Clavister SG4500 Series User manual
Clavister SG4500 Series
Getting Started Guide
Clavister AB
Sjögatan 6J
SE-89160 Örnsköldsvik
SWEDEN
Phone: +46-660-299200
Fax: +46-660-12250
www.clavister.com
Published 2011-03-24
Copyright ©2011 Clavister AB
Clavister SG4500 Series
Getting Started Guide
Published 2011-03-24
Copyright ©2011 Clavister AB
Copyright Notice
This publication, including all photographs, illustrations and software, is protected under
international copyright laws, with all rights reserved. Neither this manual, nor any of the material
contained herein, may be reproduced without the written consent of Clavister.
Disclaimer
The information in this document is subject to change without notice. Clavister makes no
representations or warranties with respect to the contents hereof and specifically disclaims any
implied warranties of merchantability or fitness for a particular purpose. Clavister reserves the
right to revise this publication and to make changes from time to time in the content hereof
without any obligation to notify any person or parties of such revision or changes.
Limitations of Liability
UNDER NO CIRCUMSTANCES SHALL CLAVISTER OR ITS SUPPLIERS BE LIABLE FOR DAMAGES OF
ANY CHARACTER (E.G. DAMAGES FOR LOSS OF PROFIT, SOFTWARE RESTORATION, WORK
STOPPAGE, LOSS OF SAVED DATA OR ANY OTHER COMMERCIAL DAMAGES OR LOSSES)
RESULTING FROM THE APPLICATION OR IMPROPER USE OF THE CLAVISTER PRODUCT OR
FAILURE OF THE PRODUCT, EVEN IF CLAVISTER IS INFORMED OF THE POSSIBILITY OF SUCH
DAMAGES. FURTHERMORE, CLAVISTER WILL NOT BE LIABLE FOR THIRD-PARTY CLAIMS AGAINST
CUSTOMER FOR LOSSES OR DAMAGES. CLAVISTER WILL IN NO EVENT BE LIABLE FOR ANY
DAMAGES IN EXCESS OF THE AMOUNT CLAVISTER RECEIVED FROM THE END-USER FOR THE
PRODUCT.
2
Table of Contents
Preface................................................................................................................ 5
1.ProductOverview .............................................................................................. 7
1.1.UnpackingtheProduct ............................................................................ 7
1.2.InterfacesandPorts ................................................................................. 9
1.3.TheKeypadandDisplay ..........................................................................11
2.Installation ......................................................................................................14
2.1.InstallationGuidelines ............................................................................14
2.2.InstallingSFP/SFP+Modules ....................................................................17
2.3.ConsolePortConnection .........................................................................19
2.4.ConnectingPower ..................................................................................21
3.CorePlusConfiguration .....................................................................................24
3.1.ManagementWorkstationConnection ......................................................24
3.2.WebInterfaceandWizardSetup ...............................................................29
3.3.ManualWebInterfaceSetup ....................................................................36
3.4.CLISetup ..............................................................................................51
3.5.Downgradingto8.nn..............................................................................59
3.6.TroubleshootingSetup ...........................................................................60
3.7.GoingFurtherwithCorePlus ....................................................................62
4.ProductMaintenance ........................................................................................65
4.1.ReplacingPSUs ......................................................................................65
4.2.ReplacingFanModules ...........................................................................69
5.WarrantyService ..............................................................................................73
6.SafetyPrecautions ............................................................................................75
A.Specifications ..................................................................................................78
B.DeclarationsofConformity ................................................................................79
C.VistaIPSetup ...................................................................................................81
D.Windows7IPSetup ..........................................................................................83
E.AppleMacIPSetup ...........................................................................................85
3
List of Figures
1.1.AnUnpackedClavisterSG4500SeriesAppliance .................................................. 8
1.2.FrontViewoftheClavisterSG4500Series. ........................................................... 9
1.3.TheSG4500SeriesKeypadandDisplay ..............................................................11
2.1.ATypicalSFP/SFP+Module .............................................................................17
2.2.AnExampleofanSFP1000BaseTXModule .......................................................17
2.3.InstallinganSFP/SFP+Module .........................................................................17
2.4.TheSG4500SeriesRS-232ConsolePort .............................................................19
2.5.RearViewoftheSG4500Series .........................................................................21
4.1.APSUModule................................................................................................66
4.2.TheAlarmResetButton ...................................................................................67
4.3.ThePSUStatusLED ........................................................................................67
4.4.AnIndividualFanModule ................................................................................69
4
Preface
Target Audience
The target audience for this guide is the administrator who has taken delivery of a packaged
Clavister SG4500 Series appliance and is setting it up for the first time. The guide takes the user
from unpacking and installation of the device through to power-up, including network
connections and initial CorePlus configuration.
Text Structure
The text is divided into chapters and subsections. Numbered subsections are shown in the table
of contents at the beginning of the document.
Notes to the main text
Special sections of text which the reader should pay special attention to are indicated by icons
on the left hand side of the page followed by a short paragraph in italicized text. There are the
following types of such sections:
Note
This indicates some piece of information that is an addition to the preceding text. It may
concern something that is being emphasised or something that is not obvious or
explicitly stated in the preceding text.
Tip
This indicates a piece of non-critical information that is useful to know in certain
situations but is not essential reading.
Caution
This indicates where the reader should be careful with their actions as an undesirable
situation may result if care is not exercised.
Important
This is an essential point that the reader should read and understand.
Warning
This is essential reading for the user as they should be aware that a serious situation
may result if certain actions are taken or not taken.
5
Text links
Where a "See section" link is provided in the main text, this can be clicked on to take the reader
directly to that reference. For example, see Section 3.6, “Troubleshooting Setup”.
Web links
Web links included in the document are clickable. For example, http://www.clavister.com.
Trademarks
Certain names in this publication are the trademarks of their respective owners.
CorePlus is the trademark of Clavister AB.
Windows,Windows XP,Windows Vista and Windows 7 are either registered trademarks or
trademarks of Microsoft Corporation in the United States and/or other countries.
Apple and Mac are trademarks of Apple Inc. registered in the United States and/or other
countries.
Preface
6
Chapter 1: Product Overview
• Unpacking the Product, page 7
• Interfaces and Ports, page 9
• The Keypad and Display, page 11
1.1. Unpacking the Product
This section details the unpacking of the SG4500 Series appliance. Open the packaging box used
for shipping and carefully unpack the contents. The delivered product packaging should contain
the following:
1. The Clavister SG4500 Series appliance.
2. A mounting kit for 19 inch racks.
3. An Ethernet cable.
4. A RS-232 null-modem cable.
5. A Power cord.
6. A CD-ROM containing:
• Clavister software.
• Product documentation in PDF format.
7. A printed guide for getting started.
7
Figure 1.1. An Unpacked Clavister SG4500 Series Appliance
Note: Missing items
If any items are missing from your package, please contact your reseller or distributor.
All documentation can be freely downloaded in PDF format from the Clavister website.
End of Life Treatment
The SG4500 Series appliance is marked with the European Waste Electrical and Electronic
Equipment (WEEE) directive symbol which is shown below.
The product, and any of its parts, should not be discarded of by means of regular refuse disposal.
At end-of-life, the product and parts should be given to an appropriate service that deals with
the removal of such specialist materials.
This also applies to any of the product's field-removable components.
Chapter 1: Product Overview
8
1.2. Interfaces and Ports
This section is an overview of the SG4500 Series product's external design.
Note: Usage of the terms "interface" and "port"
The terms Ethernet interface and Ethernet port are often used interchangeably. In this
document, interface is used for Ethernet connections and port is used for non-Ethernet
connections.
Figure 1.2. Front View of the Clavister SG4500 Series.
The SG4500 Series features a number of connection ports. On the far right is the RS-232 console
port and an LED display screen. To the left of these are a set of 10 Ethernet interfaces.
Each Ethernet interface has equal operational capacity and corresponds to a logical interface in
the CorePlus software configuration. Going from left to right, the Ethernet interfaces are:
• A set of 4 interfaces consisting of:
i. 2 x Small Form Pluggable Plus (SFP+) Ethernet interfaces with logical CorePlus
interface names xsfp1 and xsfp2. These are for 10 Gigabit Ethernet links only.
ii. 2 x Small Form Pluggable (SFP) Ethernet interfaces with logical CorePlus interface
names sfp1 and sfp2. These are for 1 Gigabit Ethernet links only.
On the right of these interfaces is a vertical line of 4 LEDs which show the status for the
interfaces. These LEDs are illuminated orange when a link is established.
•6 x RJ45 Gigabit Ethernet interfaces with logical interface names ge1 to ge6. These
connections are capable of link speed auto-negotiation and can therefore operate with
10Base-T, 100Base-Tx, or 1000Base-T.
Chapter 1: Product Overview
9
All ge interfaces support Automatic MDI-X and do not require a crossover cable for direct
connection from another computer.
Status lights are located at the top-right and top-left of the ge interfaces. The top-left light
flashes green to indicate data traffic. The top-right light shows the link speed and has the
following states:
• Not lit (dark) if the link is 10 Mb.
• Green if the link is 100 Mb.
• Yellow if the link is 1 Gb.
USB Ports
Next to the RS-232 port are 2 USB ports. These ports are not used with the current version of
CorePlus. The ports are intended for use with features planned for future CorePlus versions and
are provided so that no hardware upgrade will be required in order to make use of those features
after a software upgrade.
Chapter 1: Product Overview
10
1.3. The Keypad and Display
The SG4500 Series features a keypad and display on the right hand front side of the hardware
consisting of an LED display and 4 navigation buttons. The buttons are used to either move
forwards or backwards through a sequential list of parameters which are always shown on the
display while the power is on.
Pressing either the Right or Upper button will go forward in the display sequence. Pressing
either the Left or Lower button will go backwards in the sequence. When the end of the display
sequence is reached, the display cycles back to the beginning.
Figure 1.3. The SG4500 Series Keypad and Display
The sequence of information that is shown in the LED display is as follows:
•Hardware Model information.
The model of the hardware is shown.
•Status Information
This displays the message Running to indicate normal operation. If CorePlus is in 2 hour
demonstration mode then this is indicated along with how much time is left before timeout.
If CorePlus is in lockdown mode then this is shown.
•CPU and Connections
This shows the CPU load and the total number of current state engine connections.
•Data Throughput Information
The data throughput of the Clavister Security Gateway in bits per second and packets per
second is shown. This is the total volume of all data traffic forwarded through the security
gateway over a one second interval.
These values are for raw data and include any overhead incurred with protocols such as IPsec.
The actual throughput of, for example, unencrypted data flowing inside VPN tunnels, may be
marginally less.
•High Availability
This shows the HA mode (master or slave) and the HA status (active or passive).
If the SG4500 Series is not part of a high availability cluster, this information is skipped.
•Time Information
The date and time currently set in the hardware system clock is shown. If this is incorrect, it
should be corrected through one of the administration interfaces.
Chapter 1: Product Overview
11
•Memory Information
This shows the current uptime (time since last restart), the total hardware RAM memory
available to CorePlus and the current memory usage.
•Anti-Virus Information
This shows the current signature count in the Anti-Virus database and the time of the last
database update.
If the CorePlus Anti-Virus subsystem is not activated, this information is skipped.
•IDP Information
This shows the current signature count in the Intrusion Detection and Prevention (IDP)
database and the time of the last database update.
If the CorePlus IDP subsystem is not activated, this information is skipped.
•Interface Information
This consists of multiple display sets of information, one for each physical Ethernet interface
present. The information displayed for each interface is:
i. The logical CorePlus interface name.
ii. The current linkspeed.
iii. If the link is full-duplex (FD) or half-duplex (HD). This is not shown if the linkspeed is
Gigabit since it will always be full-duplex.
iv. The IP address assigned to the interface.
•Hardware Monitor Information
This information consists of multiple sets of information, one for each sensor. Sensor
information shows operating temperatures and fan speeds.
Hardware monitoring must be enabled through one of the administration interfaces for this
to be shown otherwise this information is skipped.
•CorePlus Version
This shows the version of CorePlus which is currently running.
After the CorePlus version is displayed, going forward will cycle back to the first information
displayed in the sequence which is the hardware model.
Chapter 1: Product Overview
12
Chapter 1: Product Overview
13
Chapter 2: Installation
• Installation Guidelines, page 14
• Installing SFP/SFP+ Modules, page 17
• Console Port Connection, page 19
• Connecting Power, page 21
2.1. Installation Guidelines
Follow these guidelines when installing your Clavister SG4500 Series appliance:
•Safety
Take notice of the safety guidelines laid out in Chapter 6, Safety Precautions. These are
specified in multiple languages.
•Power
Make sure that the power source circuits are properly grounded and then use the power cord
supplied with the appliance to connect it to the power source.
•Using Other Power Cords
If your installation requires a different power cord than the one supplied with the appliance,
be sure to use a cord displaying the mark of the safety agency that defines the regulations for
power cords in your country. Such marks are an assurance that the cord is safe.
•Power Overload
Ensure that the appliance does not overload the power circuits, wiring and over-current
protection.
To determine the possibility of overloading the supply circuits, add together the ampere
ratings of all devices installed on the same circuit as the appliance and compare the total
with the rating limit for the circuit. The maximum ratings for the SG4500 Series are listed in
Appendix A, Specifications. Rating figures can also be found written on individual SG4500
Series PSU modules.
•Surge Protection
14
A third party surge protection device should be considered and is strongly recommended as
a means to prevent electrical surges reaching the appliance. This is discussed again in
Section 2.4, “Connecting Power”.
•Temperature
Do not install the appliance in an environment where the operating ambient temperature
could exceed the specified operating range (see Appendix A, Specifications).
The recommended operating temperature range is "room temperature". That is to say, the
temperature most commonly found in a modern office and in which humans feel
comfortable. This is usually considered to be between 20 and 25 degrees Celsius (68 to 77
degrees Fahrenheit). Special rooms for computer equipment may use a lower range.
•Airflow
Make sure that airflow around the sides and back of the appliance is not restricted.
•Dust
Do not expose the appliance to environments with elevated dust levels. This is particularly
important for the operation of the fans, both general cooling fans and the cooling fan found
in SG4500 Series power supplies. Elevated dust levels can significantly reduce the operating
lifetime of fans.
Note
Detailed information concerning power supply range, operating temperature range etc.
can be found at the end of this publication in Appendix A, Specifications.
Flat Surface Installation
The SG4500 Series can be mounted on any appropriate stable, flat, level surface that can safely
support the weight of the appliance and its attached cables.
Caution: Leave space around the appliance
Please ensure there is adequate space around the appliance for ventilation and access
to operating switches and cable connectors. No other objects should be placed on top of
the appliance.
Rack Installation
A rack mounted Clavister Security Gateway can be installed in most standard 19 inch equipment
racks. To do this, fasten the appliance with screws suitable for the kind of rack you are using. The
following mounting guidelines should be followed:
• A rack or cabinet used for mounting should be adequately secured to prevent it from
becoming unstable and/or falling over.
• Devices installed in a rack or cabinet should be mounted as low as possible, with the heaviest
devices at the bottom and progressively lighter devices installed above.
Chapter 2: Installation
15
• Rear brackets should be used to support appliances at the rear.
Important: Use rear brackets for rack mounting
It is strongly recommended that the rear brackets included with the SG4500 Series are
fitted and used to support the appliance from the back when rack mounted.
Chapter 2: Installation
16
2.2. Installing SFP/SFP+ Modules
Small Form Pluggable (SFP) and Small Form Pluggable Plus (SFP+) modules can be sourced from
different manufacturers. Shown below is a typical unit. The SG4500 Series does not come as
standard with these modules and they must be purchased separately.
Figure 2.1. A Typical SFP/SFP+ Module
Figure 2.2. An Example of an SFP 1000 Base TX Module
Installation of the different types of modules is usually done in a similar way. For example, with
the module shown above, insertion into the sockets is done with the label facing upwards. The
module slides into position by gently pressing it inwards.
Figure 2.3. Installing an SFP/SFP+ Module
Chapter 2: Installation
17
Note: Installation images are generic
The SFP/SFP+ installation images used here are generic and do not feature the SG4500
Series. However, the installation principles are the same on all Clavister hardware
models that provide SFP or SFP+ support.
Important: Cover unused SFP and SFP+ interfaces with dust caps
The SG4500 Series SFP and SFP+ interfaces are covered with dust caps when the product
is unpacked. These prevent dust entering theinterfaceopenings.
It is strongly recommended that dust caps are always used to cover ports when there is
no module inserted. Otherwise, dust can build up inside the opening and potentially
cause a malfunction.
Chapter 2: Installation
18
2.3. Console Port Connection
The serial console port is a physical RS-232 port on the SG4500 Series hardware.
This port allows direct management connection to the appliance, either from a separate
computer running console emulation software or from a console terminal. Serial console access
can then be used for both management of CorePlus with CLI commands or to enter the boot
menu in order to access SG4500 Series firmware loader options.
Tip: Skip this section for now if the web interface is used
This section can be initially skipped if initial CorePlus setup is done with the CorePlus
Web Interface since neither boot menu or CLI access will be needed.
Figure 2.4. The SG4500 Series RS-232 Console Port
Issuing CLI Commands
CLI commands can be issued via the RS-232 console port for both initial CorePlus setup as well as
for ongoing system administration.
The RS-232 console port need not be used if setup is done through a web browser as described
in Section 3.2, “Web Interface and Wizard Setup”. If the RS-232 port is used for setup, no password
is initially needed and the CLI commands required are described in Section 3.4, “CLI Setup”.
Note: Setting a console password
A serial console password need not be set. If this is the case, anyone with physical access
to the serial console has full administrator rights.
If the SG4500 Series is not placed in a secure area, it is therefore advisable to set the
console password. This is done using the console boot menu and more detail on this
can be found in the CorePlus Administrators Guide.
An alternative to using the console port for CLI access is to connect via a physical Ethernet
interface and using a Secure Shell (SSH) client on the workstation to issue CLI commands.
Equipment Required for Console Connection
To use the console port, the following is needed:
• A terminal or a computer with a serial port and the ability to emulate a terminal (for instance,
the Hyper Terminal software included with some Microsoft Windows distributions could be
used).
Chapter 2: Installation
19
• The terminal console should have the following settings:
• 9600 bps.
• No parity.
• 8 bits.
• 1 stop bit.
• No flow control.
• An RS-232 cable with appropriate terminating connectors. The SG4500 Series package
includes an RS-232 null-modem cable.
Connection Steps
To connect a terminal to the console port, follow these steps:
1. Check that the console connection settings are configured as described above.
2. Connect one of the connectors on the RS-232 cable supplied, directly to the console port on
the SG4500 Series.
3. Connect the other end of the cable to a console terminal or to the serial connector of a
computer running console emulation software.
Chapter 2: Installation
20
Table of contents
Other Clavister Network Hardware manuals
Clavister
Clavister NetWall W20A User manual
Clavister
Clavister NetWall E80B User manual
Clavister
Clavister NetWall 6000 Series User manual
Clavister
Clavister Eagle E5 User manual
Clavister
Clavister SG3200 Series User manual
Clavister
Clavister SG4300 Series User manual
Clavister
Clavister SG50 Series User manual
Popular Network Hardware manuals by other brands
IFM
IFM O2I5 Series operating instructions
Omron
Omron E3Z series Network Connection Guide
Compatible Systems
Compatible Systems DS3-10/100 installation guide
ADTRAN
ADTRAN TOTAL ACCESS 600R User Interface Guide
Panasonic
Panasonic Rectifier Diodes MA6X129 Specification sheet
Huawei
Huawei NIP6320 quick start guide
