Forcepoint S1104 Installation instructions
Sidewinder
Hardware Guide
Models S1104, S2008, S3008
Revision E
2
Table of contents
Preface...................................................................................................................................... 3
Find product documentation.......................................................................................................................... 3
1 Introducing the appliances................................................................................................................................. 4
Models and features...................................................................................................................................... 4
Supported software........................................................................................................................................ 6
Network ports and NICs................................................................................................................................ 6
Types of management ports..........................................................................................................................7
eUSB support................................................................................................................................................8
Regulatory information................................................................................................................................... 8
2 Configuring the management ports.................................................................................................................10
Configure a dedicated management port.................................................................................................... 10
Configure the Remote Management Module.............................................................................................. 10
3 Re-imaging an appliance................................................................................................................................. 12
Update the eUSB device............................................................................................................................. 12
Re-image the appliance using the eUSB device....................................................................................... 13
Download the USB image and write it to a USB drive............................................................................... 14
Re-image the appliance using a USB drive................................................................................................ 14
4 Diagnosing hardware problems......................................................................................................................16
Run hardware diagnostics.......................................................................................................................... 16
View the system event log.......................................................................................................................... 17
S1104 control panel indicator lights............................................................................................................ 18
S2008 and S3008 control panel indicator lights..........................................................................................19
Preface | 3
Preface
This guide provides the information you need to configure, use, and maintain your product.
Find product documentation
On the Forcepoint support website, you can find information about a released product, including product
documentation, technical articles, and more.
You can get additional information and support for your product on the Forcepoint support website at https://
support.forcepoint.com. There, you can access product documentation, Knowledge Base articles, downloads,
cases, and contact information.
Introducing the appliances | 4
Introducing the appliances
The features and capabilities of models S1104, S2008, and S3008 allow you to plan and configure an appliance.
Models and features
Forcepoint™ Sidewinder® models S1104, S2008, and S3008 include the following features.
Table 1: Model features
Model Network
ports
Dedicated
management port?
Remote Management
Module?
Integrated SSL
accelerator?
Rack
height
S1104 4 No No No 1U
S2008 8 Yes No No 1U
S3008 8 Yes Yes Yes 1U
Model S1104
This figure shows the attributes of model S1104.
Figure 1: Model S1104 front panel
Number Description
1 Power button
2 RS-232 serial port
3 VGA port
4 Network port 1-0
5 Network port 1-1
6 Network port 1-2
7 Network port 1-3
8 USB ports
Introducing the appliances | 5
Model S2008
This figure shows the attributes of model S2008.
Figure 2: Model S2008 front panel
Number Description
1 Network port 1-0
2 Network port 1-1
3 Network port 1-2
4 Network port 1-3
5 Network port 1-4
6 Network port 1-5
7 Network port 1-6
8 Network port 1-7
9 Dedicated management port
10 VGA port
11 USB ports
12 RS-232 serial port
13 Power button
14 USB port
Model S3008
This figure shows the attributes of model S3008.
Figure 3: Model S3008 front panel
Introducing the appliances | 6
Number Description
1 Network port 1-0
2 Network port 1-1
3 Network port 1-2
4 Network port 1-3
5 Network port 1-4
6 Network port 1-5
7 Network port 1-6
8 Network port 1-7
9 Remote Management Module port
10 Dedicated management port mgr1
11 VGA port
12 USB ports
13 RS-232 serial port
14 Power button
15 USB port
Supported software
Several Sidewinder software versions are supported.
Model S1104
•Version 7 — 7.0.1.02.HW02 rev. B and later
•Version 8 — 8.1.1 and later
Models S2008 and S3008
•Version 7 — 7.0.1.02.HW03 and later
•Version 8 — 8.1.1 and later
Network ports and NICs
Sidewinder models S1104, S2008, and S3008 have multiple 1 gigabit RJ45 copper network ports, which are
physically labeled. These port labels correspond to Sidewinder NIC (network interface card) names for software
version 8.1.1 and later.
In version 8.1.1 and later, software NIC names for network ports are derived from a combination of two factors:
• Ethernet port number (labeled on the network module)
• Network module bay number where the Ethernet port is installed (“1” is used for appliances that do not have
network module bays)
This information is combined to create the NIC name as follows:
<module bay number>-<Ethernet port number>
Introducing the appliances | 7
The following table shows the NIC names for version 8.1.1 and later.
Table 2: NIC names in version 8.1.1
Model Software NIC names
S1104 1-0 to 1-3
S2008 1-0 to 1-7
S3008 1-0 to 1-7
Types of management ports
There are two types of management ports: dedicated management ports and Remote Management Module
ports.
Dedicated management ports
Models S2008 and S3008 include a single 10/100/1000 RJ45 copper dedicated management port, which
provides additional network connection options for management traffic.
Note: Model S1104 does not include a dedicated management port.
Supported types of network traffic
Dedicated management ports can be used for several types of network traffic.
• Firewall administration, including:
• Sidewinder Admin Console
• Forcepoint Sidewinder
• Secure Shell
• Streaming log data to remote servers, including:
• Syslog server
• High Availability heartbeat
Note: Conventional network ports can also be used for these types of traffic.
Identifying the management port
For Sidewinder version 8.1.1 and later, the management port NIC is named mgr1.
Remote Management Module port
Model S3008 includes a single 10/100 RJ45 copper Remote Management Module port, which provides system
management features independent from the Sidewinder operating system.
The Remote Management Module port cannot be used by Sidewinder and the port does not appear in the list of
firewall interfaces.
Introducing the appliances | 8
Note: Models S1104 and S2008 do not include Remote Management Module ports.
Features
You can use the Remote Management Module web interface to perform several tasks.
• View system information
• View system health, including:
• Sensor readings
• Event log
• Control the appliance remotely using console redirection
• Turn the appliance on or off
eUSB support
Some S2008 or S3008 models contain an integrated eUSB device that allows you to re-image the appliance or
run hardware diagnostics without the use of external media.
To determine if your model includes the eUSB device, locate the appliance part number. The part number can be
found on your activation certificate, or printed on a label on the appliance cover.
Appliances with the following part numbers contain the eUSB device:
•S2008 — 610-1653-05 or higher
•S3008 — 610-1654-05 or higher
Related tasks
Update the eUSB device on page 12
You can use the eUSB Flashing Utility to update the versions available on the eUSB device.
Regulatory information
In compliance with Federal Communications Commission (FCC) regulations, this section provides information
about the appliance models and contact information.
Model information
The regulatory information applies to Sidewinder S1104, S2008, and S3008 models.
Table 3: Regulatory model information
Sidewinder model Regulatory model
S1104 S1104
S2008 S2008/S3008
S3008 S2008/S3008
Introducing the appliances | 9
Contact information
Use the following information to contact us.
Forcepoint LLC
10900-A Stonelake Blvd
Quarry Oaks 1, Ste 350
Austin TX 78759
USA
+1-800-723-1166
Configuring the management ports | 10
Configuring the management ports
You need to enable the dedicated management ports for models S2008 and S3008, and Remote Management
Module for model S3008 to manage network traffic.
Configure a dedicated management port
The dedicated management ports included with models S2008 and S3008 are disabled by default. To configure
and enable a dedicated management port, perform these steps.
1. Create a zone for the management network.
2. Configure the NIC that corresponds to the dedicated management port and assign it to the management
zone.
3. Create or modify access control rules to allow the appropriate management traffic.
Related concepts
Dedicated management ports on page 7
Models S2008 and S3008 include a single 10/100/1000 RJ45 copper dedicated management port, which
provides additional network connection options for management traffic.
Configure the Remote Management Module
The Remote Management Module included with model S3008 is disabled by default. Perform these tasks to
configure and use the Remote Management Module.
If the appliance is deployed in a production environment, schedule a maintenance interval to enable the Remote
Management Module.
Related concepts
Remote Management Module port on page 7
Model S3008 includes a single 10/100 RJ45 copper Remote Management Module port, which provides system
management features independent from the Sidewinder operating system.
Connect the Remote Management Module port
To use the Remote Management Module, connect the Remote Management Module port to a network.
CAUTION: We recommend connecting the Remote Management Module port to a dedicated
management network that meets the security needs of your organization.
Enable the Remote Management Module
You can configure and enable the Remote Management Module.
1. Enter the appliance BIOS menu.
1. Restart or turn on the appliance.
2. Press F2 to enter the BIOS menu.
3. Navigate to the Server Management tab.
Configuring the management ports | 11
4. Select BMC LAN Configuration.
2. Configure the following options:
• IP address
• Subnet mask
• Gateway IP address
3. In the User configuration area, specify at least one user that will be allowed to access the appliance from a
remote host.
1. In the User ID field, select the user ID that you want to configure.
Tip: The appliance has five user IDs for user information: anonymous, root, User3,
User4, and User5. Each user ID can be enabled or disabled and assigned a privilege.
2. Configure the following options:
• Privilege
• User name
• User password
3. In the User status field, select Enable to activate the user ID.
4. Press F10 to exit the BIOS and save the changes.
Connect to the Remote Management Module web
interface
Perform these steps to connect to the Remote Management Module web interface from a remote computer.
1. In a web browser, go to https://<IP of Remote Management Module>. The first time you connect,
accept the SSL certificate.
2. Specify a user name and password, then click Login. The homepage appears.
3. Click the tab that corresponds to the task you want to perform.
Tip: For option descriptions, click Help.
Table 4: Web interface tabs
Tab Task
System Information View appliance information
Server Health • View sensor readings
• View the event log
Configuration • Configure Remote Management Module network settings
• Manage Remote Management Module users
• Upload a new SSL certificate
• Configure LDAP (Lightweight Directory Access Protocol)
Remote Control • Access the appliance console
• Turn the appliance on or off
CAUTION: When modifying network settings for the Remote Management Module on the
Configuration tab, select Intel RMM3 from the LAN Channel drop-down list. Do not configure
the Baseboard Mgmt LAN channel.
Re-imaging an appliance | 12
Re-imaging an appliance
Serious issues might require you to re-install or re-image your Sidewinder appliance.
• If the appliance is deployed in a production environment, schedule a maintenance interval to perform the re-
imaging procedure.
• If you want to preserve the firewall configuration, create a configuration backup and save it off the appliance.
For instructions on creating a configuration backup, refer to the Forcepoint Sidewinder Product Guide.
• If your appliance does not have an integrated eUSB device, locate the installation USB drive that was included
with the appliance. If you cannot find the USB drive, download the USB image and write it to a USB drive.
• All S1104, S2008, and S3008 models can be re-imaged using an installation USB drive.
• Some S2008 and S3008 models contain an integrated eUSB device that allows the appliances to be re-
imaged without external media.
Update the eUSB device
You can use the eUSB Flashing Utility to update the versions available on the eUSB device.
Verify that your appliance has an integrated eUSB device.
Select the type of media for the eUSB Flashing Utility image.
• USB — The USB drive must be 2 GB or larger.
• DVD — S models do not have a DVD drive — an external USB DVD drive is needed.
Note: We recommend using USB media.
The versions that shipped with your appliance might not be the most current, or you might have different eUSB
versions throughout your network. With the eUSB Flashing Utility, you can update the versions available for your
appliances.
Note: Firewall S1104 models do not have an eUSB device.
1. Download the update tool.
1. Go to https://support.forcepoint.com/Downloads.
2. Enter your logon credentials, then navigate to the appropriate product and version.
3. Select the eUSB Flashing Utility file and write the image to a DVD or USB drive.
• USB drive
1. Download the USB .img image.
2. Write the image to the USB drive.
Note: See Knowledge Base article 9307.
• DVD
1. Download the .iso image.
2. From your local hard drive, right-click the .iso image file and select Burn disk image.
3. When prompted, insert a blank DVD disc.
2. Restart the appliance to the media you created.
1. Insert the media into the appliance.
2. Restart the appliance.
Re-imaging an appliance | 13
3. When Press <F2> to enter SETUP, <F6> Boot Menu, <F12> for Network Boot appears on the
screen, press F6.
4. Select the drive that the media is in.
5. When prompted Would you like to update your eUSB image?, select Yes.
The eUSB Flashing Utility opens and searches for the eUSB device.
6. When the device is found, select Yes to proceed.
Note: If the eUSB device cannot be found, the system shows an error message and
prompts you to restart.
3. When complete, you are prompted to restart; select Yes.
4. After the system restarts, remove the media.
Re-image the appliance using the eUSB device
Use the integrated eUSB device to re-image the appliance.
Determine if your model contains an eUSB device. See eUSB support in this guide for more information.
1. Connect your appliance to a monitor and keyboard or serial console.
2. Restart or turn on the appliance.
3. During startup, press F6 to access the one-time boot settings.
4. From the list of boot options, select McAfee Firewall.
The appliance boots from the integrated installation media and displays standard boot-up information.
5. At the welcome menu, select the appropriate option.
• If you are using a mouse and keyboard, type 1, then press Enter.
• If you are using a serial console, type 4, then press Enter.
The appliance continues starting.
6. When prompted, choose the version you want to install.
1. Use the arrow keys and spacebar to select the version.
2. Select OK, then press Enter.
Installation begins. When the operation completes, a menu appears.
7. On the post-installation menu, select Reboot, then press Enter.
The appliance restarts and boots the Sidewinder version you installed.
8. Provide the initial configuration using one of these methods:
• Insert a USB drive containing a disaster recovery backup into one of the appliance USB ports.
• Use the Quick Start Wizard on a Windows-based computer to create an initial configuration file and save
it to a USB drive, then insert the USB drive into the appliance.
• Complete the text-based Quick Start Wizard at the appliance terminal.
Related concepts
eUSB support on page 8
Re-imaging an appliance | 14
Some S2008 or S3008 models contain an integrated eUSB device that allows you to re-image the appliance or
run hardware diagnostics without the use of external media.
Download the USB image and write it to a USB
drive
If you do not have the installation USB drive that was included with the appliance, perform this procedure to
create a new one.
1. Download the USB image.
1. In a web browser, navigate to https://support.forcepoint.com/Downloads.
2. Enter your logon credentials, then navigate to the appropriate product and version.
3. Download the USB image (.zip) file.
Note: Make sure the version you download is compatible with the appliance.
2. Write the image to a USB drive. See Knowledge Base article 9307.
Related concepts
Supported software on page 6
Several Sidewinder software versions are supported.
Re-image the appliance using a USB drive
If your appliance does not have an eUSB device, you must use a USB drive to re-image.
CAUTION: Re-imaging an appliance removes all configuration and log data.
1. Boot the appliance from the physical installation media that you created.
• If the appliance is on, insert the USB drive and restart the appliance.
• If the appliance is off, insert the USB drive and turn on the appliance.
The appliance starts and displays standard boot-up information.
2. When the appliance starts, enter the boot menu.
• For S1104 models, press F7.
• For S2008 and S3008 models, press F6.
3. At the boot menu, select the installation USB drive.
Note: The name of the drive depends on the USB drive used.
The appliance boots from the USB drive.
4. At the Welcome to Forcepoint Sidewinder menu, select the appropriate option.
• If you are using a mouse and keyboard, press Enter to accept the default.
• If you intend to use a serial console, type 4 and press Enter.
5. When the installation complete message appears, remove the installation media from the appliance.
6. Press R to restart the appliance, then press Enter.
The appliance restarts and boots the Sidewinder version you installed.
7. Provide the initial configuration using one of these methods:
Re-imaging an appliance | 15
• Insert a USB drive containing a disaster recovery backup into one of the appliance USB ports.
• Use the Quick Start Wizard on a Windows-based computer to create an initial configuration file and save
it to a USB drive, then insert the USB drive into the appliance.
• Complete the text-based Quick Start Wizard at the appliance terminal.
Diagnosing hardware problems | 16
Diagnosing hardware problems
Sidewinder models S2008 and S3008 contain tools you can use to diagnose hardware problems.
Run hardware diagnostics
The diagnostics utility is independent of the appliance operating system, so the appliance must be restarted to
run the diagnostics.
• Determine if your model contains an eUSB device.
Some S2008 and S3008 models contain an integrated eUSB device that includes a hardware diagnostic
utility. See eUSB support in this guide for more information.
• If the appliance is deployed in a production environment, schedule a maintenance interval to run hardware
diagnostics.
• Make sure your appliance is not connected to a network.
Note: If you want to run a comprehensive test on the NIC ports, use a crossover cable to connect
any network port to another port in the same system.
Use these high-level steps to run diagnostics on your appliance.
Note: For complete instructions, including how to create an IDT CD or USB, see the Intel
Diagnostics Tool for McAfee Appliances Instructions.
1. Determine the IDT media source — eUSB, CD, or USB drive.
CAUTION: If you use the eUSB IDT, you will not be able to save the test logs.
2. Prepare your appliance.
If external media is used, insert the CD or USB drive during this step.
3. Start the diagnostic utility.
4. Run the hardware test.
5. [Optional] Run another type of test.
6. Exit the diagnostic utility.
7. [Optional] View the log created by the test with the edit fsz:\result.log command.
8. Restart the appliance with the reset command.
If external media was used, remove it before restarting.
Related concepts
eUSB support on page 8
Diagnosing hardware problems | 17
Some S2008 or S3008 models contain an integrated eUSB device that allows you to re-image the appliance or
run hardware diagnostics without the use of external media.
View the system event log
You can view the system event log (SEL) by connecting to the Remote Management Module or by using the
integrated system event log viewer.
Note: If the Sidewinder IPMI daemon (ipmid) is enabled, system event log events are converted
to firewall audit entries and removed from the system event log. If you want to use the system
event log to monitor hardware events instead of the firewall audit, disable ipmid by running the
command cf daemond disable agent=ipmid.
Use the Remote Management Module
To view the system event log from a remote location, use the Remote Management Module.
1. In a web browser, go to https://<IP of Remote Management Module>.
2. Specify your credentials and log on.
3. Click the Server Health tab.
4. Click Event Log.
Use the integrated system event log viewer
If you have local access to the appliance, use the integrated system event log viewer to view the system event
log.
1. Connect your appliance to a monitor and keyboard.
2. Restart or turn on the appliance.
3. When the appliance starts, press F6 to access the one-time boot settings.
4. From the list of boot options, select Internal EFI Shell.
The EFI shell starts and a countdown timer appears. When the countdown is complete, the Intel Diagnostic
Tool menu appears.
CAUTION: Wait for the countdown to finish. Do not press any key.
5. At the fs0:\> prompt, run the sel command. The system event log viewer appears.
Tip: For instructions on how to use the system event log viewer, select Help.
Diagnosing hardware problems | 18
S1104 control panel indicator lights
The control panel of S1104 model has two status indicator lights. The control panel is found on the front of the
chassis.
Figure 4: S1104 control panel indicator lights
1. Power button
2. System power
3. Hard drive activity
The following table summarizes the indicator light states and the corresponding hardware component status.
Table 5: S1104 indicator light states
Indicator light Color State Status
Blue Solid Power onSystem power
Off Off Power off
Amber Random blink Hard disk activity in progressDisk activity
Off Off No hard disk activity
Diagnosing hardware problems | 19
S2008 and S3008 control panel indicator lights
The control panel of S2008 and S3008 models has four status indicator lights. The control panel is found on the
front of the chassis.
Figure 5: S2008 and S3008 control panel indicator lights
1. NIC 1
2. System power
3. System status
4. Hard drive activity
5. Power button
6. USB port
The following table summarizes the indicator light states and the corresponding hardware component status.
Table 6: S2008 and S3008 indicator light states
Indicator light Color State Status
Solid NIC link/no accessNIC 1 Green
Blink LAN access
Green Solid Power onSystem power
Off Off Power off
Green Random blink Hard disk activity in progressDisk activity
Off Off No hard disk activity
The following table describes the system status indicator light.
Table 7: S2008 and S3008 system status indicator light
Color State Status
Solid System booted and readyGreen
Blink System degraded:
• Non-critical temperature threshold asserted
• Non-critical voltage threshold asserted
• Non-critical fan threshold asserted
Diagnosing hardware problems | 20
Color State Status
• Fan redundancy lost, sufficient system cooling maintained
Note: This does not apply to non-redundant systems.
• Power supply predictive failure
• Power supply redundancy lost
Note: This does not apply to non-redundant systems.
• Correctable errors over a threshold of 10 and migrating to
a mirrored DIMM (memory mirroring)
Note: This indicates the appliance no longer has spare
DIMMs indicating a redundancy lost condition. The
corresponding DIMM indicator light should light up.
Blink Non-fatal alarm — System is likely to fail:
• CATERR asserted
• Critical temperature threshold asserted
• Critical voltage threshold asserted
• VRD hot asserted
• SMI Timeout asserted
Amber
Solid Fatal alarm — System has failed or shut down:
• CPU missing
• Thermal Trip asserted
• Non-recoverable temperature threshold asserted
• Non-recoverable voltage threshold asserted
• Power fault/Power Control Failure
• Fan redundancy lost, insufficient system cooling
Note: This does not apply to non-redundant systems.
• Power supply redundancy lost insufficient system power
Note: This does not apply to non-redundant systems.
Off Off System powered off
Copyright © 1996 - 2016 Forcepoint LLC
Forcepoint™ is a trademark of Forcepoint LLC.
SureView®, ThreatSeeker®, TRITON®, Sidewinder® and Stonesoft® are registered trademarks of Forcepoint LLC.
Raytheon is a registered trademark of Raytheon Company.
All other trademarks and registered trademarks are property of their respective owners.
This manual suits for next models
2
Table of contents
Other Forcepoint Network Hardware manuals
