Clavister SG4300 Series User manual
Getting Started Guide
Clavister SG4300 Series
Clavister AB
Sjögatan 6J
SE-89160 Örnsköldsvik
SWEDEN
Phone: +46-660-299200
Fax: +46-660-12250
www.clavister.com
Build: 91006
Published 2009-09-29
Copyright ©2009 Clavister AB
Getting Started Guide
Clavister SG4300 Series
Published 2009-09-29
Build: 91006
Copyright © 2009 Clavister AB
Copyright Notice
This publication, including all photographs, illustrations and software, is protected under
international copyright laws, with all rights reserved. Neither this manual, nor any of the material
contained herein, may be reproduced without written consent of the author.
Disclaimer
The information in this document is subject to change without notice. The manufacturer makes no
representations or warranties with respect to the contents hereof and specifically disclaim any
implied warranties of merchantability or fitness for any particular purpose. The manufacturer
reserves the right to revise this publication and to make changes from time to time in the content
hereof without obligation of the manufacturer to notify any person of such revision or changes.
Limitations of Liability
UNDER NO CIRCUMSTANCES SHALL CLAVISTER OR ITS SUPPLIERS BE LIABLE FOR
DAMAGES OF ANY CHARACTER (E.G. DAMAGES FOR LOSS OF PROFIT, SOFTWARE
RESTORATION, WORK STOPPAGE, LOSS OF SAVED DATA OR ANY OTHER
COMMERCIAL DAMAGES OR LOSSES) RESULTING FROM THE APPLICATION OR
IMPROPER USE OF THE CLAVISTER PRODUCT OR FAILURE OF THE PRODUCT, EVEN
IF CLAVISTER IS INFORMED OF THE POSSIBILITY OF SUCH DAMAGES.
FURTHERMORE, CLAVISTER WILL NOT BE LIABLE FOR THIRD-PARTY CLAIMS
AGAINST CUSTOMER FOR LOSSES OR DAMAGES. CLAVISTER WILL IN NO EVENT BE
LIABLE FOR ANY DAMAGES IN EXCESS OF THE AMOUNT CLAVISTER RECEIVED
FROM THE END-USER FOR THE PRODUCT.
Table of Contents
Preface ................................................................................................................ 5
1. Product Overview .............................................................................................. 6
1.1. Unpacking the Product ............................................................................. 6
1.2. Ports and Connectors ............................................................................... 8
1.3. The Keypad and Display ........................................................................... 9
2. Installation ......................................................................................................12
2.1. Installation Guidelines .............................................................................12
2.2. Installing SFP Modules ...........................................................................14
2.3. Console Port Connection .........................................................................16
2.4. Connecting Power ..................................................................................18
3. CorePlus Configuration ......................................................................................20
3.1. Management Workstation Connection ........................................................20
3.2. Web Interface and Wizard Setup ...............................................................24
3.3. Manual Web Interface Setup ....................................................................31
3.4. CLI Setup .............................................................................................46
3.5. Troubleshooting Setup ............................................................................54
3.6. Going Further with CorePlus ....................................................................56
4. Warranty Service ..............................................................................................59
A. SG4300 Series Specifications .............................................................................61
B. Declarations of Conformity ................................................................................62
C. Safety Precautions ............................................................................................64
D. Apple Mac IP Setup .........................................................................................67
3
List of Figures
1.1. An Unpacked Clavister SG4300 Series Appliance ................................................. 6
1.2. Front View of the Clavister SG4300 Series. .......................................................... 8
1.3. The SG4300 Series Keypad and Display .............................................................. 9
2.1. A Typical 1000 Base LX/SX Module .................................................................14
2.2. Installing a 1000 Base LX/SX Module ...............................................................14
2.3. A typical 1000 Base TX module ........................................................................14
2.4. Installing a 1000 Base TX Module .....................................................................15
2.5. The SG4300 Series RS-232 Console Port ............................................................16
A.1. SG4300 Series Dimensions, Weight and MTBF ..................................................61
A.2. Regulatory and Safety Standards ......................................................................61
A.3. Environmental ..............................................................................................61
A.4. Power Specifications ......................................................................................61
4
Preface
Target Audience
The target audience for this guide is the administrator who has taken delivery of a packaged
Clavister SG4300 Series appliance. The guide takes the user from unpacking and installation of the
device through to power-up, including network connections and initial CorePlus configuration.
Text Structure
The text is divided into chapters and subsections. Numbered subsections are shown in the table of
contents at the beginning of the document.
Text links
Where a "See section" link is provided in the main text, this can be clicked on to take the reader
directly to that reference. For example, see Section 3.5, “Troubleshooting Setup”.
Web links
Web links included in the document are clickable. For example, http://www.clavister.com.
Notes to the main text
Special sections of text which the reader should pay special attention to are indicated by icons on the
the left hand side of the page followed by a short paragraph in italicized text. There are the
following types of such sections:
Note
This indicates some piece of information that is an addition to the preceding text. It
may concern something that is being emphasised or something that is not obvious or
explicitly stated in the preceding text.
Tip
This indicates a piece of non-critical information that is useful to know in certain
situations but is not essential reading.
Caution
This indicates where the reader should be careful with their actions as an undesirable
situation may result if care is not exercised.
Important
This is an essential point that the reader should read and understand.
Warning
This is essential reading for the user as they should be aware that a serious situation
may result if certain actions are taken or not taken.
5
Chapter 1. Product Overview
• Unpacking the Product, page 6
• Ports and Connectors, page 8
• The Keypad and Display, page 9
1.1. Unpacking the Product
This section details the unpacking of the SG4300 Series appliance. Open the packaging box used for
shipping and carefully unpack the contents. The box should contain the following:
1. The Clavister SG4300 Series appliance.
2. A mounting kit for 19" racks . The side brackets for this kit are already attached but can be
removed for flat surface operation.
3. Attachable rubber feet for flat-surface mounting.
4. An Ethernet cable.
5. A RS-232 null-modem cable.
6. A Power cord.
7. A CD-ROM containing:
• Clavister software.
• Product documentation in PDF format.
Figure 1.1. An Unpacked Clavister SG4300 Series Appliance
Note
If any items are missing from your package, please contact your reseller or distributor.
All PDF documentation can be freely downloaded from the Clavister website.
6
1.1. Unpacking the Product Chapter 1. Product Overview
7
1.2. Ports and Connectors
This section is an overview of the SG4300 Series product's external design.
Figure 1.2. Front View of the Clavister SG4300 Series.
The SG4300 Series features a number of connection ports. On the far right is the RS-232 console
port and an LED display screen. To the left of these are a set of 10 Ethernet ports.
Each Ethernet port has equal operational capacity and corresponds to a logical interface in the
CorePlus software configuration. Going from left to right the Ethernet ports are:
•4 x Small Form Pluggable (SFP) Ethernet ports with logical interface names sfp1 to sfp4.
These are for Gigabit Ethernet links only.
On the right of the SFP ports are a line of 4 LEDs which show SFP port status. These are
illuminated green when a link is established.
•6 x RJ45 Gigabit Ethernet ports with logical interface names ge1 to ge6. These connections
are capable of link speed auto-negotiation and can therefore operate with 10Base-T,
100Base-Tx, or 1000Base-T.
Status lights are located at the top-right and top-left of the port. The top-left light flashes green
to indicate data traffic. The top-right light is: not lit if the link is 10 Mb, green if 100 Mb, yellow
if 1 Gb.
USB Ports
Next to the RS-232 port are 2 USB ports. These ports are not used with the current version of
CorePlus. The ports are intended for use with features planned for future CorePlus versions and are
provided so that no hardware upgrade will be required in order to make use of those features after a
software upgrade.
1.2. Ports and Connectors Chapter 1. Product Overview
8
1.3. The Keypad and Display
The SG4300 Series features a keypad and display on the right hand front side of the hardware
consisting of an LED display and 4 navigation buttons. The buttons are used to either move
forwards or backwards through a sequential list of parameters which are always shown on the
display while the power is on.
Pressing either the Right or Top button will take you forwards in the display sequence. Pressing
either the Left or Bottom button will take you backwards in the sequence. When the end of the
information sequence is reached, it cycles back to the begining.
Figure 1.3. The SG4300 Series Keypad and Display
The sequence of information that is shown in the LED display is as follows:
•Hardware Model information.
The model of the hardware is shown.
•Status Information
This displays the message Running to indicate normal operation. If CorePlus is in 2 hour
demonstration mode then this is indicated along with how much time is left before timeout. If
CorePlus is in lockdown mode then this is shown.
•CPU and Connections
This shows the CPU load and the total number of current state engine connections.
•Data Throughput Information
The data throughput of the Clavister Security Gateway in bits per second and packets per second
is shown. This is the total volume of all data traffic forwarded through the security gateway over
a one second interval.
These values are for raw data and include any overhead incurred with protocols such as IPsec.
The actual throughput of, for example, unencrypted data flowing inside VPN tunnels, may be
marginally less.
•High Availability
This shows the HA mode (master or slave) and the HA status (active or passive).
If the SG4300 Series is not part of a high availability cluster, this information is skipped.
•Time Information
The date and time currently set in the hardware system clock is shown. If this is incorrect, it
should be corrected through one of the administration interfaces.
•Memory Information
1.3. The Keypad and Display Chapter 1. Product Overview
9
This shows the current uptime (time since last restart), the total hardware RAM memory
available to CorePlus and the current memory usage.
•Anti-Virus Information
This shows the current signature count in the Anti-Virus database and the time of the last
database update.
If the CorePlus Anti-Virus subsystem is not activated, this information is skipped.
•Interface Information
This consists of multiple display sets of information, one for each physical Ethernet interface
present. The information displayed for each interface is:
i. The logical CorePlus interface name.
ii. The current linkspeed.
iii. If the link is full-duplex (FD) or half-duplex (HD). This is not shown if the linkspeed is
Gigabit since it will always be full-duplex.
iv. The IP address assigned to the interface.
•Hardware Monitor Information
This information consists of multiple sets of information, one for each sensor. Sensor
information shows operating temperatures and fan speeds.
Hardware monitoring must be enabled through one of the administration interfaces for this to be
shown otherwise this information is skipped.
•CorePlus Version
This shows the version of CorePlus which is currently running.
After the CorePlus version is displayed, going forward will cycle back to the first information
displayed in the sequence which is the hardware model.
1.3. The Keypad and Display Chapter 1. Product Overview
10
1.3. The Keypad and Display Chapter 1. Product Overview
11
Chapter 2. Installation
• Installation Guidelines, page 12
• Installing SFP Modules, page 14
• Console Port Connection, page 16
• Connecting Power, page 18
2.1. Installation Guidelines
Follow these guidelines when installing your Clavister SG4300 Series appliance:
• Take notice of the safety guidelines laid out in Appendix C, Safety Precautions. These are
specified in multiple languages.
• Make sure that the power source circuits are properly grounded, then use the power cord
supplied with the appliance to connect it to the power source.
• If your installation requires a different power cord than the one supplied with the appliance, be
sure to use a power cord displaying the mark of the safety agency that defines the regulations for
power cords in your country. The mark is your assurance that the power cord can be used safely
with the appliance.
• Ensure that the appliance does not overload the power circuits, wiring and over-current
protection. To determine the possibility of overloading the supply circuits, add together the
ampere ratings of all devices installed on the same circuit as the appliance and compare the total
with the rating limit for the circuit. The maximum ampere ratings are usually printed on the
devices near the AC power connectors.
• Do not install the appliance in an environment where the operating ambient temperature might
exceed the specified operating range (see Appendix A, SG4300 Series Specifications).
• Make sure that airflow around the sides and back of the appliance is not restricted.
Note
Detailed information concerning power supply range, operating temperature range
etc. can be found at the end of this publication in Appendix A, SG4300 Series
Specifications.
Flat Surface Installation
The SG4300 Series can be mounted on any appropriate stable, flat, level surface that can safely
support the weight of the appliance and its attached cables.
Rubber feet on the SG4300 Series unit are attached to the underside of the appliance for operation
on a flat surface. This protects both the surface and the appliance from external damage as well as
allowing air to circulate underneath the hardware during operation.
The fitted side brackets for rack installation can be removed by unscrewing the retaining screws.
Caution
Please ensure there is adequate space around the hardware for ventilation and access
to operating switches and cable connectors. No other objects should be placed on top
of the hardware.
12
Rack Installation
A rack mounted Clavister Security Gateway can be installed in most standard 19" equipment racks.
To do this, fasten the appliance with screws suitable for the kind of rack you are using. The
following mounting guidelines should be followed:
• A rack or cabinet used for mounting should be adequately secured to prevent it from becoming
unstable and/or falling over.
• Devices installed in a rack or cabinet should be mounted as low as possible, with the heaviest
devices at the bottom and progressively lighter devices installed above.
Note
SG4300 Series devices come with rack-mounting brackets already attached to the unit.
2.1. Installation Guidelines Chapter 2. Installation
13
2.2. Installing SFP Modules
Small Form Pluggable (SFP) modules come in different forms from different manufacturers. Shown
below are some typical units. The SG4300 Series does not come as standard with SFP modules and
these must be purchased separately.
Installation of different types SFP units is usually done in a similar way. With the units shown, the
modules are inserted into sockets with the label facing upwards. The module slides gently into
position by pressing inwards.
Figure 2.1. A Typical 1000 Base LX/SX Module
Figure 2.2. Installing a 1000 Base LX/SX Module
Figure 2.3. A typical 1000 Base TX module
2.2. Installing SFP Modules Chapter 2. Installation
14
Figure 2.4. Installing a 1000 Base TX Module
Note
The installation images above do not feature the SG4300 Series. However, the SFP
installation principles are the same on all Clavister hardware models.
2.2. Installing SFP Modules Chapter 2. Installation
15
2.3. Console Port Connection
The serial console port is an RS-232 port on the SG4300 Series hardware that allows direct
connection to a serial console, either from a separate computer running console emulation software
or from a console terminal. This console can then be used for both management of CorePlus with
CLI commands or to enter the boot menu to access SG4300 Series firmware loader options.
Tip: Skip this section for now if the web interface is used
This section can be initially skipped if initial CorePlus setup is done with the CorePlus
Web Interface since neither the boot menu or CLI interface will be needed..
Figure 2.5. The SG4300 Series RS-232 Console Port
Issuing CLI Commands
CLI commands can be issued via the RS-232 console port for both initial CorePlus setup as well as
for ongoing system administration.
The RS-232 console port need not be used if setup is done through a web browser as described in
Section 3.2, “Web Interface and Wizard Setup”. If the RS-232 port is used for setup, no password is
initially needed and the CLI commands required are described in Section 3.4, “CLI Setup”.
Note: Setting a console password
The serial console password need not be set in which case anyone with physical access
to the serial console could have full administrator rights.
However, if the SG4300 Series is not placed in a secure area, it can be advisable to set
the console password. This is done using the console boot menu and more detail on
this topic can be found in the CorePlus Administrators Guide.
An alternative to using the console port for CLI access is to connect via a physical Ethernet interface
and using a Secure Shell (SSH) client on the workstation to issue CLI commands.
Equipment Required for Console Connection
To use the console port, the following is needed:
• A terminal or a computer with a serial port and the ability to emulate a terminal (for instance, the
Hyper Terminal software included with some Microsoft Windows distributions could be used).
• The terminal console should have the following settings:
• 9600 bps.
• No parity.
2.3. Console Port Connection Chapter 2. Installation
16
• 8 bits.
• 1 stop bit.
• No flow control.
• An RS-232 cable with appropriate terminating connectors. The SG4300 Series package includes
an RS-232 null-modem cable.
Connection Steps
To connect a terminal to the console port, follow these steps:
1. Check that the console connection settings are configured as described above.
2. Connect one of the connectors on the RS-232 cable supplied, directly to the console port on the
SG4300 Series.
3. Connect the other end of the cable to the terminal or the serial connector of the computer
running the communications software.
2.3. Console Port Connection Chapter 2. Installation
17
2.4. Connecting Power
This section describes connecting power to the SG4300 Series. Only an AC power source is
supported by the product.
Power should not actually be switched on to the hardware until after the local console has been
connected as described in Section 2.3, “Console Port Connection”. The reason for this is that as
soon as power is applied the boot-up dialog sequence will appear on the console screen.
Important
Please read the advisory information concerning electrical safety in Appendix C,
Safety Precautions.
Connecting AC Power
To connect power, follow these steps:
1. Plug one end of the power adapter's power cord into the power receptacle on the back panel of
the SG4300 Series.
2. Plug the other end of the power cord into a grounded power outlet.
3. Power on the appliance using the On/Off switch at the back of the unit.
4. The SG4300 Series will boot up and CorePlus will start. After some minutes, the unit will be
ready for connection through either the Web Interface or through the CLI.
Important: Protecting Against Power Surges
It is strongly recommended that the purchase and use of a separate surge protection
unit from a third party is considered to ensure that the hardware is protected from
damage by electrical power surges. Surge protection is particularly important in
geographic locations where lightning strikes are more likely.
A surge protection unit should be installed exactly according to the manufacturer's
instructions since correct installation of such units is vital for them to be effective.
2.4. Connecting Power Chapter 2. Installation
18
2.4. Connecting Power Chapter 2. Installation
19
Chapter 3. CorePlus Configuration
• Management Workstation Connection, page 20
• Web Interface and Wizard Setup, page 24
• Manual Web Interface Setup, page 31
• CLI Setup, page 46
• Troubleshooting Setup, page 54
• Going Further with CorePlus, page 56
3.1. Management Workstation Connection
CorePlus is Pre-installed on Clavister Hardware
It is assumed you have now unpacked, positioned and powered up the SG4300 Series unit. If not,
you should refer to the earlier chapters in this manual before continuing. CorePlus is already
installed on the SG4300 Series in the factory and will automatically boot up after switching on
power to the hardware.
The Default Management Interface
After first time startup, CorePlus scans the available Ethernet interfaces and makes management
access available on the first interface found and assigns the internal IP address 192.168.1.1 to it.
For the SG4300 Series, this is the ge1 interface.
Alternative CorePlus Setup Methods
Initial CorePlus software configuration can be done in one of the following ways:
•Through a web browser.
A standard web browser running on a standalone computer (also referred to as the management
workstation) can be used to access the CorePlus Web Interface. This provides an intuitive
graphical interface for CorePlus management. When this interface is accessed for the first time,
asetup wizard runs automatically to guide a new user through key setup steps. The wizard can
be closed if the administrator wishes to go directly to the Web Interface to perform setup
manually.
The wizard is recommended for its simplification of initial setup and is described in detail in
Section 3.2, “Web Interface and Wizard Setup”.
•Through a terminal console using CLI commands.
The setup process can alternatively be performed using console CLI commands and this is
described in Section 3.4, “CLI Setup”. The CLI allows step by step control of setup and should
be used by administrators who fully understand both the CLI and setup process.
CLI access can be remote, across a network to a physical interface using a similar connection to
that used with the Web Interface. Alternatively, CLI access can be through a console connected
directly to the local RS-232 port on the SG4300 Series hardware. Direct console connection is
described in Section 2.3, “Console Port Connection”.
20
Table of contents
Other Clavister Network Hardware manuals
Clavister
Clavister SG3200 Series User manual
Clavister
Clavister SG4500 Series User manual
Clavister
Clavister NetWall W20A User manual
Clavister
Clavister NetWall 6000 Series User manual
Clavister
Clavister NetWall E80B User manual
Clavister
Clavister SG50 Series User manual
Clavister
Clavister Eagle E5 User manual
Popular Network Hardware manuals by other brands
Cisco
Cisco Network Adapter VIP-FE-TX/4E Installation and configuration guide
Lanner
Lanner NCA-1040 user manual
Corinex
Corinex CXP-GPH installation guide
Vicon
Vicon KOLLECTOR PRO XG **128-33-00 Software manual
FieldServer
FieldServer A Sierra Monitor Company FS-8700-122 Driver manual
Eneo
Eneo IER-38R160005A user manual
Patton electronics
Patton electronics 3095 Getting started guide
Cisco
Cisco 2650XM datasheet
Tosibox
Tosibox 175 quick start guide
National Instruments
National Instruments PXI-1000 user manual
Ascent Communication Technology
Ascent Communication Technology AON126S Quick reference guide
Mitsubishi Electric
Mitsubishi Electric MELSEC iQ-R Series user manual
Garland
Garland P10GSFPBPFE user guide
Crestron
Crestron DMC-C Specifications
Interlogix
Interlogix TruVision TVN-11 quick start guide
Eci Telecom
Eci Telecom ONT B-FOCuS O-4F2PW Hardware installation manual
Raritan
Raritan SX32 Installation and operation manual
Digiever
Digiever DS-8200-SRM Pro+ Series Quick installation guide