1. DL manuals
  2. H3C
  3. Firewall
  4. H3C SECPATH F1000-A
  5. Installation Manual

H3C H3C SECPATH F1000-A Installation Manual

Summary of H3C SECPATH F1000-A

  • Page 1

    H3c secpath f1000-a firewall installation manual hangzhou h3c technologies co., ltd. Http://www.H3c.Com manual version: t2-08044h-20070622-c-1.03.

  • Page 2

    Copyright © 2006-2007, hangzhou h3c technologies co., ltd. And its licensors all rights reserved no part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of hangzhou h3c technologies co., ltd. Trademarks h3c, , aolynk, , h 3 care, , top g, , i...

  • Page 3: About This Manual

    About this manual related documentation in addition to this manual, each h3c secpath series security products documentation set includes the following: manual description h3c secpath series security products operation manual it introduces the functional features, principles and guide to configuratio...

  • Page 4

    Chapter contents 6 hardware maintenance introduces system hardware maintenance, including replacing ddr sdram. 7 troubleshooting lists common system failures and specific locating methods. 8 multifunctional interface modules details appearance, panel and leds of the functional modules available on t...

  • Page 5

    Ii. Gui conventions convention description button names are inside angle brackets. For example, click . [ ] window names, menu items, data table and field names are inside square brackets. For example, pop up the [new user] window. / multi-level menus are separated by forward slashes. For example, [...

  • Page 6: Table of Contents

    Installation manual h3c secpath f1000-a firewall table of contents i table of contents chapter 1 product overview ........................................................................................................ 1-1 1.1 brief introduction..........................................................

  • Page 7

    Installation manual h3c secpath f1000-a firewall table of contents ii 4.2 configuration fundamentals.............................................................................................. 4-6 4.2.1 basic configuration procedures....................................................................

  • Page 8

    Installation manual h3c secpath f1000-a firewall table of contents iii 8.5.5 interface connection cable................................................................................... 8-10 8.5.6 connecting the interface cable...........................................................................

  • Page 9: List of Figures

    Installation manual h3c secpath f1000-a firewall list of figures iv list of figures figure 1-1 front panel of the h3c secpath f1000-a............................................................ 1-2 figure 1-2 rear panel of the h3c secpath f1000-a ........................................................

  • Page 10

    Installation manual h3c secpath f1000-a firewall list of figures v figure 8-9 ethernet cable ...................................................................................................... 8-6 figure 8-10 category-5 twisted-pair cable..............................................................

  • Page 11: List of Tables

    Installation manual h3c secpath f1000-a firewall list of tables vi list of tables table 1-1 technical specifications of the h3c secpath f1000-a .......................................... 1-2 table 1-2 leds on the front panel of the h3c secpath f1000-a.......................................... 1-3 ta...

  • Page 12: Chapter 1  Product Overview

    Installation manual h3c secpath f1000-a firewall chapter 1 product overview 1-1 chapter 1 product overview 1.1 brief introduction h3c secpath f1000-a firewall is a new-generation firewall intended for the use on enterprise networks. It can act as the egress firewall for medium businesses and interna...

  • Page 13

    Installation manual h3c secpath f1000-a firewall chapter 1 product overview 1-2 it supports active/standby switchover to protect current services against interruption, eliminating the defects of traditional networking solution, for example, vrrp networking solution. You can upgrade the application a...

  • Page 14

    Installation manual h3c secpath f1000-a firewall chapter 1 product overview 1-3 item description physical dimensions (h × w × d) 44 × 436 × 430 mm (1.7 × 17.2 × 16.9 in.), excluding the rubber feet ac+ac rated voltage range: 100 vac to 240 vac, 50 hz or 60 hz max voltage range: 90 vac to 264 vac, 50...

  • Page 15

    Installation manual h3c secpath f1000-a firewall chapter 1 product overview 1-4 led description act software running led: blinking means the software is operating normally; off means the software is faulty. Link ge interface led: on means a link is present; off means no link is present. Active ge in...

  • Page 16

    Installation manual h3c secpath f1000-a firewall chapter 1 product overview 1-5 iii. Gigabit ethernet (ge) interface on the h3c secpath f1000-a, the srpu board provides two 10/100/1000 mbps ethernet interfaces: ethernet 0 (right) and ethernet 1 (left), each as optical or electric interface. The elec...

  • Page 17

    Installation manual h3c secpath f1000-a firewall chapter 1 product overview 1-6 description attribute multi-mo de short-ha ul (850 nm) single mode medium-ha ul (1310 nm) single mode short-haul (1310 nm) single mode long-haul (1550 nm) single mode ultra-long haul (1550 nm) central wavelength 850 nm 1...

  • Page 18

    Installation manual h3c secpath f1000-a firewall chapter 1 product overview 1-7.

  • Page 19

    Installation manual h3c secpath f1000-a firewall chapter 2 preparation for installation 2-1 chapter 2 preparation for installation 2.1 site requirements the h3c secpath series firewalls must be used indoors. To guarantee the normal operation and long service life of your device, install it in an env...

  • Page 20

    Installation manual h3c secpath f1000-a firewall chapter 2 preparation for installation 2-2 table 2-2 limit to the content of dust in an equipment room substance unit content dust particles/m³ ≤ 3 x 10 4 (no visible dust on the table top for three days) note: diameter of a dust particle ≥ 5μm beside...

  • Page 21

    Installation manual h3c secpath f1000-a firewall chapter 2 preparation for installation 2-3 2.1.4 electromagnetic environment all interference sources, wherever they are from, impact the firewall negatively in the conducted emission patterns of capacitance coupling, inductance coupling, electromagne...

  • Page 22

    Installation manual h3c secpath f1000-a firewall chapter 2 preparation for installation 2-4 follow these safety precautions when installing or using your device: z keep the device far from the moisture and heat sources. Z make sure that the device is well earthed. Z always wear an esd-preventive wri...

  • Page 23

    Installation manual h3c secpath f1000-a firewall chapter 3 hardware installation 3-1 chapter 3 hardware installation 3.1 installation procedure start install the cabinet (optional) connect the grounding wires connect the power cord connect the console terminal to device verify the installation power...

  • Page 24

    Installation manual h3c secpath f1000-a firewall chapter 3 hardware installation 3-2 caution: before you install your device, make sure that: you have read chapter 2 “preparation for installation” carefully. The requirements in chapter 2 are satisfied. 3.2 mounting the device you can install your de...

  • Page 25

    Installation manual h3c secpath f1000-a firewall chapter 3 hardware installation 3-3 (1) pan-head screws (4) (2) mounting ear (3) guide rail figure 3-2 install the h3c secpath f1000-a firewall in a rack 3.3 installing an mim for details about installing mims, see chapter 8 “multifunctional interface...

  • Page 26

    Installation manual h3c secpath f1000-a firewall chapter 3 hardware installation 3-4 (1) grounding screw figure 3-3 grounding screw on the firewall connect this screw to the earth ground using a grounding wire. The grounding resistance must be smaller than 5 ohm. If the device is mounted in a 19-inc...

  • Page 27

    Installation manual h3c secpath f1000-a firewall chapter 3 hardware installation 3-5 a a x3 figure 3-4 console cable assembly iii. Connecting the console cable when configuring the firewall through a console terminal, follow these steps to connect the console cable: step 1: select a console terminal...

  • Page 28

    Installation manual h3c secpath f1000-a firewall chapter 3 hardware installation 3-6 figure 3-5 ethernet cable assembly note: in making network cables, shielded cables are preferred for the sake of electromagnetic compatibility. 2) cables for optical ethernet interfaces for an optical ethernet inter...

  • Page 29

    Installation manual h3c secpath f1000-a firewall chapter 3 hardware installation 3-7 iii. Connecting an ethernet cable take the fixed 10/100/1000 mbps ethernet 1 port on the front panel of the h3c secpath f1000-a firewall for example. Follow these steps to connect its ethernet cable: caution: for ea...

  • Page 30

    Installation manual h3c secpath f1000-a firewall chapter 3 hardware installation 3-8 caution: laser danger: never look into the optical ports that are connected to the laser. It can harm your eyes. Step 1: correctly connect one end of a fiber-optic cable to the rx port of the 10/100/1000 mbps interf...

  • Page 31

    Installation manual h3c secpath f1000-a firewall chapter 3 hardware installation 3-9 (1) pwr1 switch (2) pwr0 switch (3) ac-input pwr1 (4) ac-input pwr0 figure 3-6 power socket on the ac-powered firewall ii. Recommended power socket you are recommended to use a single-phase three-terminal socket wit...

  • Page 32

    Installation manual h3c secpath f1000-a firewall chapter 3 hardware installation 3-10 3.7.2 connecting a dc-input psu i. Dc-input psu dc input power: – 60 vdc to – 48 vdc ii. Connecting a dc-input psu take the h3c secpath f1000-a firewall for example. Step 1: make sure that the pgnd is securely conn...

  • Page 33

    Installation manual h3c secpath f1000-a firewall chapter 3 hardware installation 3-11 note: installation verification is extremely important, because the operations of the firewall depend on its stability, grounding, and power supply..

  • Page 34

    Installation manual h3c secpath f1000-a firewall chapter 4 booting and configuration 4-1 chapter 4 booting and configuration 4.1 booting you can only configure the h3c secpath series firewall through the console port when you use it for the first time. 4.1.1 setting up a configuration environment i....

  • Page 35

    Installation manual h3c secpath f1000-a firewall chapter 4 booting and configuration 4-2 figure 4-2 set up a new connection step 2: set the terminal parameters. Set the hyperterminal parameters of windows98 as follows: 1) select serial interface select the serial interface to be used from the connec...

  • Page 36

    Installation manual h3c secpath f1000-a firewall chapter 4 booting and configuration 4-3 z baud rate = 9600 z data bits = 8 z parity = none z stop bits = 1 z flow control = none click and the hyperterminal window appears. Figure 4-4 set communications parameters 3) select emulation type choose [prop...

  • Page 37

    Installation manual h3c secpath f1000-a firewall chapter 4 booting and configuration 4-4 figure 4-5 settings tab 4.1.2 powering up the firewall i. Checking before power-up before powering up the firewall, check that: z both the power cord and the grounding wire are correctly connected. Z proper powe...

  • Page 38

    Installation manual h3c secpath f1000-a firewall chapter 4 booting and configuration 4-5 iii. Checking/operating after power-up after powering up the firewall, check that: z the ventilation system is operating well. After powering up the firewall, you can hear the sound of the fan blade spinning and...

  • Page 39

    Installation manual h3c secpath f1000-a firewall chapter 4 booting and configuration 4-6 press to enter the boot menu. Otherwise, the system starts decompressing the program. Note: to enter the boot menu, you must press within three seconds after the prompt “press ctrl-b to enter boot menu…” appears...

  • Page 40

    Installation manual h3c secpath f1000-a firewall chapter 4 booting and configuration 4-7 4.2.2 command line interface i. Features of the cli the cli of the firewall offers lots of configuration commands for you to configure and manage the firewall. The cli allows you to: z configure the device throu...

  • Page 41

    Installation manual h3c secpath f1000-a firewall chapter 5 software maintenance 5-1 chapter 5 software maintenance 5.1 introduction the firewall maintains three types of files: z boot rom program files z application program files z configuration files the software maintenance mainly involves upgradi...

  • Page 42

    Installation manual h3c secpath f1000-a firewall chapter 5 software maintenance 5-2 5: start up and ignore configuration 6: enter debugging environment 7: boot rom operation menu 8: do not check the version of the software 9: exit and reboot enter your choice(1-9): note that: z to download an applic...

  • Page 43

    Installation manual h3c secpath f1000-a firewall chapter 5 software maintenance 5-3 caution: you are recommended to upgrade the software of the firewall under the guidance of support engineers. In addition, when upgrading the firewall, make sure the version of the boot rom software is consistent wit...

  • Page 44

    Installation manual h3c secpath f1000-a firewall chapter 5 software maintenance 5-4 note: the new baud rate takes effect only after you reconnect the terminal emulation program. Step 4: select [transmit/send file] in the terminal window. The following dialog box pops up: figure 5-1 send file dialog ...

  • Page 45

    Installation manual h3c secpath f1000-a firewall chapter 5 software maintenance 5-5 writing file flash:/system to flash... Please wait, it may take a long time ################################################ writing into flash succeeds. Writing file flash:/http.Zip to flash... Please wait, it may t...

  • Page 46

    Installation manual h3c secpath f1000-a firewall chapter 5 software maintenance 5-6 caution: this upgrade approach is only used to upgrade a portion of the boot rom program, so you can make a second attempt once errors occur. 5.1.3 backing up and restoring the extended segment of the boot rom i. Bac...

  • Page 47

    Installation manual h3c secpath f1000-a firewall chapter 5 software maintenance 5-7 5.1.4 upgrading an application program using tftp upgrade an application program with net is to download the application program using an ethernet interface. In this approach, the firewall is the client that needs to...

  • Page 48

    Installation manual h3c secpath f1000-a firewall chapter 5 software maintenance 5-8 caution: z the upgrade should be performed through interface eth0 on the firewall. Z the item “ip address of the server: [192.168.1.10]” must be set to the ip address of the tftp server connected to the ethernet inte...

  • Page 49

    Installation manual h3c secpath f1000-a firewall chapter 5 software maintenance 5-9 5.1.5 uploading/downloading a program/file using ftp the h3c secpath series firewalls can act as the ftp server. Any ftp clients (local or remote) connected to the firewall can update configuration files or upgrade a...

  • Page 50

    Installation manual h3c secpath f1000-a firewall chapter 5 software maintenance 5-10 caution: the ip addresses assigned to the network interfaces of the pc and the firewall must reside on the same network segment. Z set up a remote uploading/downloading environment using ftp pc wan h3c secpath f1000...

  • Page 51

    Installation manual h3c secpath f1000-a firewall chapter 5 software maintenance 5-11 [vpngateway-luser-vpngateway] service-type ftp ftp-directory flash: step 5: add an authority level. [vpngateway-luser-vpngateway] level 3 step 6: enable the ftp server. [vpngateway] ftp-server enable after the ftp s...

  • Page 52

    Installation manual h3c secpath f1000-a firewall chapter 5 software maintenance 5-12 local file remote file upon the completion of uploading, the prompt “ftp>” appears again. Enter dir to view the name and size of the uploaded file on the firewall. It has the same size as the original file on the ho...

  • Page 53

    Installation manual h3c secpath f1000-a firewall chapter 5 software maintenance 5-13 directory of flash:/ 0 -rw- 8691281 jun 16 2009 06:46:36 system 1 -rw- 1830 jun 17 2009 07:47:16 config.Cfg 2 -rw- 834724 jun 18 2009 02:22:39 http.Zip if the web file is not included, the system gives the correspon...

  • Page 54

    Installation manual h3c secpath f1000-a firewall chapter 5 software maintenance 5-14 z 4: boot the system from flash (this option requires backing up the extended segment of boot rom in flash, refer to 5.1.3 for details.) z 5: the system ignores the software version of the boot rom program, its exte...

  • Page 55

    Installation manual h3c secpath f1000-a firewall chapter 6 hardware maintenance 6-1 chapter 6 hardware maintenance 6.1 preparing tools z phillips screwdriver z flat-blade screwdriver z esd-preventive wrist strap z static shielding bag note: these tools are not shipped with the firewall, so you need ...

  • Page 56

    Installation manual h3c secpath f1000-a firewall chapter 6 hardware maintenance 6-2 (1) (1) (1) (2) (1) remove the six screws (2) pull it out towards this direction figure 6-1 open the chassis caution: z do not replace the hardware unless necessary and under the guidance of support engineers. Z ther...

  • Page 57

    Installation manual h3c secpath f1000-a firewall chapter 6 hardware maintenance 6-3 hardware maintenance mainly involves ddr sdram replacement. Follow this maintenance flow to replace a ddr sdram: open the chassis verify th ddr sd e position of ram remove d the old dr sdram install th ddr sd e new r...

  • Page 58

    Installation manual h3c secpath f1000-a firewall chapter 6 hardware maintenance 6-4 16m bytes flash memory hardware version is 3.0 cpld version is 2.0 press ctrl-b to enter boot menu “512m bytes ddr sdram” means that the firewall is installed with a ddr sdram of 512m bytes. Note: note that there is ...

  • Page 59

    Installation manual h3c secpath f1000-a firewall chapter 6 hardware maintenance 6-5 figure 6-3 position of the ddr sdrams, flash, and boot rom on the mainboard each ddr sdram has one positioning recess at its bottom for correct orientation. When installing a ddr sdram into a memory bank, press the p...

  • Page 60

    Installation manual h3c secpath f1000-a firewall chapter 6 hardware maintenance 6-6 caution: z hold the ddr sdram only by its non-conductive edge, because it is prone to esd and could be damaged by incorrect operations. Z you need to exercise some strength to pull the ddr sdram out of its bank but d...

  • Page 61

    Installation manual h3c secpath f1000-a firewall chapter 6 hardware maintenance 6-7 (1) (2) (2) (2) (1) insert the cover in this direction (2) install six screws at these places figure 6-5 close the chassis cover step 5: tighten the four captive screws that are removed in steps 3 and 4 described in ...

  • Page 62: Chapter 7  Troubleshooting

    Installation manual h3c secpath f1000-a firewall chapter 7 troubleshooting 7-1 chapter 7 troubleshooting 7.1 troubleshooting the power system 1) symptom: the pwr0/pwr1 led does not light. 2) troubleshooting: check that: z the power switch of the psu is turned on. Z the power switch of the mains supp...

  • Page 63

    Installation manual h3c secpath f1000-a firewall chapter 7 troubleshooting 7-2 ii. Illegible characters on the terminal 1) symptom: the powered-up firewall displays illegible characters on the console terminal. 2) troubleshooting: make sure you have set on your terminal (hyperterminal): z bits per s...

  • Page 64

    Installation manual h3c secpath f1000-a firewall chapter 7 troubleshooting 7-3 2: download from net 3: exit to main menu enter your choice(1-3): 2 starting the tftp download... Failed to find the updated file please check the network setting!! 2) troubleshooting: check that the file to be downloaded...

  • Page 65

    Installation manual h3c secpath f1000-a firewall chapter 8 multifunctional interface modules 8-1 chapter 8 multifunctional interface modules 8.1 multifunctional interface module options following are the multifunctional interface modules (mims) available for the h3c secpath f1000-a firewall: i. Ethe...

  • Page 66

    Installation manual h3c secpath f1000-a firewall chapter 8 multifunctional interface modules 8-2 ii. Installing an mim caution: before performing any of the following operations, make sure you have completely powered down the firewall to avoid getting electric shocks. Step 1: place the firewall with...

  • Page 67

    Installation manual h3c secpath f1000-a firewall chapter 8 multifunctional interface modules 8-3 step 5: pull the mim towards you until it is completely separated from the bottom of the chassis. Caution: z if you remove an mim and do not install a new one right away, you must replace the blanking fi...

  • Page 68

    Installation manual h3c secpath f1000-a firewall chapter 8 multifunctional interface modules 8-4 figure 8-3 1fe module ii. Appearance of the 2fe module figure 8-4 shows the 2fe module. Figure 8-4 2fe module iii. Appearance of the 4fe module figure 8-5 shows the 4fe module. Figure 8-5 4fe module.

  • Page 69

    Installation manual h3c secpath f1000-a firewall chapter 8 multifunctional interface modules 8-5 8.4.3 interface attributes table 8-1 shows the interface attributes of the 1fe, 2fe and 4fe modules. Table 8-1 interface attributes of the 1fe, 2fe and 4femodules attribute 1fe module 2fe module 4fe modu...

  • Page 70

    Installation manual h3c secpath f1000-a firewall chapter 8 multifunctional interface modules 8-6 table 8-2 describes the leds on the 1fe/2fe/4fe module panel and how to read their state. Table 8-2 leds on the 1fe/2fe/4fe module led description link off means no link is present; on means a link is pr...

  • Page 71

    Installation manual h3c secpath f1000-a firewall chapter 8 multifunctional interface modules 8-7 pair 1 blue white/blue pair 1 orange white/orange pair 1 green white/green pair 1 brown white/brown e figure 8-10 category-5 twisted-pair cabl table 8-3 straight-through cable pinout rj-45 signal categor...

  • Page 72

    Installation manual h3c secpath f1000-a firewall chapter 8 multifunctional interface modules 8-8 category-5 direction of direction of rj-45 signal twisted-pair rj-45 signal cable 7 –– white (brown) –– 7 8 –– brown –– 8 ethernet cables are divided into two categories: straight-through and crossover. ...

  • Page 73

    Installation manual h3c secpath f1000-a firewall chapter 8 multifunctional interface modules 8-9 8.5 1gbe/2gbe module 8.5.1 introduction 1-/2-port 10base-t/100base-t/1000base-tx ethernet interface module (1gbe/2gbe) can provide the communications between the firewall and a lan. The 1gbe/2gbe module ...

  • Page 74

    Installation manual h3c secpath f1000-a firewall chapter 8 multifunctional interface modules 8-10 attribute 1gbe 2gbe operating mode 10/100/1000 mbps, auto-sensing full-/half-duplex autonegotiation 8.5.4 panel and interface leds figure 8-13 and figure 8-14 show respectively the panel of the 1gbe and...

  • Page 75

    Installation manual h3c secpath f1000-a firewall chapter 8 multifunctional interface modules 8-11 figure 8-15 ethernet cable ii. Making an ethernet cable to make an ethernet cable with rj-45 connectors using a category-5 twisted-pair cable, refer to figure 8-16. A category-5 twisted-pair cable is co...

  • Page 76

    Installation manual h3c secpath f1000-a firewall chapter 8 multifunctional interface modules 8-12 operate normally; off means the post fails. In the latter case, contact your agent for help. Step 3: check the status of the link led on the 1gbe/2gbe module panel. On means a link is present. Off means...

  • Page 77

    Installation manual h3c secpath f1000-a firewall chapter 8 multifunctional interface modules 8-13 8.6.3 interface attributes table 8-7 shows the interface attributes of the 1gef/2gef module. Table 8-7 interface attributes of the 1gef/2gef module attribute 1gef 2gef connector sfp/lc number of connect...

  • Page 78

    Installation manual h3c secpath f1000-a firewall chapter 8 multifunctional interface modules 8-14 figure 8-19 1gef module panel figure 8-20 2gef module panel table 8-8 leds on the 1gef/2gef module led description link off means no rx link is present; on means an rx link is present. Active off means ...

  • Page 79

    Installation manual h3c secpath f1000-a firewall chapter 8 multifunctional interface modules 8-15 8.6.6 connecting the interface fiber cable caution: in connecting the fiber cable, observe the following: z do not over-bend the fiber cable. Its curvature radius must be equal to or greater than 10 cm....

  • Page 80

    Installation manual h3c secpath f1000-a firewall chapter 8 multifunctional interface modules 8-16 figure 8-21 ssl module 8.7.3 module attributes table 8-9 shows the attributes of the ssl module. Table 8-9 ssl module attributes attribute description supported protocol ssl hardware algorithm key algor...

  • Page 81

    Installation manual h3c secpath f1000-a firewall chapter 8 multifunctional interface modules 8-17 8.7.5 troubleshooting ssl module symptom 1 : the status led is off when the firewall starts. Solution : 1) the status led should be on when the firewall starts. Off means that the module or some compone...