Stonesoft StoneGate FW-5000 Series User manual
Appliance Installation Guide
FW-5000 Series
2
Legal Information
End-User License Agreement
The use of the products described in these materials is subject to the then current end-user license
agreement, which can be found at the Stonesoft website:
www.stonesoft.com/en/support/eula.html
Third Party Licenses
The StoneGate software includes several open source or third-party software packages. The appropriate
software licensing information for those products at the Stonesoft website:
www.stonesoft.com/en/support/third_party_licenses.html
U.S. Government Acquisitions
If Licensee is acquiring the Software, including accompanying documentation on behalf of the U.S.
Government, the following provisions apply. If the Software is supplied to the Department of Defense
(“DoD”), the Software is subject to “Restricted Rights”, as that term is defined in the DOD Supplement to
the Federal Acquisition Regulations (“DFAR”) in paragraph 252.227-7013(c) (1). If the Software is supplied
to any unit or agency of the United States Government other than DOD, the Government’s rights in the
Software will be as defined in paragraph 52.227-19(c) (2) of the Federal Acquisition Regulations (“FAR”).
Use, duplication, reproduction or disclosure by the Government is subject to such restrictions or successor
provisions.
Product Export Restrictions
The products described in this document are subject to export control under the laws of Finland and the
European Council Regulation (EC) N:o 1334/2000 of 22 June 2000 setting up a Community regime for the
control of exports of dual-use items and technology (as amended). Thus, the export of this Stonesoft
software in any manner is restricted and requires a license by the relevant authorities.
General Terms and Conditions of Support and Maintenance Services
The support and maintenance services for the products described in these materials are provided pursuant
to the general terms for support and maintenance services and the related service description, which can be
found at the Stonesoft website:
www.stonesoft.com/en/support/view_support_offering/terms/
Replacement Service
The instructions for replacement service can be found at the Stonesoft website:
www.stonesoft.com/en/support/view_support_offering/return_material_authorization/
Hardware Warranty
The appliances described in these materials have a limited hardware warranty. The terms of the hardware
warranty can be found at the Stonesoft website:
www.stonesoft.com/en/support/view_support_offering/warranty_service/
Trademarks and Patents
The products described in these materials are protected by one or more of the following European and US
patents: European Patent Nos. 1065844, 1189410, 1231538, 1259028, 1271283, 1289183, 1289202,
1304849, 1313290, 1326393, 1379046, 1330095, 131711, 1317937 and 1443729 and US Patent
Nos. 6,650,621; 6 856 621; 6,885,633; 6,912,200; 6,996,573; 7,099,284; 7,127,739; 7,130,266;
7,130,305; 7,146,421; 7,162,737; 7,234,166; 7,260,843; 7,280,540; 7,302,480; 7,386,525;
7,406,534; 7,461,401; 7,721,084; and 7,739,727 and may be protected by other EU, US, or other
patents, or pending applications. Stonesoft, the Stonesoft logo and StoneGate, are all trademarks or
registered trademarks of Stonesoft Corporation. All other trademarks or registered trademarks are property
of their respective owners.
Disclaimer
Although every precaution has been taken to prepare these materials, THESE MATERIALS ARE PROVIDED
"AS-IS" and Stonesoft makes no warranty to the correctness of information and assumes no responsibility
for errors, omissions, or resulting damages from the use of the information contained herein. All IP
addresses in these materials were chosen at random and are used for illustrative purposes only.
Copyright © 2010 Stonesoft Corporation. All rights reserved. All specifications are subject to change.
Revision: SGAIG_5000_20100812
Introduction 3
Introduction
Thank you for choosing Stonesoft’s StoneGate™ appliance. This guide
provides instructions for the initial hardware installation and the
maintenance of the FW-5000-series appliances. See Product
Documentation (page 4) for information on other available
documentation.
The use of the appliance is subject to the acceptance of the End User
License Agreement, which can be found at the Stonesoft website.
Contents
Installation Procedure .................. 4
Product Documentation ................ 4
Safety Precautions ....................... 5
Unpacking the Appliance .............. 7
Front Panel .................................. 8
Rack-Mounting............................. 11
Connecting the Cables ................. 17
Initial Configuration ...................... 19
Command-Line Management......... 27
Maintenance Operations............... 28
Ethernet Port Numbering .............. 36
Port Indicators ............................. 44
Disposal Instructions ................... 50
Caution – Read the Safety Precautions (page 5) before you conduct
any installation or maintenance operations on the appliance.
4Installation Procedure
Installation Procedure
TTo install the appliance
1. Configure the Firewall element in the Management Client, and
save the initial configuration on a USB memory stick. See the
Firewall/VPN Installation Guide.
2. Install the appliance into a rack and connect the cables. See
Connecting the Cables (page 17) and Connecting the Cables
(page 17).
3. Insert the USB memory stick in a USB port on the appliance, and
reboot the appliance to import the initial configuration. See Initial
Configuration (page 19).
Product Documentation
Press F1 in any Management Client window to view the Online Help.
All PDF guides are available:
• On the Management Center CD-ROM (in the Documentation folder)
• At the Stonesoft website at http://www.stonesoft.com/en/support/
technical_support_and_documents/manuals/
Install the free Adobe Reader program to view the PDF documents
(available at www.adobe.com/reader/).
Note – You must have a working Management Center on a separate
server to bring the appliance(s) operational. See the StoneGate
Management Center Installation Guide.
Management
Client
Management
Server
Initial
Configuration
File
USB Memory
Stick
ApplianceUSB Memory
Stick
Safety Precautions 5
Safety Precautions
The following safety information and procedures should be followed
whenever working with electronic equipment.
Electrical Safety Precautions
Basic electrical safety precautions should be followed to protect yourself
from harm and the appliance from damage:
• Be aware of the location of the power on/off switch as well as the
room's emergency power-off switch, disconnection switch, or
electrical outlet. If an electrical accident occurs, you can then quickly
cut power to the system.
• Do not work alone when working with high-voltage components.
• Before removing or installing main system components, be sure to
disconnect the power first. Turn off the system before you disconnect
the power cord.
• Use only one hand when working with powered-on electrical
equipment. This is to avoid making a complete circuit, which will
cause electrical shock. Use extreme caution when using metal tools,
which can easily damage any electrical components or circuit boards
they come into contact with.
• Do not use mats designed to decrease electrostatic discharge as
protection from electrical shock. Instead, use rubber mats that have
been specifically designed as electrical insulators.
• The power supply cord must include a grounding plug and must be
plugged into a grounded electrical outlet. Use only the cord supplied
with the appliance.
• The power cord plug cap that plugs into the AC receptacle on the
power supply must be an IEC 320, sheet C13, type female connector.
• If you have to replace the motherboard battery, install it the same way
as the original battery. Make sure that the positive side faces up on
the motherboard. This battery must be replaced only with the same
or an equivalent type recommended by the manufacturer. Dispose of
used batteries according to the manufacturer's instructions.
• Do not open the enclosures of power supplies or CD-ROM to avoid
injury.
6Safety Precautions
General Safety Precautions
Follow these rules to ensure general safety:
• Keep the area around the appliance clean and free of clutter.
• The appliance weighs approximately 27 kg (60 lbs.) when fully
loaded. When lifting the appliance, two people at either end should
lift slowly with their feet spread out to distribute the weight. Always
keep your back straight and lift with your legs.
• We recommend using a regulating uninterruptible power supply (UPS)
to protect the device from power surges, voltage spikes and to keep
your system operating in case of a power failure.
ESD Precautions
Electrostatic discharge (ESD) is generated by two objects with different
electrical charges coming into contact with each other. An electrical
discharge is created to neutralize this difference, which can damage
electronic components and printed circuit boards. Use a grounded wrist
strap designed to prevent static discharge.
Laser Precautions
Class 1 Laser Product.
Operating Precautions
Care must be taken to assure that the appliance cover is in place when
the appliance is operating to ensure proper cooling. If this rule is not
strictly followed, the warranty may become void. Do not open the power
supply casing. Power supplies can only be accessed and serviced by a
qualified technician of the manufacturer.
Note – Use a UPS (Uninterruptible Power Supply) in critical
environments with your StoneGate appliance. If after a brief power
outage your StoneGate appliance only partially starts up (for example,
the power light is on, but the NIC LEDs are off and the appliance does
not connect) turn the appliance off for five seconds and then back on.
Caution – Class 3B visible and invisible laser radiation when CD-ROM
drive is open. Avoid exposure to the beam.
Caution – Invisible laser radiation emitted from the end of fiber cable
and from the aperture of the port when no fiber cable is connected.
Do not stare into the beam and avoid direct exposure to the beam.
Unpacking the Appliance 7
Operating and Storage Temperatures
The allowed operating temperature of the appliance is +10...+35ºC. The
allowed storage temperature is -40...+70ºC. Do not operate or store the
appliance in temperatures outside these limits.
Lithium Battery Precautions
Unpacking the Appliance
Inspect the box the appliance was shipped in and note if it was
damaged in any way. If the device itself shows damage, file a damage
claim with the carrier who delivered it.
Do not remove the anti-tamper tapes on any part of the appliance.
Caution – The battery must be replaced by authorized service
personnel only. Danger of explosion if battery is incorrectly replaced.
Replacement battery must be same or equivalent type recommended
by the manufacturer. Used batteries must be discarded according to
the manufacturer’s instructions. Short-circuiting the battery may heat
the battery and cause severe injuries.
8Front Panel
Front Panel
Front Panel With Cover
Front Panel Under the Cover
The front panel has SCA hard drives, a CD-ROM drive, and two USB
ports. There are two more USB ports on the back of the appliance. See
Connecting the Cables (page 17). The front panel also has six LED
indicators and three buttons, which are explained below.
Power Indicator
Buttons
LED Indicators
USB Ports
CD-ROM Drive
SCA Hard Drives
Front Panel 9
Front Panel Indicators
The front panel has six LED indicators in the upper right corner. The
LEDs provide you with critical information related to different parts of the
system.
Table 1 Front Panel LEDs
Indicates that there is no power being supplied to a
redundant power supply or that a power supply is not
operating correctly.
Indicates an overheat condition in the appliance. This
may be caused by cables obstructing the airflow in the
system or the ambient room temperature being too warm.
Indicates traffic on the onboard LAN2 Ethernet interface
(check the port number on the back panel).
Indicates traffic on the onboard LAN1 Ethernet interface
(check the port number on the back panel).
Indicates hard drive activity when flashing.
Indicates power is being supplied to the system's power
supply unit. This LED is illuminated when the system is
operating normally.
10 Front Panel
Front Panel Buttons
There are three push-buttons in the upper right corner of the front panel.
Do not press them if the appliance is online (processing traffic) and
operating normally.
Table 2 Front panel buttons
This button is not currently used.
This is the reset button, which reboots the system.
Use the button only if it is not possible to reboot using
either the Management Client or command line
command.
This is the main power button, which is used to turn
on/off the main system power. Turning off the
appliance keeps standby power supplied to the
system.
Rack-Mounting 11
Rack-Mounting
There are a variety of rack units on the market, so the assembly
procedure may differ slightly from what is instructed in this guide. Refer
to the instructions that came with the rack unit you are using.
The rail assemblies supplied with the appliance are designed for rack
depths from 28 to 33 inches.
Preparing for Rack-Mounting
The appliance delivery includes the rail assemblies and the mounting
screws you need to install the system into the rack.
Read the sections below before you begin the installation.
Choosing a setup location
Decide on a suitable location for the rack unit that will hold the
appliance:
• The appliance must be situated in a clean, dust-free area that is well
ventilated.
• Avoid areas where heat, electrical noise and electromagnetic fields
are generated.
• Leave enough clearance in front of the rack to enable you to open the
front door completely (~63 cm/25 inches).
• Leave enough clearance in the back of the rack to allow for sufficient
airflow and ease in servicing (~76 cm/30 inches).
Rack precautions
• Ensure that the leveling jacks on the bottom of the rack are fully
extended to the floor with the full weight of the rack resting on them.
• In single rack installation, stabilizers should be attached to the rack.
• In multiple rack installations, the racks should be coupled together.
• Always make sure the rack is stable before extending a component
from the rack.
• Extend only one component at a time—extending two or more
simultaneously may cause the rack to become unstable.
Caution – Do not install the appliance into a Telco rack, as this may
damage the appliance.
Caution – Read the Safety Precautions (page 5) before proceeding.
12 Rack-Mounting
Device precautions
• Review the electrical and general safety precautions in Safety
Precautions (page 5).
• Determine the placement of each component in the rack before you
install the rails.
• Install the heaviest device components on the bottom of the rack
first, and then work up.
• The appliance must be connected to grounded power outlets.
• Use a regulating uninterruptible power supply (UPS) to protect the
device from power surges, voltage spikes and to keep your system
operating in case of a power failure.
• Always keep the rack's front door and all panels and components on
the devices closed when not servicing to maintain proper cooling.
Before installing the appliance into a rack
• Make sure that the rack is securely anchored onto an unmovable
surface or structure before installing the appliance into the rack.
• Unplug the power cord(s) of the rack before installing the appliance
into the rack.
• Make sure that the system is adequately supported. Make sure that
all the components are securely fastened to the appliance to prevent
components falling off from the appliance.
• Be sure to install an AC power disconnect for the entire rack
assembly. This power disconnect must be clearly marked.
• The rack assembly shall be properly grounded to avoid electric shock.
• The rack assembly must provide sufficient airflow to the appliance for
proper cooling.
Rack-Mounting 13
Installing the Appliance into a Rack
Follow the instructions in this section and the precautions laid out in the
previous sections above to install the StoneGate appliance into a rack.
Also, refer to the documentation that came with the rack.
The appliance package includes one pair of rack rail assemblies. Each
of these assemblies consist of two sections: the inner rail that secures
to the appliance and the outer rack rail that secures directly to the rack.
You must detach the inner rail before installing.
TTo detach the inner rails
1. Pull the inner rail out as far as possible. You should hear a “click”
sound as a locking tab emerges from inside the rail assembly and
locks the inner rail.
2. Depress the locking tab and pull the inner rail completely out.
3. Repeat for the other side’s rack rail assembly.
Locking Tabs: As you have seen, both rails have a locking tab, which
serves two functions.
• To lock the appliance into place when installed and pushed fully into
the rack, which is its normal position.
• To lock the appliance in place when fully extended from the rack to
prevent the appliance from coming completely out of the rack when
you pull it out for servicing.
14 Rack-Mounting
TTo attach the inner rails to the appliance
1. Locate the five rail buttons on each side of the appliance and the
five corresponding holes on the inner rails.
2. Align the larger end of each hole against its corresponding button.
Once all are aligned, push the holes toward their corresponding
buttons.
3. Once the rail is placed on the appliance, pull the rail toward the
front of the appliance until the rail buttons lock in the small ends
of the corresponding holes.
4. Secure the rail to the appliance with a screw.
Rack-Mounting 15
5. Repeat steps 1-4 to attach the other inner rail.
After you have installed the inner rails on the appliance, you are ready to
install the outer rails of rail assemblies to the rack.
TTo attach the outer rails to the rack
1. Find the front and rear rack brackets in the package. The short
front brackets are marked with “up/front” arrows and the long
rear brackets with “up/rear” arrows.
2. Secure the short front bracket to the outer rail.
3. Locate the two buttons on the outer rack rail and attach the long
rear bracket to it by sliding the opening of the rear rail through the
button.
4. Measure the depth of your rack and adjust the length of the rail
accordingly.
5. Secure the outer rack rail to the rack using screws and washers.
6. Repeat the same steps for the other side.
16 Rack-Mounting
TTo install the appliance into the rack
1. Line up the rear of the inner rails with the front of the outer rails.
2. Slide the inner rails into the outer rails, keeping the pressure even
on both sides (you may have to depress the locking tabs when
inserting). When the appliance has been pushed completely into
the rack, you should hear the locking tabs "click" as the rails lock.
3. Insert and tighten the thumbscrews that hold the front of the
appliance to the rack.
Proceed to Connecting the Cables (page 17).
Connecting the Cables 17
Connecting the Cables
Connect the cables after installing the appliance into the rack.
Connecting Management Cables
TTo connect management cables
¬Choose one of the following:
•Connect a monitor to the VGA and a keyboard to the PS/2
keyboard port.
•Or connect a monitor to the VGA and a keyboard to a USB port.
•Or connect the supplied null-modem cable to the serial port and
to another computer that you will use for a terminal connection.
Ethernet PortsVGA PortPS/2 Mouse
and Keyboard
Serial Port
Two USB Ports
AC Power
Connectors
18 Connecting the Cables
Connecting Network Cables
TTo connect the network cables
¬Connect the network cables to the ethernet ports.
•The ethernet ports are mapped to Interface IDs during the initial
configuration.
•The number of ports and their numbering varies between
different models within this model range. Check the numbering of
the ports on the back panel and in Ethernet Port Numbering
(page 36).
The port LED indicators provide information on the activity and link
status of the ports. See Port Indicators (page 44) for more information.
Cable Types
Make sure that the copper cables you use are correctly rated (CAT 5e or
CAT 6 in gigabit networks).
Speed/Duplex Settings
Network cards at both ends of each cable must have identical speed/
duplex settings. This also applies to the automatic negotiation setting: if
one end of the cable is set to autonegotiate, the other end must also be
set to autonegotiate. Gigabit standards require interfaces to use
autonegotiation—fixed settings are not allowed at gigabit speeds.
Connecting the Appliance to the Power Supply
TTo connect the appliance to the power supply
1. Connect the power cables to the AC power connectors on the back
of the appliance.
•It is recommended to connect all three power connectors to a
power source to guarantee that the appliance can function even if
one of the power connectors fails.
2. Plug the power cords into grounded, high-quality power strips that
offer protection from electrical noise and power surges.
•We highly recommend using an uninterruptible power supply
(UPS) to ensure continuous operation and minimize the risk of
damage to the appliance in case of sudden loss of power.
•For a truly redundant power supply, connect each AC power
connector on the appliance to a different UPS, so that the failure
of one UPS will not cut off the power to the power supplies.
Initial Configuration 19
Initial Configuration
Your StoneGate appliance comes pre-loaded with StoneGate engine
software. However, before a policy can be loaded on the appliance, you
must configure some permanent and some temporary network settings.
To successfully complete the configuration:
• The Firewall element must be defined in the Management Center.
• You must have created a one-time password for this engine.
• If you want to configure the engine automatically with a USB stick or
to import some of the initial configuration information in the
configuration wizard, you must have a saved initial configuration on a
USB stick.
See the Firewall/VPN Installation Guide for details.
Connecting to the Appliance
You may not need to connect to the appliance at this point if you import
a configuration from a USB stick as explained in Configuring the Engine
Automatically (page 20), and you are not interested in the console
messages that are displayed during this process.
In other cases, you need a physical connection to the appliance using a
monitor and keyboard or a serial cable connection from a computer with
a terminal program. By default, the monitor and keyboard connection is
enabled and the serial console is inactive. If you want to use a serial
connection, follow the instructions directly below. To use a monitor and
keyboard, just boot up the appliance.
TTo connect using a serial cable
1. Connect the serial cable supplied with the appliance to the serial
port on the appliance and to a computer.
2. On the computer, open a terminal with settings 9600bps, 8
databits, 1 stopbit, no parity.
3. Power on the appliance.
4. Press a key on your keyboard when you see “Press any key”. The
message is shown four times. If you do not press a key within this
time, the serial console remains inactive and you must reboot the
appliance to try again.
Note – The appliance must contact the Management Server before it
can be operational.
20 Initial Configuration
5. A boot menu is shown. Select the Switch to serial console option.
The firewall boots up with the serial console activated.
•The keyboard and display console is now inactive and must be
activated in a similar way before you can use it.
•To define two active consoles, use the command
sg-bootconfig. For usage, see “Command Line Tools” in the
Firewall/VPN Reference Guide, Administrator’s Guide or Online
Help of the Management Client.
There are two ways to configure the engine software.
• You can configure the engine automatically with a USB stick (see
Configuring the Engine Automatically below).
• If the automatic configuration is not possible or desired, you can use
the engine configuration wizard (see Configuring the Engine with
Configuration Wizard (page 21)).
Configuring the Engine Automatically
The automatic configuration requires that you have a suitable
configuration saved on a USB memory stick. See the Firewall/VPN
Installation Guide or the Online Help of the Management Client for
details.
If you want to check the configuration before it is activated, follow the
instructions in Configuring the Engine with Configuration Wizard
(page 21), and import the configuration manually.
TTo import and activate a configuration from a USB
stick
1. Insert the USB stick that contains the configuration saved in your
Management Client in one of the USB ports on the appliance.
2. Power on the appliance. The appliance automatically imports the
configuration from the USB stick and then tries to make the initial
contact to the Management Server.
•If the connection is successful, the appliance automatically
reboots itself and the engine configuration is finished.
If you configure the engine with a USB stick, you must set a password
for the root account in the Management Client to enable command line
access to the engine. If you want to allow remote access to the engine
using SSH, enable the SSH daemon for the engine in the Management
Client. See the Administrator’s Guide for more information.
Proceed to After Successful Management Server Contact (page 27).
Table of contents
Other Stonesoft Firewall manuals
Stonesoft
Stonesoft SSL-3200 Series User manual
Stonesoft
Stonesoft 3201 User manual
Stonesoft
Stonesoft StoneGate FW-5105 User manual
Stonesoft
Stonesoft StoneGate SG-250 User manual
Stonesoft
Stonesoft FW-105 series User manual
Stonesoft
Stonesoft FW-1030 User manual
Stonesoft
Stonesoft StoneGate FW-1020 User manual
Popular Firewall manuals by other brands
Lanner
Lanner FW-7571 user manual
Fortinet
Fortinet FortiGate-200 installation guide
One Identity
One Identity Safeguard 2000 Appliance Setup Guide
Draytek
Draytek VIGOR2820 series quick start guide
PaloAlto Networks
PaloAlto Networks PA-220 quick start guide
Fortinet
Fortinet FortiGate FortiGate-400 quick start guide
