Clavister Sg4300 series User manual

Getting Started Guide

Clavister SG4300 Series

Clavister AB

Sjögatan 6J

SE-89160 Örnsköldsvik

SWEDEN

Phone: +46-660-299200

Fax: +46-660-12250

www.clavister.com

Build: 91006

Published 2009-09-29

Getting Started Guide

Clavister SG4300 Series

Published 2009-09-29

Build: 91006

This publication, including all photographs, illustrations and software, is protected under

contained herein, may be reproduced without written consent of the author.

Disclaimer

The information in this document is subject to change without notice. The manufacturer makes no

representations or warranties with respect to the contents hereof and specifically disclaim any

implied warranties of merchantability or fitness for any particular purpose. The manufacturer

reserves the right to revise this publication and to make changes from time to time in the content

hereof without obligation of the manufacturer to notify any person of such revision or changes.

Limitations of Liability

UNDER NO CIRCUMSTANCES SHALL CLAVISTER OR ITS SUPPLIERS BE LIABLE FOR

DAMAGES OF ANY CHARACTER (E.G. DAMAGES FOR LOSS OF PROFIT, SOFTWARE

RESTORATION, WORK STOPPAGE, LOSS OF SAVED DATA OR ANY OTHER

COMMERCIAL DAMAGES OR LOSSES) RESULTING FROM THE APPLICATION OR

IMPROPER USE OF THE CLAVISTER PRODUCT OR FAILURE OF THE PRODUCT, EVEN

IF CLAVISTER IS INFORMED OF THE POSSIBILITY OF SUCH DAMAGES.

FURTHERMORE, CLAVISTER WILL NOT BE LIABLE FOR THIRD-PARTY CLAIMS

AGAINST CUSTOMER FOR LOSSES OR DAMAGES. CLAVISTER WILL IN NO EVENT BE

LIABLE FOR ANY DAMAGES IN EXCESS OF THE AMOUNT CLAVISTER RECEIVED

FROM THE END-USER FOR THE PRODUCT.

Table of Contents

Preface ................................................................................................................ 5

1. Product Overview .............................................................................................. 6

1.1. Unpacking the Product ............................................................................. 6

1.2. Ports and Connectors ............................................................................... 8

1.3. The Keypad and Display ........................................................................... 9

2. Installation ......................................................................................................12

2.1. Installation Guidelines .............................................................................12

2.2. Installing SFP Modules ...........................................................................14

2.3. Console Port Connection .........................................................................16

2.4. Connecting Power ..................................................................................18

3. CorePlus Configuration ......................................................................................20

3.1. Management Workstation Connection ........................................................20

3.2. Web Interface and Wizard Setup ...............................................................24

3.3. Manual Web Interface Setup ....................................................................31

3.4. CLI Setup .............................................................................................46

3.5. Troubleshooting Setup ............................................................................54

3.6. Going Further with CorePlus ....................................................................56

4. Warranty Service ..............................................................................................59

A. SG4300 Series Specifications .............................................................................61

B. Declarations of Conformity ................................................................................62

C. Safety Precautions ............................................................................................64

D. Apple Mac IP Setup .........................................................................................67

List of Figures

1.1. An Unpacked Clavister SG4300 Series Appliance ................................................. 6

1.2. Front View of the Clavister SG4300 Series. .......................................................... 8

1.3. The SG4300 Series Keypad and Display .............................................................. 9

2.1. A Typical 1000 Base LX/SX Module .................................................................14

2.2. Installing a 1000 Base LX/SX Module ...............................................................14

2.3. A typical 1000 Base TX module ........................................................................14

2.4. Installing a 1000 Base TX Module .....................................................................15

2.5. The SG4300 Series RS-232 Console Port ............................................................16

A.1. SG4300 Series Dimensions, Weight and MTBF ..................................................61

A.2. Regulatory and Safety Standards ......................................................................61

A.3. Environmental ..............................................................................................61

A.4. Power Specifications ......................................................................................61

Preface

Target Audience

The target audience for this guide is the administrator who has taken delivery of a packaged

Clavister SG4300 Series appliance. The guide takes the user from unpacking and installation of the

device through to power-up, including network connections and initial CorePlus configuration.

Text Structure

The text is divided into chapters and subsections. Numbered subsections are shown in the table of

contents at the beginning of the document.

Text links

Where a "See section" link is provided in the main text, this can be clicked on to take the reader

directly to that reference. For example, see Section 3.5, “Troubleshooting Setup”.

Web links

Web links included in the document are clickable. For example, http://www.clavister.com.

Notes to the main text

Special sections of text which the reader should pay special attention to are indicated by icons on the

the left hand side of the page followed by a short paragraph in italicized text. There are the

following types of such sections:

Note

This indicates some piece of information that is an addition to the preceding text. It

may concern something that is being emphasised or something that is not obvious or

explicitly stated in the preceding text.

Tip

This indicates a piece of non-critical information that is useful to know in certain

situations but is not essential reading.

Caution

This indicates where the reader should be careful with their actions as an undesirable

situation may result if care is not exercised.

Important

This is an essential point that the reader should read and understand.

Warning

This is essential reading for the user as they should be aware that a serious situation

may result if certain actions are taken or not taken.

Chapter 1. Product Overview

• Unpacking the Product, page 6

• Ports and Connectors, page 8

• The Keypad and Display, page 9

1.1. Unpacking the Product

This section details the unpacking of the SG4300 Series appliance. Open the packaging box used for

shipping and carefully unpack the contents. The box should contain the following:

1. The Clavister SG4300 Series appliance.

2. A mounting kit for 19" racks . The side brackets for this kit are already attached but can be

removed for flat surface operation.

3. Attachable rubber feet for flat-surface mounting.

4. An Ethernet cable.

5. A RS-232 null-modem cable.

6. A Power cord.

7. A CD-ROM containing:

• Clavister software.

• Product documentation in PDF format.

Figure 1.1. An Unpacked Clavister SG4300 Series Appliance

Note

If any items are missing from your package, please contact your reseller or distributor.

All PDF documentation can be freely downloaded from the Clavister website.

1.1. Unpacking the Product Chapter 1. Product Overview

1.2. Ports and Connectors

This section is an overview of the SG4300 Series product's external design.

Figure 1.2. Front View of the Clavister SG4300 Series.

The SG4300 Series features a number of connection ports. On the far right is the RS-232 console

port and an LED display screen. To the left of these are a set of 10 Ethernet ports.

Each Ethernet port has equal operational capacity and corresponds to a logical interface in the

CorePlus software configuration. Going from left to right the Ethernet ports are:

•4 x Small Form Pluggable (SFP) Ethernet ports with logical interface names sfp1 to sfp4.

These are for Gigabit Ethernet links only.

On the right of the SFP ports are a line of 4 LEDs which show SFP port status. These are

illuminated green when a link is established.

•6 x RJ45 Gigabit Ethernet ports with logical interface names ge1 to ge6. These connections

are capable of link speed auto-negotiation and can therefore operate with 10Base-T,

100Base-Tx, or 1000Base-T.

Status lights are located at the top-right and top-left of the port. The top-left light flashes green

to indicate data traffic. The top-right light is: not lit if the link is 10 Mb, green if 100 Mb, yellow

if 1 Gb.

USB Ports

Next to the RS-232 port are 2 USB ports. These ports are not used with the current version of

CorePlus. The ports are intended for use with features planned for future CorePlus versions and are

provided so that no hardware upgrade will be required in order to make use of those features after a

software upgrade.

1.2. Ports and Connectors Chapter 1. Product Overview

1.3. The Keypad and Display

The SG4300 Series features a keypad and display on the right hand front side of the hardware

consisting of an LED display and 4 navigation buttons. The buttons are used to either move

forwards or backwards through a sequential list of parameters which are always shown on the

display while the power is on.

Pressing either the Right or Top button will take you forwards in the display sequence. Pressing

either the Left or Bottom button will take you backwards in the sequence. When the end of the

information sequence is reached, it cycles back to the begining.

Figure 1.3. The SG4300 Series Keypad and Display

The sequence of information that is shown in the LED display is as follows:

•Hardware Model information.

The model of the hardware is shown.

•Status Information

This displays the message Running to indicate normal operation. If CorePlus is in 2 hour

demonstration mode then this is indicated along with how much time is left before timeout. If

CorePlus is in lockdown mode then this is shown.

•CPU and Connections

This shows the CPU load and the total number of current state engine connections.

•Data Throughput Information

The data throughput of the Clavister Security Gateway in bits per second and packets per second

is shown. This is the total volume of all data traffic forwarded through the security gateway over

a one second interval.

These values are for raw data and include any overhead incurred with protocols such as IPsec.

The actual throughput of, for example, unencrypted data flowing inside VPN tunnels, may be

marginally less.

•High Availability

This shows the HA mode (master or slave) and the HA status (active or passive).

If the SG4300 Series is not part of a high availability cluster, this information is skipped.

•Time Information

The date and time currently set in the hardware system clock is shown. If this is incorrect, it

should be corrected through one of the administration interfaces.

•Memory Information

1.3. The Keypad and Display Chapter 1. Product Overview

This shows the current uptime (time since last restart), the total hardware RAM memory

available to CorePlus and the current memory usage.

•Anti-Virus Information

This shows the current signature count in the Anti-Virus database and the time of the last

database update.

If the CorePlus Anti-Virus subsystem is not activated, this information is skipped.

•Interface Information

This consists of multiple display sets of information, one for each physical Ethernet interface

present. The information displayed for each interface is:

i. The logical CorePlus interface name.

ii. The current linkspeed.

iii. If the link is full-duplex (FD) or half-duplex (HD). This is not shown if the linkspeed is

Gigabit since it will always be full-duplex.

iv. The IP address assigned to the interface.

•Hardware Monitor Information

This information consists of multiple sets of information, one for each sensor. Sensor

information shows operating temperatures and fan speeds.

Hardware monitoring must be enabled through one of the administration interfaces for this to be

shown otherwise this information is skipped.

•CorePlus Version

This shows the version of CorePlus which is currently running.

After the CorePlus version is displayed, going forward will cycle back to the first information

displayed in the sequence which is the hardware model.

1.3. The Keypad and Display Chapter 1. Product Overview

Chapter 2. Installation

• Installation Guidelines, page 12

• Installing SFP Modules, page 14

• Console Port Connection, page 16

• Connecting Power, page 18

2.1. Installation Guidelines

Follow these guidelines when installing your Clavister SG4300 Series appliance:

• Take notice of the safety guidelines laid out in Appendix C, Safety Precautions. These are

specified in multiple languages.

• Make sure that the power source circuits are properly grounded, then use the power cord

supplied with the appliance to connect it to the power source.

• If your installation requires a different power cord than the one supplied with the appliance, be

sure to use a power cord displaying the mark of the safety agency that defines the regulations for

power cords in your country. The mark is your assurance that the power cord can be used safely

with the appliance.

• Ensure that the appliance does not overload the power circuits, wiring and over-current

protection. To determine the possibility of overloading the supply circuits, add together the

ampere ratings of all devices installed on the same circuit as the appliance and compare the total

with the rating limit for the circuit. The maximum ampere ratings are usually printed on the

devices near the AC power connectors.

• Do not install the appliance in an environment where the operating ambient temperature might

exceed the specified operating range (see Appendix A, SG4300 Series Specifications).

• Make sure that airflow around the sides and back of the appliance is not restricted.

Note

Detailed information concerning power supply range, operating temperature range

etc. can be found at the end of this publication in Appendix A, SG4300 Series

Specifications.

Flat Surface Installation

The SG4300 Series can be mounted on any appropriate stable, flat, level surface that can safely

support the weight of the appliance and its attached cables.

Rubber feet on the SG4300 Series unit are attached to the underside of the appliance for operation

on a flat surface. This protects both the surface and the appliance from external damage as well as

allowing air to circulate underneath the hardware during operation.

The fitted side brackets for rack installation can be removed by unscrewing the retaining screws.

Caution

Please ensure there is adequate space around the hardware for ventilation and access

to operating switches and cable connectors. No other objects should be placed on top

of the hardware.

Rack Installation

A rack mounted Clavister Security Gateway can be installed in most standard 19" equipment racks.

To do this, fasten the appliance with screws suitable for the kind of rack you are using. The

following mounting guidelines should be followed:

• A rack or cabinet used for mounting should be adequately secured to prevent it from becoming

unstable and/or falling over.

• Devices installed in a rack or cabinet should be mounted as low as possible, with the heaviest

devices at the bottom and progressively lighter devices installed above.

Note

SG4300 Series devices come with rack-mounting brackets already attached to the unit.

2.1. Installation Guidelines Chapter 2. Installation

2.2. Installing SFP Modules

Small Form Pluggable (SFP) modules come in different forms from different manufacturers. Shown

below are some typical units. The SG4300 Series does not come as standard with SFP modules and

these must be purchased separately.

Installation of different types SFP units is usually done in a similar way. With the units shown, the

modules are inserted into sockets with the label facing upwards. The module slides gently into

position by pressing inwards.

Figure 2.1. A Typical 1000 Base LX/SX Module

Figure 2.2. Installing a 1000 Base LX/SX Module

Figure 2.3. A typical 1000 Base TX module

2.2. Installing SFP Modules Chapter 2. Installation

Figure 2.4. Installing a 1000 Base TX Module

Note

The installation images above do not feature the SG4300 Series. However, the SFP

installation principles are the same on all Clavister hardware models.

2.2. Installing SFP Modules Chapter 2. Installation

2.3. Console Port Connection

The serial console port is an RS-232 port on the SG4300 Series hardware that allows direct

connection to a serial console, either from a separate computer running console emulation software

or from a console terminal. This console can then be used for both management of CorePlus with

CLI commands or to enter the boot menu to access SG4300 Series firmware loader options.

Tip: Skip this section for now if the web interface is used

This section can be initially skipped if initial CorePlus setup is done with the CorePlus

Web Interface since neither the boot menu or CLI interface will be needed..

Figure 2.5. The SG4300 Series RS-232 Console Port

Issuing CLI Commands

CLI commands can be issued via the RS-232 console port for both initial CorePlus setup as well as

for ongoing system administration.

The RS-232 console port need not be used if setup is done through a web browser as described in

Section 3.2, “Web Interface and Wizard Setup”. If the RS-232 port is used for setup, no password is

initially needed and the CLI commands required are described in Section 3.4, “CLI Setup”.

Note: Setting a console password

The serial console password need not be set in which case anyone with physical access

to the serial console could have full administrator rights.

However, if the SG4300 Series is not placed in a secure area, it can be advisable to set

the console password. This is done using the console boot menu and more detail on

this topic can be found in the CorePlus Administrators Guide.

An alternative to using the console port for CLI access is to connect via a physical Ethernet interface

and using a Secure Shell (SSH) client on the workstation to issue CLI commands.

Equipment Required for Console Connection

To use the console port, the following is needed:

• A terminal or a computer with a serial port and the ability to emulate a terminal (for instance, the

Hyper Terminal software included with some Microsoft Windows distributions could be used).

• The terminal console should have the following settings:

• 9600 bps.

• No parity.

2.3. Console Port Connection Chapter 2. Installation

• 8 bits.

• 1 stop bit.

• No flow control.

• An RS-232 cable with appropriate terminating connectors. The SG4300 Series package includes

an RS-232 null-modem cable.

Connection Steps

To connect a terminal to the console port, follow these steps:

1. Check that the console connection settings are configured as described above.

2. Connect one of the connectors on the RS-232 cable supplied, directly to the console port on the

SG4300 Series.

3. Connect the other end of the cable to the terminal or the serial connector of the computer

running the communications software.

2.3. Console Port Connection Chapter 2. Installation

2.4. Connecting Power

This section describes connecting power to the SG4300 Series. Only an AC power source is

supported by the product.

Power should not actually be switched on to the hardware until after the local console has been

connected as described in Section 2.3, “Console Port Connection”. The reason for this is that as

soon as power is applied the boot-up dialog sequence will appear on the console screen.

Important

Please read the advisory information concerning electrical safety in Appendix C,

Safety Precautions.

Connecting AC Power

To connect power, follow these steps:

1. Plug one end of the power adapter's power cord into the power receptacle on the back panel of

the SG4300 Series.

2. Plug the other end of the power cord into a grounded power outlet.

3. Power on the appliance using the On/Off switch at the back of the unit.

4. The SG4300 Series will boot up and CorePlus will start. After some minutes, the unit will be

ready for connection through either the Web Interface or through the CLI.

Important: Protecting Against Power Surges

It is strongly recommended that the purchase and use of a separate surge protection

unit from a third party is considered to ensure that the hardware is protected from

damage by electrical power surges. Surge protection is particularly important in

geographic locations where lightning strikes are more likely.

A surge protection unit should be installed exactly according to the manufacturer's

instructions since correct installation of such units is vital for them to be effective.

2.4. Connecting Power Chapter 2. Installation

Chapter 3. CorePlus Configuration

• Management Workstation Connection, page 20

• Web Interface and Wizard Setup, page 24

• Manual Web Interface Setup, page 31

• CLI Setup, page 46

• Troubleshooting Setup, page 54

• Going Further with CorePlus, page 56

3.1. Management Workstation Connection

CorePlus is Pre-installed on Clavister Hardware

It is assumed you have now unpacked, positioned and powered up the SG4300 Series unit. If not,

you should refer to the earlier chapters in this manual before continuing. CorePlus is already

installed on the SG4300 Series in the factory and will automatically boot up after switching on

power to the hardware.

The Default Management Interface

After first time startup, CorePlus scans the available Ethernet interfaces and makes management

access available on the first interface found and assigns the internal IP address 192.168.1.1 to it.

For the SG4300 Series, this is the ge1 interface.

Alternative CorePlus Setup Methods

Initial CorePlus software configuration can be done in one of the following ways:

•Through a web browser.

A standard web browser running on a standalone computer (also referred to as the management

workstation) can be used to access the CorePlus Web Interface. This provides an intuitive

graphical interface for CorePlus management. When this interface is accessed for the first time,

asetup wizard runs automatically to guide a new user through key setup steps. The wizard can

be closed if the administrator wishes to go directly to the Web Interface to perform setup

manually.

The wizard is recommended for its simplification of initial setup and is described in detail in

Section 3.2, “Web Interface and Wizard Setup”.

•Through a terminal console using CLI commands.

The setup process can alternatively be performed using console CLI commands and this is

described in Section 3.4, “CLI Setup”. The CLI allows step by step control of setup and should

be used by administrators who fully understand both the CLI and setup process.

CLI access can be remote, across a network to a physical interface using a similar connection to

that used with the Web Interface. Alternatively, CLI access can be through a console connected

directly to the local RS-232 port on the SG4300 Series hardware. Direct console connection is

described in Section 2.3, “Console Port Connection”.

Table of contents

Other Clavister Network Hardware manuals

Clavister

Clavister NetWall 6000 Series User manual

Clavister

Clavister Eagle E5 User manual

Clavister

Clavister SG4500 Series User manual

Clavister

Clavister SG50 Series User manual

Clavister

Clavister NetWall W20A User manual

Clavister

Clavister SG3200 Series User manual

Clavister

Clavister NetWall E80B User manual

Popular Network Hardware manuals by other brands

Checkpoint

Checkpoint Smart-1 205 Getting started guide

HIK VISION

HIK VISION HWN-2104H-4P user manual

Checkpoint

Checkpoint CPAC-Falcon-10G-B Administration guide

HIK VISION

HIK VISION DS-7608NI-K2/8P/4G user manual

HIK VISION

HIK VISION DS-7100NI-K1/W/M Series quick start guide

Black Box

Black Box USB Director RS-232 Specifications

AirLive

AirLive XPON ONU-1GE Quick installation guide

Planet

Planet EPL-2000 user manual

HIK VISION

HIK VISION UD.6L0202B1986A01 quick start guide

Baicells

Baicells Nova-436Q installation guide

AVPro Edge

AVPro Edge AC-MXNET-10G-CBOX quick start guide

I-Tech

I-Tech IT-N2100 Series user manual

M-TI

M-TI BR5811 user manual

Silver Peak

Silver Peak Unity EdgeConnect EC-XS quick start guide

HIK VISION

HIK VISION DS-MP7608HN Series user manual

HIK VISION

HIK VISION DS-K3BC411X Series quick start guide

I-View

I-View NX-4 user manual

Tripp Lite

Tripp Lite SNMPWEBSOLO Installation and quick start guide

Clavister SG4300 Series User manual

Popular Network Hardware manuals by other brands