Management Center for a new engine installation, see the other available documentation. See inside for fur ther details.