Dptech Fw1000 series User manual

DPtech FW1000 Series Firewall

Maintenance Manual

Manual version: v2.0

Software version: DPX8000-S211C008D014P01

FW1000BLADE-S211C008D014P01

Released date: 2016-09-19

DPtech FW1000 Series Firewall Maintenance Manual v2.0

Preface

Document purpose

This document is written for the specified project based on their internal network

environment, business and maintenance requirements. This document is written for

realizing standard maintenance and making further step for hardware standard

configuration, reducing network management risk and security risk that caused by

hardware maintenance operation difference.

This document is written based-on DPtech long-term experience of network

operation and maintenance, and the best operation practices of device.

When you read this document, you are suggested to read the related documents

written by DPtech, such as Installation Manual, User Guide, and Command Manual.

In addition, this document will be updated regularly because device type constantly

changed and the experience of operation and maintenance constantly accumulated,

in order to meet the requirement of changing network environment.

This document plays a certain role in guiding network engineers to carry out normal

hardware operations, device installation and deployment, and hardware failure

processing. At the same time, this document also makes some benefits for

summarizing operation and maintenance practices and knowledge accumulation.

Face who

This document is written for the network maintenance engineers of the specified

project.

Document contents

This document covers the hardware operating specifications of the specified project

network devices, including the best practices of hardware maintenance, the

operational method of conventional hardware maintenance, and the maintenance

strategies of hardware failure.

DPtech FW1000 Series Firewall Maintenance Manual v2.0

Conventions

GUI conventions

Convention Description

> Multi-level menus are separated by“ > ”. Such as System Management > Administrator.

< >

Button name. Such as click <OK>button.

Command conventions

Convention Description

Boldface Bold text represents keywords that you enter literally as shown..

Italic Italic text represents arguments that you replace with actual values.

[ ] Square brackets contain syntax choices (keywords or arguments) that are optional.

[ x | y | … ]

Square brackets contain a set of optional syntax choices separated by vertical bars,

from which you select one or none.

{ } Square brackets contain syntax choices (keywords or arguments) that can emerge

one time or several times.

( x | y | … ) Square brackets contain a set of optional syntax choices separated by vertical bars,

from which you select one.

# A line begins with the # sign is comments.

Sign conventions

Convention Description

An alert that calls attention to important information that if ignored can result in data

corruption, data loss, or damage to hardware or software.

An alert that contains supplementary or additional information.

DPtech FW1000 Series Firewall Maintenance Manual v2.0

Contents

1Hardware Introduction ....................................................................................................................... 1-1

1.1 FW1000-TE-N....................................................................................................................................1-1

1.1.1 Front view................................................................................................................................1-1

1.1.2 Rear view ................................................................................................................................1-2

1.1.3 Product component.................................................................................................................1-3

1.2 FW1000-TS-E....................................................................................................................................1-3

1.2.1 Front view................................................................................................................................1-3

1.2.2 Rear view ................................................................................................................................1-4

1.2.3 Product component.................................................................................................................1-4

1.3 FW1000-GA-E...................................................................................................................................1-4

1.3.1 Front view................................................................................................................................1-4

1.3.2 Rear view ................................................................................................................................1-5

1.3.3 Product component.................................................................................................................1-5

1.4 FW1000-GC-N...................................................................................................................................1-5

1.4.1 Front view................................................................................................................................1-5

1.4.2 Rear view ................................................................................................................................1-6

1.4.3 Product component.................................................................................................................1-6

2Hardware Installation......................................................................................................................... 2-1

2.1 Preparation for Installation.................................................................................................................2-1

2.2 General Safety Recommendations ...................................................................................................2-1

2.3 Examining the Installation Site ..........................................................................................................2-1

2.3.1 Temperature/Humidity Requirement .......................................................................................2-1

2.3.2 Cleanliness Requirement........................................................................................................2-2

2.3.3 ESD Requirement ...................................................................................................................2-3

2.3.4 Anti-interference Requirement ................................................................................................2-3

2.3.5 Lightning Protection.................................................................................................................2-3

2.3.6 .Grounding Requirement.........................................................................................................2-4

2.3.7 Wiring Cable Requirement......................................................................................................2-4

2.4 Installation Procedure........................................................................................................................2-5

2.5 Mounting the Device to a Specific Site..............................................................................................2-5

2.6 Connecting Grounding Wires ............................................................................................................2-6

2.7 Connecting Interface Cable...............................................................................................................2-7

2.7.1 Connecting Configuration Port Cable......................................................................................2-7

2.7.2 Connecting Management Port ................................................................................................2-7

DPtech FW1000 Series Firewall Maintenance Manual v2.0

2.7.3 Connecting Service Port..........................................................................................................2-7

2.8 Connecting Power Cable...................................................................................................................2-8

2.9 Verify Installation................................................................................................................................2-8

3Booting the Device and Upgrading Software..................................................................................... 3-1

3.1 Power module operation....................................................................................................................3-1

3.1.1 Replacement method of FW1000-TE-N power module..........................................................3-2

3.1.2 Replacement method of FW1000-TS-E power module..........................................................3-2

3.1.3 Replacement specification of power module ..........................................................................3-3

3.2 Device module replacement..............................................................................................................3-3

3.2.1 Device module type.................................................................................................................3-3

3.2.2 Module maintenance condition ...............................................................................................3-4

3.2.3 Operation procedure of module replacement .........................................................................3-4

3.3 Replacement of service board and expansion module.....................................................................3-4

3.4 Fan maintenance...............................................................................................................................3-4

4Firewall Configuration and Management ........................................................................................... 4-1

4.1 Configuration file management..........................................................................................................4-1

4.1.1 Backup configuration...............................................................................................................4-1

4.2 System management.........................................................................................................................4-4

4.2.1 Restore factory configuration..................................................................................................4-4

4.2.2 Clear system password...........................................................................................................4-4

4.2.3 Administrator management.....................................................................................................4-4

4.3 Viewing system information.............................................................................................................4-14

4.3.1 System information of the firewall.........................................................................................4-14

4.3.2 Hardware information of the firewall......................................................................................4-14

4.3.3 CPU information of the firewall..............................................................................................4-14

4.3.4 Memory information of the firewall........................................................................................4-15

4.3.5 Board information of the firewall............................................................................................4-15

4.3.6 Network interface of the firewall............................................................................................4-15

4.4 System OS maintenance.................................................................................................................4-15

4.4.1 Upgrading software version from Webpage..........................................................................4-15

4.4.2 Command line upgrade software version..............................................................................4-16

4.4.3 Conboot upgrade software version.......................................................................................4-17

4.5 Device hardware operation..............................................................................................................4-22

4.5.1 Close the device....................................................................................................................4-22

4.5.2 Reboot the device .................................................................................................................4-22

4.6 High reliability ..................................................................................................................................4-23

4.6.1 Silent hot-standby..................................................................................................................4-23

DPtech FW1000 Series Firewall Maintenance Manual v2.0

4.6.2 VSM virtual switching matrix.................................................................................................4-36

4.7 Strategy and session management.................................................................................................4-43

4.7.1 Adding packet filtering policy.................................................................................................4-43

4.7.2 Editing the entry of packet filtering policy..............................................................................4-46

4.7.3 Configuring session long connection ....................................................................................4-46

4.7.4 Viewing session information..................................................................................................4-47

4.7.5 NAT configuration..................................................................................................................4-48

4.8 Network interface maintenance.......................................................................................................4-49

4.8.1 Configuration command........................................................................................................4-49

4.8.2 Configuring multiple IP addresses for an interface...............................................................4-49

4.8.3 Port aggregation....................................................................................................................4-50

4.9 Route maintenance .........................................................................................................................4-51

4.9.1 Viewing routing table.............................................................................................................4-51

4.9.2 Routing protocol maintenance ..............................................................................................4-52

4.10 Network management SNMP........................................................................................................4-52

4.11 Log management and maintenance..............................................................................................4-53

4.11.1 Log query.............................................................................................................................4-53

4.11.2 Log configuration.................................................................................................................4-53

5Firewall Daily Maintenance................................................................................................................ 5-1

5.1 Firewall daily monitoring information.................................................................................................5-1

5.2 Routine maintenance recommendations...........................................................................................5-2

6Firewall Emergency Handling............................................................................................................ 6-1

6.1 Basic principles of emergency handling............................................................................................6-1

6.2 Fault level definition...........................................................................................................................6-1

6.3 Standard of operational status...........................................................................................................6-1

6.3.2 SNMP monitors firewall OID....................................................................................................6-2

6.3.3 SNMP Trap..............................................................................................................................6-3

6.3.4 Configuration backup ..............................................................................................................6-4

6.4 Emergency measures under different circumstances.......................................................................6-4

6.4.1 Hardware failure......................................................................................................................6-4

6.4.2 High CPU usage......................................................................................................................6-4

6.4.3 Memory usage is high.............................................................................................................6-6

6.4.4 Hot-standby problems.............................................................................................................6-6

6.4.5 Routing problems....................................................................................................................6-6

6.4.6 Packet loss problems..............................................................................................................6-7

6.4.7 Exception of throughput..........................................................................................................6-7

6.4.8 System down problems...........................................................................................................6-7

DPtech FW1000 Series Firewall Maintenance Manual v2.0

6.4.9 Abnormal sesession................................................................................................................6-8

7Firewall Fault Information Collection.................................................................................................. 7-1

7.1 Information collection of high CPU usage.........................................................................................7-1

7.2 Information collection of high memory utilization...............................................................................7-2

7.3 Information collection of abnormal session.......................................................................................7-2

7.4 Information collection of VSM problem..............................................................................................7-3

7.5 Information collection of static hot-standby.......................................................................................7-4

7.6 Information collection of routing problem ..........................................................................................7-5

7.7 Information collection of NAT problem...............................................................................................7-6

7.8 Information collection of packet loss problem ...................................................................................7-7

7.9 Information collection of throughput exception..................................................................................7-8

7.10Information collection of system down.............................................................................................7-8

7.11 Information collection of delay problem...........................................................................................7-9

8Firewall Fault Diagnosis..................................................................................................................... 8-1

8.1 Packet processing procedure............................................................................................................8-1

8.2 Analysis command of data flow.........................................................................................................8-3

8.2.1 packet-tracer ...........................................................................................................................8-3

8.3 Capture packet on graphical interface...............................................................................................8-5

8.4 Capture command in details..............................................................................................................8-6

8.4.1 sniffer filter...............................................................................................................................8-6

8.4.2 sniffer print...............................................................................................................................8-6

8.4.3 sniffer.......................................................................................................................................8-7

8.4.4 show sniffer .............................................................................................................................8-8

8.4.5 clear sniffer filter......................................................................................................................8-9

9Firewall Maintenance Tools................................................................................................................ 9-1

9.1 Ping....................................................................................................................................................9-1

9.2 Telnet.................................................................................................................................................9-2

9.3 SSH ...................................................................................................................................................9-3

9.4 Tracert................................................................................................................................................9-5

9.5 Login to the device ............................................................................................................................9-7

9.6 TFTP/FTP..........................................................................................................................................9-7

9.7 Backup configuration file ...................................................................................................................9-8

9.8 TAC data collection............................................................................................................................9-9

10 Firewall Operation Hardware Specifications .................................................................................. 10-1

10.1 Procedure for unplugging the module ...........................................................................................10-1

10.2 Procedure for inserting a module...................................................................................................10-1

DPtech FW1000 Series Firewall Maintenance Manual v2.0

11 Firewall Operational Command Example........................................................................................11-1

11.1 Device management command..................................................................................................... 11-1

11.1.1 reboot................................................................................................................................... 11-1

11.1.2 sysname .............................................................................................................................. 11-1

11.1.3 show cpu-usage................................................................................................................... 11-2

11.1.4 show device......................................................................................................................... 11-3

11.1.5 show environment ............................................................................................................... 11-5

11.1.6 show environment fan ......................................................................................................... 11-6

11.1.7 show memory ...................................................................................................................... 11-7

11.1.8 show environment power..................................................................................................... 11-7

11.1.9 show clock........................................................................................................................... 11-8

11.1.10 show version...................................................................................................................... 11-8

11.1.11 show running-config......................................................................................................... 11-10

11.1.12 show history-command.....................................................................................................11-11

11.1.13 show slot information....................................................................................................... 11-12

11.2 Administrator................................................................................................................................ 11-13

11.2.1 local-user........................................................................................................................... 11-13

11.2.2 password ........................................................................................................................... 11-13

11.2.3 show local-users................................................................................................................ 11-14

11.3 Configuration file command......................................................................................................... 11-15

11.3.1 configuration tftp get.......................................................................................................... 11-15

11.3.2 configuration put................................................................................................................ 11-15

11.3.3 configuration save ............................................................................................................. 11-16

11.3.4 configuration delete........................................................................................................... 11-17

11.3.5 configuration switch........................................................................................................... 11-17

11.3.6 write file.............................................................................................................................. 11-18

11.4 Show virtualization....................................................................................................................... 11-19

11.4.1 show vrf ............................................................................................................................. 11-19

11.5 Show address object.................................................................................................................... 11-19

11.5.1 show security-zone............................................................................................................ 11-19

11.5.2 show ip-obj......................................................................................................................... 11-21

11.5.3 show ip-obj-group.............................................................................................................. 11-22

11.5.4 show userdefined-service.................................................................................................. 11-22

11.5.5 show pre-service ............................................................................................................... 11-23

11.5.6 show group-service ........................................................................................................... 11-24

11.6 show VLAN .................................................................................................................................. 11-25

11.6.1 show vlan........................................................................................................................... 11-25

DPtech FW1000 Series Firewall Maintenance Manual v2.0

11.6.2 show interface vlan-if......................................................................................................... 11-26

11.7 ARP command............................................................................................................................. 11-27

11.7.1 arp...................................................................................................................................... 11-27

11.7.2 show arp............................................................................................................................ 11-28

11.8 Show route command.................................................................................................................. 11-29

11.8.1 show ip route ..................................................................................................................... 11-29

11.9 Show hot-standby status.............................................................................................................. 11-30

11.9.1 show hotbackup configuration........................................................................................... 11-30

11.10 Show system log........................................................................................................................ 11-31

11.10.1 show logging.................................................................................................................... 11-31

11.10.2 show logging syslog......................................................................................................... 11-31

11.10.3 show logging syslog recent.............................................................................................. 11-32

11.11 Show operation log..................................................................................................................... 11-33

11.11.1 show logging operlog....................................................................................................... 11-33

11.11.2 show logging operlog recent............................................................................................ 11-34

11.12 Show NAT information ............................................................................................................... 11-35

11.12.1 show addrpool.................................................................................................................. 11-35

11.12.2 show src-nat..................................................................................................................... 11-36

11.12.3 show dst-nat..................................................................................................................... 11-37

11.12.4 show nat static................................................................................................................. 11-37

DPtech FW1000 Series Firewall Maintenance Manual v2.0

1Hardware Introduction

1.1 FW1000-TE-N

1.1.1 Front view

(1)

(2)

(3)

(4)

(5)

(6)

(7)

(8)

(9)

(10)

(11)

(12)

(13)

(14)

(15)

(16)

(17)

(18)

(1) Fan frame 0 (2) Fan frame 1

(3) Power module PWR2 (4) Power module PWR3

(5) Power module PWR0 (6) Power module PWR1

DPtech FW1000 Series Firewall Maintenance Manual v2.0

(7) Service slot (Slot 12) (8) Service slot (Slot 11)

(9) Service slot (Slot 10) (10) Service slot (Slot 9)

(11) Service slot (Slot 8) (12) Control slot (Slot 7)

(13) Control slot (Slot 6) (14) Service slot (Slot 5)

(15) Service slot (Slot 4) (16) Service slot (Slot 3)

(17) Service slot (Slot 2) (18) Service slot (Slot 1)

1.1.2 Rear view

(1)

(2)

(3)

(4)

(5)

(6)

(7)

(8)(9)

DPtech FW1000 Series Firewall Maintenance Manual v2.0

(1) Warning sign (2) Chassis rear cover handle

(3) Upper guide rail of dust net (4) Dust net

(5) Lower guide rail of dust net (6) Chassis handle

(7) Chassis bearing warning identification (8) Grounding screw and identification

(9) Vent

1.1.3 Product component

1. Processor

Processor is the engine for data transmitting and business processing.

2. Flash

Flash is used to store the bootstrap program files Conboot.

3. Memory

Memory is used to store the communication data with the CPU and running system.

4. CF card

Compact Flash Card (CF) is used to record logs and store multiple host files and different

configuration files.

1.2 FW1000-TS-E

1.2.1 Front view

DPtech FW1000 Series Firewall Maintenance Manual v2.0

1.2.2 Rear view

1.2.3 Product component

1. Processor

Processor is the engine for data transmitting and business processing.

2. Flash

Flash is used to store the bootstrap program files Conboot.

3. Memory

Memory is used to store the communication data with the CPU and running system.

4. CF card

Compact Flash Card (CF) is used to record logs and store multiple host files and different

configuration files

1.3 FW1000-GA-E

1.3.1 Front view

DPtech FW1000 Series Firewall Maintenance Manual v2.0

1.3.2 Rear view

1.3.3 Product component

1. Processor

Processor is the engine for data transmitting and business processing.

2. Flash

Flash is used to store the bootstrap program files Conboot.

3. Memory

Memory is used to store the communication data with the CPU and running system.

4. CF card

Compact Flash Card (CF) is used to record logs and store multiple host files and different

configuration files.

1.4 FW1000-GC-N

1.4.1 Front view

DPtech FW1000 Series Firewall Maintenance Manual v2.0

1.4.2 Rear view

1.4.3 Product component

1. Processor

Processor is the engine for data transmitting and business processing.

2. Flash

Flash is used to store the bootstrap program files Conboot.

3. Memory

Memory is used to store the communication data with the CPU and running system.。

4. CF card

Compact Flash Card (CF) is used to record logs and store multiple host files and different

configuration files.

DPtech FW1000 Series Firewall Maintenance Manual v2.0

2Hardware Installation

2.1 Preparation for Installation

To avoid possible personal injury and equipment damage, please read this chapter carefully

before installation. Note that the recommendations do not cover every possible hazardous

condition.

2.2 General Safety Recommendations



Power off your device before move it.



Place the device to the dry and ventilation place. Prevent any liquid flowing into the device.



Keep the device clean.



Clear accumulations on the device.



Only professional maintenance personnel are allowed to disassemble the device.

2.3 Examining the Installation Site

2.3.1 Temperature/Humidity Requirement

The equipment room must maintain adequate temperature and humidity so that it can ensure the

device working normally and extend service life. Long-lasting high humidity is prone to cause

bad insulation and even electricity creep age. Sometimes the mechanical performance changes

of materials, the rustiness and corrosion of some metal parts are also likely to occur. If the

relative humidity is too low, the captive screws can become loose due to insulation washer

contraction. Meanwhile, the static is likely produced in the dry environments, jeopardizing the

CMOS circuit of the product. The higher the temperature is, the greater the damage to your

device. Long-lasting high temperature can speed up the aging of the insulation materials, greatly

lower the device reliability, and hence significantly shorten its service life. (See the following

table).

DPtech FW1000 Series Firewall Maintenance Manual v2.0

Table 2-1 Temperature/humidity requirement in the equipment room

Temperature Relative humidity

5℃～40℃20%~80%(non-condensation)

2.3.2 Cleanliness Requirement

Dust is a hazard to the operating safety of your device. The dust accumulated on the chassis can

cause electrostatic adsorption, one of the sources that cause the poor contact of connectors or

metal contact points. This not only shortens the service life of your device but also causes

communications failures. When the indoor relative humidity is low, electrostatic adsorption is

more likely to happen. The contents of the dust must be limited to the values shown in the

following table.

Table 2-2 Cleanliness requirement

Substance Unit Content

Dust Particles/m³

≤3 × 104

(No visible dust on the table top

for three days)

Note: Diameter of a dust particle

≥ 5µm

Besides the dust, there are rigorous limits on the harmful gases that can accelerate the erosion

and aging of metals, such as salts, acids, and sulfides. Equipment room should prevent from

harmful gases such as 𝑆𝑂2, 𝐻2𝑆, 𝑁𝐻3, 𝐶𝐿2(see the following table).

Table 2-3 Limit value

Gas Maximum

（𝐦𝐠/𝒎𝟑）

𝑆𝑂2

0.2

𝐻2𝑆

0.006

𝑁𝐻3

0.05

𝐶𝐿2

0.01

DPtech FW1000 Series Firewall Maintenance Manual v2.0

2.3.3 ESD Requirement

Although the device is designed to be electrostatic discharge (ESD) preventive, the device

circuits and even the device can be badly damaged when excessive static electricity is present.

To get much better ESD effect, you should:



Connect your device to the earth ground properly.



Keep the equipment room as clean as possible.



Maintain adequate temperature and humidity。



Wear an ESD-preventive wrist strap and clothes when handling the circuit board.

2.3.4 Anti-interference Requirement

All interference sources, wherever they are from, impact the firewall through conduction mode of

capacitance coupling, inductance coupling, electromagnetic wave radiation, common

impedance (including grounding system) coupling and wires.

To resist the interference, you should pay attention to:



The alternating power supply system is TN system. TheAC power socket should adopt

single-phase three-wire socket with protection ground wire to filter electricity power

interference by the device filter circuit.



Keep the device far from strong power radio launchers, radar launchers, and high frequency

and high-current equipment.



Use electromagnetic shielding when necessary, such as using shielded cable as interface

cable.



Require you using interface cable indoors, not use it outdoors, to prevent overvoltage and

overcurrent damaging the device by thunder.

2.3.5 Lightning Protection

Although the firewall is designed to be lightning resistant, your device can get damaged when

excessive lightning is present. To protect your device against lightning:



Ensure the chassis is connected to the earth ground.



Ensure the ground point of the power socket is well connected to the earth ground.



Add a lightning arrester onto the front end of the power input to better protect the power

supply from lightning strikes.

DPtech FW1000 Series Firewall Maintenance Manual v2.0

2.3.6 .Grounding Requirement

Reliable grounding system is the basis for stable and reliable operation of the equipment, and is

important for lightning protection, anti-interference, ESD protection. You must provide a good

grounding system for the device.

2.3.7 Wiring Cable Requirement

Cables connect the device should be indoors, not wiring outdoors. When you wiring indoors, you

should pay attention to the followings:



Do not wiring cables in walking area, so that can avoid the cables to be damaged or

dropped accidently.



When you wiring cables, the cables should be straight, not curved or twined.



You should bundle the cables if there are too many cables, and according to different types

to bundle the cables (such as power cord, interface cable, grounding wire).

DPtech FW1000 Series Firewall Maintenance Manual v2.0

2.4 Installation Procedure

2.5 Mounting the Device to a Specific Site

(1) Mounting Ears

Other manuals for FW1000 SERIES

Table of contents

Popular Firewall manuals by other brands

SonicWALL

SonicWALL SMA 400 Administration guide

NETGEAR

NETGEAR FWG114P - ProSafe 802.11g Wireless Firewall Reference manual

Lanner

Lanner NCA-5220 user manual

PaloAlto Networks

PaloAlto Networks PA-5400 Series Hardware reference

D-Link

D-Link NetDefend DFL-800 Quick guide / user manual

ZyXEL Communications

ZyXEL Communications ZyWALL USG Series reference guide

Nexcom

Nexcom NSA 3180A user manual

Draytek

Draytek Vigor2830 Series user guide

Cisco

Cisco 5505 - ASA Firewall Edition Bundle quick start guide

ZyXEL Communications

ZyXEL Communications ZyXEL ZyWALL IDP 10 Support notes

Cisco

Cisco C170 quick start guide

PaloAlto Networks

PaloAlto Networks PA-200 Hardware reference guide

Cisco

Cisco Firepower 4100 Series Hardware installation guide

Dell

Dell SonicWALL TZ300 quick start guide

Stormshield

Stormshield SN160 PRODUCT PRESENTATION AND INSTALLATION

Fortinet

Fortinet FortiGate-7060E Handbook

Fortinet

Fortinet FortiGate FortiGate-100A Administration guide

SonicWALL

SonicWALL PRO 2040 Getting started guide

DPtech FW1000 SERIES User manual

Popular Firewall manuals by other brands