Clavister Sg50 series User manual

Clavister SG50 Series

Getting Started Guide

Clavister AB

Sjögatan 6J

SE-89160 Örnsköldsvik

SWEDEN

Phone: +46-660-299200

Fax: +46-660-12250

www.clavister.com

Published 2010-03-04

Clavister SG50 Series

Getting Started Guide

Published 2010-03-04

This publication, including all photographs, illustrations and software, is protected under

contained herein, may be reproduced without the written consent of Clavister.

Disclaimer

The information in this document is subject to change without notice. Clavister makes no

representations or warranties with respect to the contents hereof and specifically disclaims any

implied warranties of merchantability or fitness for a particular purpose. Clavister reserves the

right to revise this publication and to make changes from time to time in the content hereof

without any obligation to notify any person or parties of such revision or changes.

Limitations of Liability

UNDER NO CIRCUMSTANCES SHALL CLAVISTER OR ITS SUPPLIERS BE LIABLE FOR DAMAGES OF

ANY CHARACTER (E.G. DAMAGES FOR LOSS OF PROFIT, SOFTWARE RESTORATION, WORK

STOPPAGE, LOSS OF SAVED DATA OR ANY OTHER COMMERCIAL DAMAGES OR LOSSES)

RESULTING FROM THE APPLICATION OR IMPROPER USE OF THE CLAVISTER PRODUCT OR

FAILURE OF THE PRODUCT, EVEN IF CLAVISTER IS INFORMED OF THE POSSIBILITY OF SUCH

DAMAGES. FURTHERMORE, CLAVISTER WILL NOT BE LIABLE FOR THIRD-PARTY CLAIMS AGAINST

CUSTOMER FOR LOSSES OR DAMAGES. CLAVISTER WILL IN NO EVENT BE LIABLE FOR ANY

DAMAGES IN EXCESS OF THE AMOUNT CLAVISTER RECEIVED FROM THE END-USER FOR THE

PRODUCT.

Table of Contents

Preface................................................................................................................ 5

1.ProductOverview .............................................................................................. 7

1.1.UnpackingtheProduct ............................................................................ 7

1.2.PortsandConnectors .............................................................................. 9

2.Installation ......................................................................................................12

2.1.InstallationGuidelines ............................................................................12

2.2.ConsolePortConnection .........................................................................14

2.3.ConnectingPower ..................................................................................16

2.4.Resettingtofactorydefaults ....................................................................17

3.CorePlusConfiguration .....................................................................................19

3.1.ManagementWorkstationConnection ......................................................19

3.2.WebInterfaceandWizardSetup ...............................................................24

3.3.ManualWebInterfaceSetup ....................................................................31

3.4.CLISetup ..............................................................................................46

3.5.TroubleshootingSetup ...........................................................................54

3.6.GoingFurtherwithCorePlus ....................................................................56

4.WarrantyService ..............................................................................................59

5.SafetyPrecautions ............................................................................................61

A.Specifications ..................................................................................................64

B.DeclarationsofConformity ................................................................................65

C.VistaIPSetup ...................................................................................................67

D.Windows7IPSetup ..........................................................................................69

E.AppleMacIPSetup ...........................................................................................71

List of Figures

1.1.FrontViewoftheClavisterSG50Series. .............................................................. 9

2.1.TheSG50SeriesRS-232ConsolePort.................................................................14

2.2.RearviewoftheClavisterSG50Series ................................................................16

Preface

Target Audience

The target audience for this guide is the administrator who has taken delivery of a packaged

Clavister SG50 Series appliance and is setting it up for the first time. The guide takes the user

from unpacking and installation of the device through to power-up, including network

connections and initial CorePlus configuration.

Text Structure

The text is divided into chapters and subsections. Numbered subsections are shown in the table

of contents at the beginning of the document.

Notes to the main text

Special sections of text which the reader should pay special attention to are indicated by icons

on the the left hand side of the page followed by a short paragraph in italicized text. There are

the following types of such sections:

Note

This indicates some piece of information that is an addition to the preceding text. It may

concern something that is being emphasised or something that is not obvious or

explicitly stated in the preceding text.

Tip

This indicates a piece of non-critical information that is useful to know in certain

situations but is not essential reading.

Caution

This indicates where the reader should be careful with their actions as an undesirable

situation may result if care is not exercised.

Important

This is an essential point that the reader should read and understand.

Warning

This is essential reading for the user as they should be aware that a serious situation

may result if certain actions are taken or not taken.

Text links

Where a "See section" link is provided in the main text, this can be clicked on to take the reader

directly to that reference. For example, see Section 3.5, “Troubleshooting Setup”.

Web links

Web links included in the document are clickable. For example, http://www.clavister.com.

Preface

Chapter 1: Product Overview

• Unpacking the Product, page 7

• Ports and Connectors, page 9

1.1. Unpacking the Product

This section details the unpacking of the SG50 Series appliance. Open the packaging box used

for shipping and carefully unpack the contents. The delivered product packaging should contain

the following:

1. The Clavister SG50 Series appliance.

2. An Ethernet cable.

3. A RS-232 null-modem cable.

4. A Power cord.

5. An AC power adapter.

6. A CD-ROM containing:

• Clavister software.

• Product documentation in PDF format.

Note: Missing items

If any items are missing from your package, please contact your reseller or distributor.

All PDF documentation can be freely downloaded from the Clavister website.

End of Life Treatment

The SG50 Series appliance is marked with the European Waste Electrical and Electronic Equipment

(WEEE) directive symbol which is shown below.

The product and any its parts should not be disposed of with other, general refuse. At end-of-life,

they should be given to an appropriate service that deals with such specialist disposal.

Chapter 1: Product Overview

1.2. Ports and Connectors

This section is an overview of the SG50 Series product's external design.

Figure 1.1. Front View of the Clavister SG50 Series.

The SG50 features an RS-232 console port on the far right. To the left are 10 Fast Ethernet ports

which can operate at 10Mb or 100Mb speeds. These ports are referred to by the administrator

using logical interface names. The first two ports are marked as DMZ and AUX, the third as WAN.

The remaining 7 ports are marked LAN1 to LAN7. These ports fulfill the following functions:

WAN This port should be connected to an external wide area network (in most cases,

the Internet). It is 100Base-T or 10Base-T capable. The default CorePlus logical

interface name is wan.

DMZ & AUX These ports are also 100Base-T or 10Base-T capable. Their default CorePlus logical

interface names are dmz and aux.

LAN 1-7 These ports are general purpose interfaces that connect to the main processor via

a switch chip which is common to all seven ports. All are designed to be

connected to internal networks. All 7 ports share a single default logical interface

names which is called lan. This means that any rule in the CorePlus IP rule-set that

uses lan as the source or destination interface will apply to traffic on any of the

physical ports LAN 1-7.

Changing default interface names

The default logical interface names assigned to physical ports can be changed later by the SG50

Series appliance administrator. In the case of lan, changing this name will change the shared

name for physical ports

Important

Traffic that enters the SG50 Series by one of the 7 general purpose interfaces LAN1 to

LAN7 and then leaves by another of those same 7 interfaces destined for the same IP

subnet, will not be subject to the CorePlus IP rule-set. This is because that traffic will pass

through the SG50 Series internal switch logic and it will be sent directly to the

destination interface by the switch.

Power and Status LEDs

The front panel of the SG50 Series features two LED lights. One is for power, the other indicates

Chapter 1: Product Overview

CorePlus status. The Power LED should be green when power is applied (see Section 2.3,

“Connecting Power”). The Status LED flashes during the CorePlus firmware loading sequence and

stops flashing when CorePlus is successfully loaded.

Port Status LEDs

Above each SG50 Series interface port socket there are two indicator lights. The top-right hand

light flashes green to indicate data traffic on that port. The top-left hand light is illuminated

continuously green if the port is operating as a 100Base-TX link. The top-left light is not lit if the

connection is operating as a 10Base-T link.

Chapter 1: Product Overview

Chapter 2: Installation

• Installation Guidelines, page 12

• Console Port Connection, page 14

• Connecting Power, page 16

• Resetting to factory defaults, page 17

2.1. Installation Guidelines

Follow these guidelines when installing your Clavister SG50 Series appliance:

•Safety

Take notice of the safety guidelines laid out in Chapter 5, Safety Precautions. These are

specified in multiple languages.

•Power

Make sure that the power source circuits are properly grounded, then use the power cord

supplied with the appliance to connect it to the power source.

•Using Other Power Cords

If your installation requires a different power cord than the one supplied with the appliance,

be sure to use a cord displaying the mark of the safety agency that defines the regulations for

power cords in your country. Such marks are an assurance that the cord is safe.

•Power Overload

Ensure that the appliance does not overload the power circuits, wiring and over-current

protection. To determine the possibility of overloading the supply circuits, add together the

ampere ratings of all devices installed on the same circuit as the appliance and compare the

total with the rating limit for the circuit. The maximum ratings for the SG50 Series are listed in

Appendix A, Specifications.

•Surge Protection

A third party surge protection device should be considered and is strongly recommended as

a means to prevent electrical surges reaching the appliance. This is discussed again in

Section 2.3, “Connecting Power”.

•Temperature

Do not install the appliance in an environment where the operating ambient temperature

could exceed the specified operating range (see Appendix A, Specifications).

The recommended operating temperature range is "room temperature". That is to say, the

temperature most commonly found in a modern office and in which humans feel

comfortable. This is usually considered to be between 20 and 25 degrees Celcius (68 to 77

degrees Fahrenheit). Special rooms for computer equipment may use a lower range.

•Airflow

Make sure that airflow around the sides and back of the appliance is not restricted.

•Dust

Do not expose the appliance to environments with elevated dust levels.

Note

Detailed information concerning power supply range, operating temperature range etc.

can be found at the end of this publication in Appendix A, Specifications.

Flat Surface Installation

The SG50 Series can be mounted on any appropriate stable, flat, level surface that can safely

support the weight of the appliance and its attached cables.

Caution: Leave space around the appliance

Please ensure there is adequate space around the appliance for ventilation and access

to operating switches and cable connectors. No other objects should be placed on top of

the appliance.

Chapter 2: Installation

2.2. Console Port Connection

The serial console port is a physical RS-232 port on the SG50 Series hardware. This port allows

direct management connection to the appliance, either from a separate computer running

console emulation software or from a console terminal. Serial console access can then be used

for both management of CorePlus with CLI commands or to enter the boot menu in order to

access SG50 Series firmware loader options.

Tip: Skip this section for now if the web interface is used

This section can be initially skipped if initial CorePlus setup is done with the CorePlus

Web Interface since neither boot menu or CLI access will be needed..

Figure 2.1. The SG50 Series RS-232 Console Port

Issuing CLI Commands

CLI commands can be issued via the RS-232 console port for both initial CorePlus setup as well as

for ongoing system administration.

The RS-232 console port need not be used if setup is done through a web browser as described

in Section 3.2, “Web Interface and Wizard Setup”. If the RS-232 port is used for setup, no password

is initially needed and the CLI commands required are described in Section 3.4, “CLI Setup”.

Note: Setting a console password

A serial console password need not be set. If this is the case, anyone with physical access

to the serial console has full administrator rights.

If the SG50 Series is not placed in a secure area, it is therefore advisable to set the console

password. This is done using the console boot menu and more detail on this can be

found in the CorePlus Administrators Guide.

An alternative to using the console port for CLI access is to connect via a physical Ethernet

interface and using a Secure Shell (SSH) client on the workstation to issue CLI commands.

Equipment Required for Console Connection

To use the console port, the following is needed:

• A terminal or a computer with a serial port and the ability to emulate a terminal (for instance,

the Hyper Terminal software included with some Microsoft Windows distributions could be

used).

Chapter 2: Installation

• The terminal console should have the following settings:

• 9600 bps.

• No parity.

• 8 bits.

• 1 stop bit.

• No flow control.

• An RS-232 cable with appropriate terminating connectors. The SG50 Series package includes

an RS-232 null-modem cable.

Connection Steps

To connect a terminal to the console port, follow these steps:

1. Check that the console connection settings are configured as described above.

2. Connect one of the connectors on the RS-232 cable supplied, directly to the console port on

the SG50 Series.

3. Connect the other end of the cable to a console terminal or to the serial connector of a

computer running console emulation software.

Chapter 2: Installation

2.3. Connecting Power

This section describes connecting power. As soon as power is applied, the SG50 Series will

boot-up and CorePlus will start.

Important

Please read the advisory information concerning electrical safety in Chapter 5, Safety

Precautions.

Figure 2.2. Rear view of the Clavister SG50 Series

Connecting AC Power

To connect power, follow these steps:

1. Plug one end of the power adapter's power cord into the power receptacle on the back

panel of the SG50 Series.

2. Plug the other end of the power cord into a power outlet. There is no On/Off switch so the

appliance will boot up immediately and after a brief period of time will be ready for initial

connection through either the Web Interface or through the CLI.

This initial connection is discussed in depth in Section 3.1, “Management Workstation

Connection”.

3. The SG50 Series will boot up and CorePlus will start. After a brief period of time, the

appliance will be ready for connection from a management workstation using either the

Web Interface or the Command Line Interface (CLI) as the management interface.

Important: Protecting Against Power Surges

It is strongly recommended that the purchase and use of a separate surge protection

unit from a third party is considered. This is to ensure that computer hardware is

protected from damage by electrical power surges.

Surge protection is particularly important in locations where there is a heightened risk of

lightning strikes or where power grid spikes are more common.

Any surge protection unit should be installed exactly according to the manufacturer's

instructions since correct installation of such units is vital for them to be effective.

Chapter 2: Installation

2.4. Resetting to factory defaults

In some unusual cases, it may be necessary to reset the SG50 Series hardware to the state it was

in when it left the factory.

The recessed button next to the power inlet on the back of the SG50 Series can be used to reset

the SG50 Series to its factory defaults.

To reset to factory defaults:

1. The progress of the reset can be followed using a console. If that is required, open a console

display connected to the SG50 Series serial RS-232 port.

2. Power off the hardware by removing the power cable at the back.

3. Push in the reset button with a suitable pointed tip tool.

4. Hold the button in and at the same time re-apply power to the appliance.

5. Continue holding in the button for at least 30 seconds longer after power is applied.

6. If a console was connected in step 1, the console output will now indicate that the hardware

has been reset to its factory defaults.

7. Release the button and the Clavister Security Gateway can now be configured through the

console as though it was brand new.

8. If a console password was set this will also be reset to the factory default of no password. If

required, the console password should be re-entered to protect the console.

Chapter 2: Installation

Chapter 3: CorePlus Configuration

• Management Workstation Connection, page 19

• Web Interface and Wizard Setup, page 24

• Manual Web Interface Setup, page 31

• CLI Setup, page 46

• Troubleshooting Setup, page 54

• Going Further with CorePlus, page 56

3.1. Management Workstation Connection

CorePlus Starts after Power Up

It is assumed you have now unpacked, positioned and powered up the SG50 Series unit. If not,

you should refer to the earlier chapters in this manual before continuing.

Clavister's CorePlus network security operating system is preloaded on the hardware and will

automatically boot up after power is supplied.

The Default Management Interface

After first time startup, CorePlus makes management access available on a predefined Ethernet

interface port and assigns the private IP address 192.168.1.1 to it.

For the SG50 Series, the default management interface is any of the LAN interfaces since they are

connected together by a switch fabric. By convention the first interface, LAN1, is normally used

for management workstation connection.

Alternative CorePlus Setup Methods

Initial CorePlus software configuration can be done in one of the following ways:

•Through a web browser.

A standard web browser running on a standalone computer (also referred to as the

management workstation) can be used to access the CorePlus Web Interface. This provides an

intuitive graphical interface for CorePlus management. When this interface is accessed for the

first time, a setup wizard runs automatically to guide a new user through key setup steps. The

wizard can be closed if the administrator wishes to go directly to the Web Interface to

perform setup manually.

The wizard is recommended for its simplification of initial setup and is described in detail in

Section 3.2, “Web Interface and Wizard Setup”.

•Through a terminal console using CLI commands.

The setup process can alternatively be performed using console CLI commands and this is

described in Section 3.4, “CLI Setup”. The CLI allows step by step control of setup and should

be used by administrators who fully understand both the CLI and setup process.

CLI access can be remote, across a network to a physical interface using a similar connection

to that used with the Web Interface. Alternatively, CLI access can be through a console

connected directly to the local RS-232 port on the SG50 Series hardware. Direct console

connection is described in Section 2.2, “Console Port Connection”.

Network Connection Setup

For setup using the Web Interface or the remote CLI, we must first connect a workstation to the

SG50 Series across a network as illustrated below.

The designated management interface for the SG50 Series is any of the LAN interfaces (although

lan1 is normally used) and this should be connected to the same network as the management

workstation (or a network accessible from the workstation via one or more switches). Typically

the connection is made via a switch in the network using a regular Ethernet cable.

For connection to the public Internet, another interface should be connected to your ISP and this

is referred to below and in the setup wizard as the WAN interface. In this manual we will assume

that the physical wan interface of the SG50 Series is used for Internet connection although it

could be any other unused interface.

Chapter 3: CorePlus Configuration

Table of contents

Other Clavister Network Hardware manuals

Clavister

Clavister NetWall E80B User manual

Clavister

Clavister NetWall 6000 Series User manual

Clavister

Clavister SG3200 Series User manual

Clavister

Clavister SG4300 Series User manual

Clavister

Clavister SG4500 Series User manual

Clavister

Clavister Eagle E5 User manual

Clavister

Clavister NetWall W20A User manual

Popular Network Hardware manuals by other brands

ASRock Industrial

ASRock Industrial iEP-9000 Series user manual

Buffalo

Buffalo AirStation WLAR-L11-L Reference manual

D-Link

D-Link DNS-323 - Network Storage Enclosure NAS... Quick install guide

HP 400338-001 - KVM Switch parts list

ooma

ooma Phone Genie quick start guide

Elan

Elan EL-NVR quick start guide

Shoreline IoT

Shoreline IoT iCast1 user manual

MikroTik

MikroTik Wireless Wire user manual

MikroTik

MikroTik PL7411-2nD Connecting guide

Fortinet

Fortinet FortiAP 431F quick start guide

Tandberg Data

Tandberg Data SLR AUTOLOADER - SERVICE AND Service and repair manual

FiberHome

FiberHome AN6000-17 Hardware description

AudioCodes

AudioCodes Mediant Series Quick setup guide

Alcatel-Lucent

Alcatel-Lucent 9764 Series manual

Edimax

Edimax NVR-4 Brochure & specs

THORLABS

THORLABS SPDC810 user guide

Cabletron Systems

Cabletron Systems FDCMIM-24 installation guide

Atlantic

Atlantic Cozytouch instructions

Clavister SG50 Series User manual

Popular Network Hardware manuals by other brands