Clavister SG50 Series User manual
Clavister SG50 Series
Getting Started Guide
Clavister AB
Sjögatan 6J
SE-89160 Örnsköldsvik
SWEDEN
Phone: +46-660-299200
Fax: +46-660-12250
www.clavister.com
Published 2010-03-04
Copyright ©2010 Clavister AB
Clavister SG50 Series
Getting Started Guide
Published 2010-03-04
Copyright ©2010 Clavister AB
Copyright Notice
This publication, including all photographs, illustrations and software, is protected under
international copyright laws, with all rights reserved. Neither this manual, nor any of the material
contained herein, may be reproduced without the written consent of Clavister.
Disclaimer
The information in this document is subject to change without notice. Clavister makes no
representations or warranties with respect to the contents hereof and specifically disclaims any
implied warranties of merchantability or fitness for a particular purpose. Clavister reserves the
right to revise this publication and to make changes from time to time in the content hereof
without any obligation to notify any person or parties of such revision or changes.
Limitations of Liability
UNDER NO CIRCUMSTANCES SHALL CLAVISTER OR ITS SUPPLIERS BE LIABLE FOR DAMAGES OF
ANY CHARACTER (E.G. DAMAGES FOR LOSS OF PROFIT, SOFTWARE RESTORATION, WORK
STOPPAGE, LOSS OF SAVED DATA OR ANY OTHER COMMERCIAL DAMAGES OR LOSSES)
RESULTING FROM THE APPLICATION OR IMPROPER USE OF THE CLAVISTER PRODUCT OR
FAILURE OF THE PRODUCT, EVEN IF CLAVISTER IS INFORMED OF THE POSSIBILITY OF SUCH
DAMAGES. FURTHERMORE, CLAVISTER WILL NOT BE LIABLE FOR THIRD-PARTY CLAIMS AGAINST
CUSTOMER FOR LOSSES OR DAMAGES. CLAVISTER WILL IN NO EVENT BE LIABLE FOR ANY
DAMAGES IN EXCESS OF THE AMOUNT CLAVISTER RECEIVED FROM THE END-USER FOR THE
PRODUCT.
2
Table of Contents
Preface................................................................................................................ 5
1.ProductOverview .............................................................................................. 7
1.1.UnpackingtheProduct ............................................................................ 7
1.2.PortsandConnectors .............................................................................. 9
2.Installation ......................................................................................................12
2.1.InstallationGuidelines ............................................................................12
2.2.ConsolePortConnection .........................................................................14
2.3.ConnectingPower ..................................................................................16
2.4.Resettingtofactorydefaults ....................................................................17
3.CorePlusConfiguration .....................................................................................19
3.1.ManagementWorkstationConnection ......................................................19
3.2.WebInterfaceandWizardSetup ...............................................................24
3.3.ManualWebInterfaceSetup ....................................................................31
3.4.CLISetup ..............................................................................................46
3.5.TroubleshootingSetup ...........................................................................54
3.6.GoingFurtherwithCorePlus ....................................................................56
4.WarrantyService ..............................................................................................59
5.SafetyPrecautions ............................................................................................61
A.Specifications ..................................................................................................64
B.DeclarationsofConformity ................................................................................65
C.VistaIPSetup ...................................................................................................67
D.Windows7IPSetup ..........................................................................................69
E.AppleMacIPSetup ...........................................................................................71
3
List of Figures
1.1.FrontViewoftheClavisterSG50Series. .............................................................. 9
2.1.TheSG50SeriesRS-232ConsolePort.................................................................14
2.2.RearviewoftheClavisterSG50Series ................................................................16
4
Preface
Target Audience
The target audience for this guide is the administrator who has taken delivery of a packaged
Clavister SG50 Series appliance and is setting it up for the first time. The guide takes the user
from unpacking and installation of the device through to power-up, including network
connections and initial CorePlus configuration.
Text Structure
The text is divided into chapters and subsections. Numbered subsections are shown in the table
of contents at the beginning of the document.
Notes to the main text
Special sections of text which the reader should pay special attention to are indicated by icons
on the the left hand side of the page followed by a short paragraph in italicized text. There are
the following types of such sections:
Note
This indicates some piece of information that is an addition to the preceding text. It may
concern something that is being emphasised or something that is not obvious or
explicitly stated in the preceding text.
Tip
This indicates a piece of non-critical information that is useful to know in certain
situations but is not essential reading.
Caution
This indicates where the reader should be careful with their actions as an undesirable
situation may result if care is not exercised.
Important
This is an essential point that the reader should read and understand.
Warning
This is essential reading for the user as they should be aware that a serious situation
may result if certain actions are taken or not taken.
5
Chapter 1: Product Overview
• Unpacking the Product, page 7
• Ports and Connectors, page 9
1.1. Unpacking the Product
This section details the unpacking of the SG50 Series appliance. Open the packaging box used
for shipping and carefully unpack the contents. The delivered product packaging should contain
the following:
1. The Clavister SG50 Series appliance.
2. An Ethernet cable.
3. A RS-232 null-modem cable.
4. A Power cord.
5. An AC power adapter.
6. A CD-ROM containing:
• Clavister software.
• Product documentation in PDF format.
7
Note: Missing items
If any items are missing from your package, please contact your reseller or distributor.
All PDF documentation can be freely downloaded from the Clavister website.
End of Life Treatment
The SG50 Series appliance is marked with the European Waste Electrical and Electronic Equipment
(WEEE) directive symbol which is shown below.
The product and any its parts should not be disposed of with other, general refuse. At end-of-life,
they should be given to an appropriate service that deals with such specialist disposal.
Chapter 1: Product Overview
8
1.2. Ports and Connectors
This section is an overview of the SG50 Series product's external design.
Figure 1.1. Front View of the Clavister SG50 Series.
The SG50 features an RS-232 console port on the far right. To the left are 10 Fast Ethernet ports
which can operate at 10Mb or 100Mb speeds. These ports are referred to by the administrator
using logical interface names. The first two ports are marked as DMZ and AUX, the third as WAN.
The remaining 7 ports are marked LAN1 to LAN7. These ports fulfill the following functions:
WAN This port should be connected to an external wide area network (in most cases,
the Internet). It is 100Base-T or 10Base-T capable. The default CorePlus logical
interface name is wan.
DMZ & AUX These ports are also 100Base-T or 10Base-T capable. Their default CorePlus logical
interface names are dmz and aux.
LAN 1-7 These ports are general purpose interfaces that connect to the main processor via
a switch chip which is common to all seven ports. All are designed to be
connected to internal networks. All 7 ports share a single default logical interface
names which is called lan. This means that any rule in the CorePlus IP rule-set that
uses lan as the source or destination interface will apply to traffic on any of the
physical ports LAN 1-7.
Changing default interface names
The default logical interface names assigned to physical ports can be changed later by the SG50
Series appliance administrator. In the case of lan, changing this name will change the shared
name for physical ports
Important
Traffic that enters the SG50 Series by one of the 7 general purpose interfaces LAN1 to
LAN7 and then leaves by another of those same 7 interfaces destined for the same IP
subnet, will not be subject to the CorePlus IP rule-set. This is because that traffic will pass
through the SG50 Series internal switch logic and it will be sent directly to the
destination interface by the switch.
Power and Status LEDs
The front panel of the SG50 Series features two LED lights. One is for power, the other indicates
Chapter 1: Product Overview
9
CorePlus status. The Power LED should be green when power is applied (see Section 2.3,
“Connecting Power”). The Status LED flashes during the CorePlus firmware loading sequence and
stops flashing when CorePlus is successfully loaded.
Port Status LEDs
Above each SG50 Series interface port socket there are two indicator lights. The top-right hand
light flashes green to indicate data traffic on that port. The top-left hand light is illuminated
continuously green if the port is operating as a 100Base-TX link. The top-left light is not lit if the
connection is operating as a 10Base-T link.
Chapter 1: Product Overview
10
Chapter 1: Product Overview
11
Chapter 2: Installation
• Installation Guidelines, page 12
• Console Port Connection, page 14
• Connecting Power, page 16
• Resetting to factory defaults, page 17
2.1. Installation Guidelines
Follow these guidelines when installing your Clavister SG50 Series appliance:
•Safety
Take notice of the safety guidelines laid out in Chapter 5, Safety Precautions. These are
specified in multiple languages.
•Power
Make sure that the power source circuits are properly grounded, then use the power cord
supplied with the appliance to connect it to the power source.
•Using Other Power Cords
If your installation requires a different power cord than the one supplied with the appliance,
be sure to use a cord displaying the mark of the safety agency that defines the regulations for
power cords in your country. Such marks are an assurance that the cord is safe.
•Power Overload
Ensure that the appliance does not overload the power circuits, wiring and over-current
protection. To determine the possibility of overloading the supply circuits, add together the
ampere ratings of all devices installed on the same circuit as the appliance and compare the
total with the rating limit for the circuit. The maximum ratings for the SG50 Series are listed in
Appendix A, Specifications.
•Surge Protection
A third party surge protection device should be considered and is strongly recommended as
a means to prevent electrical surges reaching the appliance. This is discussed again in
Section 2.3, “Connecting Power”.
12
•Temperature
Do not install the appliance in an environment where the operating ambient temperature
could exceed the specified operating range (see Appendix A, Specifications).
The recommended operating temperature range is "room temperature". That is to say, the
temperature most commonly found in a modern office and in which humans feel
comfortable. This is usually considered to be between 20 and 25 degrees Celcius (68 to 77
degrees Fahrenheit). Special rooms for computer equipment may use a lower range.
•Airflow
Make sure that airflow around the sides and back of the appliance is not restricted.
•Dust
Do not expose the appliance to environments with elevated dust levels.
Note
Detailed information concerning power supply range, operating temperature range etc.
can be found at the end of this publication in Appendix A, Specifications.
Flat Surface Installation
The SG50 Series can be mounted on any appropriate stable, flat, level surface that can safely
support the weight of the appliance and its attached cables.
Caution: Leave space around the appliance
Please ensure there is adequate space around the appliance for ventilation and access
to operating switches and cable connectors. No other objects should be placed on top of
the appliance.
Chapter 2: Installation
13
2.2. Console Port Connection
The serial console port is a physical RS-232 port on the SG50 Series hardware. This port allows
direct management connection to the appliance, either from a separate computer running
console emulation software or from a console terminal. Serial console access can then be used
for both management of CorePlus with CLI commands or to enter the boot menu in order to
access SG50 Series firmware loader options.
Tip: Skip this section for now if the web interface is used
This section can be initially skipped if initial CorePlus setup is done with the CorePlus
Web Interface since neither boot menu or CLI access will be needed..
Figure 2.1. The SG50 Series RS-232 Console Port
Issuing CLI Commands
CLI commands can be issued via the RS-232 console port for both initial CorePlus setup as well as
for ongoing system administration.
The RS-232 console port need not be used if setup is done through a web browser as described
in Section 3.2, “Web Interface and Wizard Setup”. If the RS-232 port is used for setup, no password
is initially needed and the CLI commands required are described in Section 3.4, “CLI Setup”.
Note: Setting a console password
A serial console password need not be set. If this is the case, anyone with physical access
to the serial console has full administrator rights.
If the SG50 Series is not placed in a secure area, it is therefore advisable to set the console
password. This is done using the console boot menu and more detail on this can be
found in the CorePlus Administrators Guide.
An alternative to using the console port for CLI access is to connect via a physical Ethernet
interface and using a Secure Shell (SSH) client on the workstation to issue CLI commands.
Equipment Required for Console Connection
To use the console port, the following is needed:
• A terminal or a computer with a serial port and the ability to emulate a terminal (for instance,
the Hyper Terminal software included with some Microsoft Windows distributions could be
used).
Chapter 2: Installation
14
• The terminal console should have the following settings:
• 9600 bps.
• No parity.
• 8 bits.
• 1 stop bit.
• No flow control.
• An RS-232 cable with appropriate terminating connectors. The SG50 Series package includes
an RS-232 null-modem cable.
Connection Steps
To connect a terminal to the console port, follow these steps:
1. Check that the console connection settings are configured as described above.
2. Connect one of the connectors on the RS-232 cable supplied, directly to the console port on
the SG50 Series.
3. Connect the other end of the cable to a console terminal or to the serial connector of a
computer running console emulation software.
Chapter 2: Installation
15
2.3. Connecting Power
This section describes connecting power. As soon as power is applied, the SG50 Series will
boot-up and CorePlus will start.
Important
Please read the advisory information concerning electrical safety in Chapter 5, Safety
Precautions.
Figure 2.2. Rear view of the Clavister SG50 Series
Connecting AC Power
To connect power, follow these steps:
1. Plug one end of the power adapter's power cord into the power receptacle on the back
panel of the SG50 Series.
2. Plug the other end of the power cord into a power outlet. There is no On/Off switch so the
appliance will boot up immediately and after a brief period of time will be ready for initial
connection through either the Web Interface or through the CLI.
This initial connection is discussed in depth in Section 3.1, “Management Workstation
Connection”.
3. The SG50 Series will boot up and CorePlus will start. After a brief period of time, the
appliance will be ready for connection from a management workstation using either the
Web Interface or the Command Line Interface (CLI) as the management interface.
Important: Protecting Against Power Surges
It is strongly recommended that the purchase and use of a separate surge protection
unit from a third party is considered. This is to ensure that computer hardware is
protected from damage by electrical power surges.
Surge protection is particularly important in locations where there is a heightened risk of
lightning strikes or where power grid spikes are more common.
Any surge protection unit should be installed exactly according to the manufacturer's
instructions since correct installation of such units is vital for them to be effective.
Chapter 2: Installation
16
2.4. Resetting to factory defaults
In some unusual cases, it may be necessary to reset the SG50 Series hardware to the state it was
in when it left the factory.
The recessed button next to the power inlet on the back of the SG50 Series can be used to reset
the SG50 Series to its factory defaults.
To reset to factory defaults:
1. The progress of the reset can be followed using a console. If that is required, open a console
display connected to the SG50 Series serial RS-232 port.
2. Power off the hardware by removing the power cable at the back.
3. Push in the reset button with a suitable pointed tip tool.
4. Hold the button in and at the same time re-apply power to the appliance.
5. Continue holding in the button for at least 30 seconds longer after power is applied.
6. If a console was connected in step 1, the console output will now indicate that the hardware
has been reset to its factory defaults.
7. Release the button and the Clavister Security Gateway can now be configured through the
console as though it was brand new.
8. If a console password was set this will also be reset to the factory default of no password. If
required, the console password should be re-entered to protect the console.
Chapter 2: Installation
17
Chapter 2: Installation
18
Chapter 3: CorePlus Configuration
• Management Workstation Connection, page 19
• Web Interface and Wizard Setup, page 24
• Manual Web Interface Setup, page 31
• CLI Setup, page 46
• Troubleshooting Setup, page 54
• Going Further with CorePlus, page 56
3.1. Management Workstation Connection
CorePlus Starts after Power Up
It is assumed you have now unpacked, positioned and powered up the SG50 Series unit. If not,
you should refer to the earlier chapters in this manual before continuing.
Clavister's CorePlus network security operating system is preloaded on the hardware and will
automatically boot up after power is supplied.
The Default Management Interface
After first time startup, CorePlus makes management access available on a predefined Ethernet
interface port and assigns the private IP address 192.168.1.1 to it.
For the SG50 Series, the default management interface is any of the LAN interfaces since they are
connected together by a switch fabric. By convention the first interface, LAN1, is normally used
for management workstation connection.
Alternative CorePlus Setup Methods
Initial CorePlus software configuration can be done in one of the following ways:
•Through a web browser.
A standard web browser running on a standalone computer (also referred to as the
19
management workstation) can be used to access the CorePlus Web Interface. This provides an
intuitive graphical interface for CorePlus management. When this interface is accessed for the
first time, a setup wizard runs automatically to guide a new user through key setup steps. The
wizard can be closed if the administrator wishes to go directly to the Web Interface to
perform setup manually.
The wizard is recommended for its simplification of initial setup and is described in detail in
Section 3.2, “Web Interface and Wizard Setup”.
•Through a terminal console using CLI commands.
The setup process can alternatively be performed using console CLI commands and this is
described in Section 3.4, “CLI Setup”. The CLI allows step by step control of setup and should
be used by administrators who fully understand both the CLI and setup process.
CLI access can be remote, across a network to a physical interface using a similar connection
to that used with the Web Interface. Alternatively, CLI access can be through a console
connected directly to the local RS-232 port on the SG50 Series hardware. Direct console
connection is described in Section 2.2, “Console Port Connection”.
Network Connection Setup
For setup using the Web Interface or the remote CLI, we must first connect a workstation to the
SG50 Series across a network as illustrated below.
The designated management interface for the SG50 Series is any of the LAN interfaces (although
lan1 is normally used) and this should be connected to the same network as the management
workstation (or a network accessible from the workstation via one or more switches). Typically
the connection is made via a switch in the network using a regular Ethernet cable.
For connection to the public Internet, another interface should be connected to your ISP and this
is referred to below and in the setup wizard as the WAN interface. In this manual we will assume
that the physical wan interface of the SG50 Series is used for Internet connection although it
could be any other unused interface.
Chapter 3: CorePlus Configuration
20
Table of contents
Other Clavister Network Hardware manuals
Clavister
Clavister SG4300 Series User manual
Clavister
Clavister SG3200 Series User manual
Clavister
Clavister NetWall E80B User manual
Clavister
Clavister Eagle E5 User manual
Clavister
Clavister SG4500 Series User manual
Clavister
Clavister NetWall W20A User manual
Clavister
Clavister NetWall 6000 Series User manual
