Clavister SG10 Series Assembly instructions
Installation and Setup Guide
Clavister SG10 Series
Clavister AB
Torggatan 10
SE-891 33 Örnsköldsvik
SWEDEN
Phone: +46-660-299200
Fax: +46-660-12250
www.clavister.com
Build: 890
Published 2008-06-19
Copyright ©2008 Clavister AB
Installation and Setup Guide
Clavister SG10 Series
Published 2008-06-19
Build: 890
Copyright © 2008 Clavister AB
Copyright Notice
This publication, including all photographs, illustrations and software, is protected under
international copyright laws, with all rights reserved. Neither this manual, nor any of the material
contained herein, may be reproduced without written consent of the author.
Disclaimer
The information in this document is subject to change without notice. The manufacturer makes no
representations or warranties with respect to the contents hereof and specifically disclaim any
implied warranties of merchantability or fitness for any particular purpose. The manufacturer
reserves the right to revise this publication and to make changes from time to time in the content
hereof without obligation of the manufacturer to notify any person of such revision or changes.
Limitations of Liability
UNDER NO CIRCUMSTANCES SHALL CLAVISTER OR ITS SUPPLIERS BE LIABLE FOR
DAMAGES OF ANY CHARACTER (E.G. DAMAGES FOR LOSS OF PROFIT, SOFTWARE
RESTORATION, WORK STOPPAGE, LOSS OF SAVED DATA OR ANY OTHER
COMMERCIAL DAMAGES OR LOSSES) RESULTING FROM THE APPLICATION OR
IMPROPER USE OF THE CLAVISTER PRODUCT OR FAILURE OF THE PRODUCT, EVEN
IF CLAVISTER IS INFORMED OF THE POSSIBILITY OF SUCH DAMAGES.
FURTHERMORE, CLAVISTER WILL NOT BE LIABLE FOR THIRD-PARTY CLAIMS
AGAINST CUSTOMER FOR LOSSES OR DAMAGES. CLAVISTER WILL IN NO EVENT BE
LIABLE FOR ANY DAMAGES IN EXCESS OF THE AMOUNT CLAVISTER RECEIVED
FROM THE END-USER FOR THE PRODUCT.
Table of Contents
Preface ................................................................................................................ 5
1. Product Overview .............................................................................................. 6
1.1. Unpacking the Product ............................................................................. 6
1.2. Ports and Connectors ............................................................................... 7
2. Installation ......................................................................................................10
2.1. Installation Guidelines .............................................................................10
2.2. Connecting Power ..................................................................................11
2.3. Resetting to factory defaults .....................................................................12
3. Initial Setup .....................................................................................................14
3.1. Attaching Connectors ..............................................................................14
3.1.1. Connecting to a Network ...............................................................14
3.1.2. Connecting the Console Port ..........................................................14
3.2. Local RS232 Console Setup .....................................................................16
3.3. Finalizing the Configuration .....................................................................18
4. Warranty .........................................................................................................20
5. Safety .............................................................................................................22
6. Hardware Specifications ....................................................................................25
3
List of Figures
1.1. An Unpacked Clavister SG10 Series Appliance ..................................................... 6
1.2. Rear view of the Clavister SG10 Series. ............................................................... 7
1.3. SG10 Power and Device Status LEDs ................................................................. 8
1.4. SG10 Port Status LEDs .................................................................................... 8
2.1. SG3200 Rear View .........................................................................................11
2.2. SG10 Power Socket and Reset Button ................................................................11
3.1. A Typical SG10 Series Installation Setup ............................................................14
3.2. The SG10 Console Port ...................................................................................15
6.1. SG10 Series Dimensions and Weight .................................................................25
6.2. Regulatory and Safety Standards .......................................................................25
6.3. Environmental ...............................................................................................25
6.4. Power Specifications .......................................................................................25
4
Preface
Target Audience
The target audience for this guide is the user who has taken delivery of a packaged Clavister SG10
Series appliance. The guide takes the user from unpacking and installation of the device through to
power-up and initial network connection.
Text Structure
The text is divided into chapters and subsections. Numbered subsections are shown in the table of
contents at the beginning of the document.
Text links
Where a "See section" link is provided in the main text, this can be clicked on to take the reader
directly to that reference eg. see Chapter 6, Hardware Specifications.
Web links
Web links included in the document are clickable eg. http://www.clavister.com
Notes to the main text
Special sections of text which the reader should pay special attention to are indicated by icons on the
the left hand side of the page followed by a short paragraph in italicized text. There are the
following types of such sections:
Note
This indicates some piece of information that is an addition to the preceding text. It
may concern something that is being emphasised or something that is not obvious or
explicitly stated in the preceding text.
Tip
This indicates a piece of non-critical information that is useful to know in certain
situations but is not essential reading.
Caution
This indicates where the reader should be careful with their actions as an undesirable
situation may result if care is not exercised.
Important
This is an essential point that the reader should read and understand.
Warning
This is essential reading for the user as they should be aware that a serious situation
may result if certain actions are taken or not taken.
5
Chapter 1. Product Overview
• Unpacking the Product, page 6
• Ports and Connectors, page 7
1.1. Unpacking the Product
This section details the unpacking of the SG10 Series appliance. Open the packaging box used for
shipping and carefully unpack the contents. The box should contain the following:
1. The Clavister SG10 Series Appliance.
2. 1 x Ethernet cable.
3. CD-ROM containing:
• Clavister FineTune software.
• Clavister Logger software.
• Product documentation in PDF format.
4. Certificate of Authenticity
5. A printed "Quick Start Guide" to help to quickly get the appliance running.
Figure 1.1. An Unpacked Clavister SG10 Series Appliance
Note
If any items are missing from your package, please contact your reseller or distributor.
All PDF documentation can be freely downloaded from the Clavister website.
6
1.2. Ports and Connectors
This section is an overview of the hardware's external design and construction.
Figure 1.2. Rear view of the Clavister SG10 Series.
The SG10 features an RS232 console port on the far left. To the right are 6 Fast Ethernet interface
ports which can operate at 10Mb or 100Mb speeds. These ports are referred to by the administrator
using logical interface names. The first 4 ports are marked LAN 1 to LAN 4. The two ports at the
right are marked as AUX, and WAN. These ports fullfill the following functions:
WAN This port should be connected to the external wide area network (eg. the internet). It is
100Base-T or 10Base-T capable. The default interface name is wan.
AUX This port is also 100Base-T or 10Base-T capable. The default interface name is aux.
LAN 1-4 These ports are general purpose interfaces that connect to the main processor via a
switch chip which is common to all seven ports. All are designed to be connected to
internal networks. All 4 ports share a single default logical interface names which is
called lan. In other words any rule in the IP rule-set that uses lan as the source or
destination interface will apply to traffic on any of the physical ports LAN 1-4.
Ethernet Connection Limitations
With the SG10 Series there is a limit to how many devices can be connected via the ethernet ports.
This number is determined by the type of SG10 license purchased and the size of CorePlus ARP
table that the license allows.
Changing default interface names
The default logical interface names assigned to physical ports can be changed later by the SG10
Series appliance administrator. In the case of lan, changing this name will change the shared name
for physical ports LAN 1-4.
Important
Traffic that enters a SG10 Series device by one of the 4 general purpose interfaces
LAN1 to LAN4 and then leaves by another of those same 4 interfaces destined for the
same IP subnet, will not be subject to the CorePlus IP rule-set. This is because that
traffic will pass through the device's internal switch logic and it will be sent directly to
the destination interface by the switch.
Power and Status LEDs
1.2. Ports and Connectors Chapter 1. Product Overview
7
The front of the SG10 Series device features two LED lights at the left. One is for power, the other
indicates CorePlus status. The Power LED should be green when power is applied (see Section 2.2,
“Connecting Power”). The Status LED is dark during the CorePlus firmware loading sequence and
illuminates green when CorePlus is successfully loaded.
Figure 1.3. SG10 Power and Device Status LEDs
Port Status LEDs
The front of the SG10 has an LED which indicates the status of each port. These lights are either
dark or green. Green indicates that the link is established and flashing green indicates traffic on the
port.
Figure 1.4. SG10 Port Status LEDs
Port Status LEDs Chapter 1. Product Overview
8
Port Status LEDs Chapter 1. Product Overview
9
Chapter 2. Installation
• Installation Guidelines, page 10
• Connecting Power, page 11
• Resetting to factory defaults, page 12
2.1. Installation Guidelines
Follow these guidelines when installing your Clavister SG10 Series appliance:
• Make sure that the power source circuits are properly grounded, then use the power cord
supplied with the appliance to connect it to the power source.
• If your installation requires a different power cord than the one supplied with the appliance, be
sure to use a power cord displaying the mark of the safety agency that defines the regulations for
power cords in your country. The mark is your assurance that the power cord can be used safely
with the appliance.
• Ensure that the appliance does not overload the power circuits, wiring and over-current
protection. To determine the possibility of overloading the supply circuits, add together the
ampere ratings of all devices installed on the same circuit as the appliance and compare the total
with the rating limit for the circuit. The maximum ampere ratings are usually printed on the
devices near the AC power connectors.
• Do not install the appliance in an environment where the operating ambient temperature might
exceed the specified operating range (see Chapter 6, Hardware Specifications).
• Make sure that airflow around the sides and back of the appliance is not restricted.
Note
Detailed information concerning power supply range, operating temperature range
etc. can be found at the end of this publication in Chapter 6, Hardware Specifications.
Flat Surface Installation
The SG10 Series device can be mounted on any appropriate stable, flat, level surface that can safely
support the weight of the appliance and its attached cables.
Caution
Please ensure there is adequate space around the unit for ventilation and access to
operating switches and cable connectors. No other objects should be placed on top of
the unit.
10
2.2. Connecting Power
This section describes connecting power. Power should not actually be applied until after the local
console has been connected as described in Section 3.1.2, “Connecting the Console Port”. The
reason for this is that there is no On/Off switch on the SG10 Series and as soon as power is applied
the boot-up dialog sequence appears on the console screen.
Figure 2.1. SG3200 Rear View
Important
Please read the advisory concerning electrical safety in Chapter 5, Safety.
Figure 2.2. SG10 Power Socket and Reset Button
Connecting AC Power
To connect power, follow these steps:
1. Fit the power cord into the power adapter that comes with the SG10 Series.
2. Plug the power adapters power plug into the power receptacle on the back panel of the SG10
Series device.
3. Once a console has been connected to the unit, plus the other end of the cord into a power
outlet. There is no On/Off switch so the unit will boot up immediately resulting in startup
output to the console.
Protecting Against Power Surges
It is strongly recommended that the purchase and use of a separate surge protection
unit from a third party is considered to ensure that the hardware is protected from
damage by electrical power surges. Surge protection is particularly important in
locations subject to lightning strikes.
A surge protection unit should be installed exactly according to the manufacturer's
instructions as correct installation of such units is vital for their effectiveness.
2.2. Connecting Power Chapter 2. Installation
11
2.3. Resetting to factory defaults
In some unusual cases, it may be necessary to reset the SG10 Series device to the state it was in
when it left the factory.
The recessed button to the left of the power inlet on the back of the SG10 Series can be used to reset
the device to its factory defaults.
To reset to factory defaults:
1. Open a console display connected to the console port.
2. Power off the device by removing the power cable at the back.
3. Push in the reset button with a suitable pointed tip tool.
4. Hold the button in and at the same time re-apply power to the unit.
5. Continue holding in the button for at least 30 seconds longer after power is applied.
6. The console output will now indicate that the device has been reset to its factory defaults.
7. Release the button and the device can now be configured through the console as though it was
brand new.
8. The console password will also be reset to the factory default of no password, so this should be
re-entered to protect the console.
2.3. Resetting to factory defaults Chapter 2. Installation
12
2.3. Resetting to factory defaults Chapter 2. Installation
13
Chapter 3. Initial Setup
• Attaching Connectors, page 14
• Local RS232 Console Setup, page 16
• Finalizing the Configuration, page 18
3.1. Attaching Connectors
3.1.1. Connecting to a Network
The initial configuration of the SG10 Series device configures which Ethernet interface is to be used
for remote management. Any interface can be used for this purpose. The selected interface can also
be used for normal traffic.
The intended interface should be attached to the same network as the management server (or a
network accessible from the management server via one or more routers).
Connect the interface to a switch or hub in the network using a regular straight-through Ethernet
cable as illustrated below.
Figure 3.1. A Typical SG10 Series Installation Setup
The SG10 Series device can be connected directly to the network interface of the management
workstation without using any switch or hub, but in that case a crossover cable is required. On the
SG10, the LAN and WAN ports do not require a crossover cable.
3.1.2. Connecting the Console Port
The serial console port is an RS-232 port that enables a connection to a PC or terminal for
monitoring and initial configuration of the SG10 Series device. To use the console port, you need
the following equipment:
• A terminal or a (portable) computer with a serial port and the ability to emulate a terminal i.e.
using the Hyper Terminal software included in most Microsoft Windows installations). The
terminal should have the following settings: 9600 baud,No parity,8 bits,1 stop bit and No
14
Flow Control.
• An RS-232 cable with appropriate connectors. The SG10 Series package includes an RS-232
null-modem cable.
To connect a terminal to the console port, follow these steps:
1. Set the terminal protocol as described previously.
2. Connect one of the connectors on the RS-232 cable supplied, directly to the console port on the
SG10 Series device.
Figure 3.2. The SG10 Console Port
3. Connect the other end of the cable to the terminal or the serial connector of the computer
running the communications software.
3.1.2. Connecting the Console Port Chapter 3. Initial Setup
15
3.2. Local RS232 Console Setup
Make sure that a terminal (or a computer running terminal emulation software such as
Hyper-Terminal) is connected to the console port on the Clavister SG10 Series hardware as
described above in Section 3.1.2, “Connecting the Console Port”.
1. Having previously followed the instructions in Section 2.2, “Connecting Power”, the device
should now be powered up.
Note
The hardware will require a short amount of time go through it's initial power up
sequence and during this period there will be no output to the console.
When the appliance becomes operational, output similar to the following will appear on the
console:
2. Select the interface that you have chosen for communication with the management station.
Then press Enter to confirm your choice.
3. Enter the IP address you intend to use for the management interface and enter the appropriate
netmask and default gateway. It is also possible to specify a remote management network if it
is different from the local management interface subnet. Press Ctrl-S to save the settings and
continue.
Tip
When entering IP addresses, use the "." (period) key to move the console cursor
from one part of the IP address input field to the next.
The Default Gateway does not need to be specified if the management workstation is local. If,
3.2. Local RS232 Console Setup Chapter 3. Initial Setup
16
however, the management workstation is at least one router hop away from the appliance then
the Default Gateway needs to be specified so that the appropriate entry is placed in the
CorePlus routing table which is otherwise empty. Specifying the Remote Mangement Net is
also required if the management workstation is not local.
Note
It is possible to use DHCP on the interface.
4. The following will appear in the terminal window:
Press Yto start CorePlus.
5. You will the receive a confirmation message that CorePlus has successfully started as shown
below:
3.2. Local RS232 Console Setup Chapter 3. Initial Setup
17
3.3. Finalizing the Configuration
After intial setup, the user should refer to the companion publications found in PDF format on the
accompanying CD for information on how to begin to configure the SG10 Series device:
Clavister CorePlus
Administrators Guide This describes the general operation and control of the
CorePlus firmware, which is the Clavister proprietary
operating system that drives and controls the Clavister SG10
Series hardware. The document includes examples of how to
carry out typical adminstrative tasks such as setting up a
VPN, and how to use the SG10 Series in various scenarios.
Clavister FineTune
Administrators Guide FineTune is a software tool that provides the principal
management interface for the SG10 Series device. The
software runs on a Windows based PC workstation and is
used by the administrator to manage one or multiple Clavister
Security Gateways. This describes how to register your
Clavister license and set-up a first security policy.
Clavister CorePlus Log
Reference Guide This documents and describes all log messages that might be
generated by CorePlus during operation of the system.
Tip
All current publications can also be downloaded directly in PDF format from from
http://www.clavister.com.
3.3. Finalizing the Configuration Chapter 3. Initial Setup
18
3.3. Finalizing the Configuration Chapter 3. Initial Setup
19
Chapter 4. Warranty
Limited Warranty
Clavister warrants to the customer of the SG10 Series Appliance that the Hardware components will
be free from defects in material and workmanship under normal use for a period of two (2) years
from the Start Date (as defined below). The warranty will only apply to failure of the product if
Clavister is informed of the failure not later than two (2) years from the "Start Date" or thirty (30)
days after that the failure was or ought to have been noticed by the customer. The warranty will not
apply to products from which serial numbers have been removed or to defects resulting from
unauthorized modification, operation or storage outside the environmental specifications for the
product, in-transit damage, improper maintenance, defects resulting from use of third-party
software, accessories, media, supplies, consumables or such items not designed for use with the
product, or any other misuse. Any replacement Hardware will be warranted for the remainder of the
original warranty period or thirty days, whichever is longer.
Note that the term Start Date means the earlier of Product registration or ninety (90) days following
shipment from Clavister.
Obtaining Warranty Service
Warranty service may be obtained by contacting Clavister within the applicable warranty period,
and requesting a Return Material Authorization (RMA) number. If the product in question has not
been registered with the Clavister client web pages, then a proof of purchase (such as a copy of the
dated purchase invoice) must be provided. If Purchaser's circumstances require special handling of
warranty correction, then at the time of requesting the RMA number, the Purchaser may also
propose special procedures as may be suitable to the case.
After an RMA number is issued, the defective product must be packaged securely in the original or
other suitable shipping package to ensure that it will not be damaged in transit, and the RMA
number must be clearly marked on the outside of the package. The package must be mailed or
otherwise shipped to Clavister with all costs of mailing/shipping/insurance prepaid. Clavister shall
not be responsible for any of the Purchaser's software, firmware, information, or memory data
contained in, stored on, or integrated with any product returned to Clavister pursuant to this
warranty.
Any package returned to Clavister without an RMA number will be rejected and shipped back to the
Purchaser at the Purchaser's expense. Clavister reserves the right in such a case to levy a reasonable
handling charge in addition to mailing and or shipping costs.
To issue an Return Material Authorization (RMA) request for warranty or maintanence service for
any Clavister appliance product, please fill out the Clavister RMA request form which can be found
and submitted online at (clickable link):
http://www.clavister.com/support/support_rma_request.html
Should there be a problem with the online form then Clavister support can be contacted by email at:
mailto:[email protected].
The mail address is:
Clavister AB
Torggatan 10
891 27 ÖRNSKÖLDSVIK
SWEDEN
Details of the software procedures to follow when installing new hardware can be found in the
FineTune guide.
20
Table of contents
