No part of this manual may be reproduced or transmitted in any form or by any means without prior
written consent of Hangzhou H3C Technologies Co., Ltd.
Trademarks
H3C, , Aolynk, , H3Care,
SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V
XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co.,
Ltd.
All other trademarks that may be mentioned in this manual are the property of their respective owners.
Notice
The information in this document is subject to change without notice. Every effort has been made in the
preparation of this document to ensure accuracy of the contents, but all statements, information, and
recommendations in this document do not constitute the warranty of any kind, express or implied.
Technical Support
customer_service@h3c.com
http://www.h3c.com
, TOP G, , IRF, NetPilot, Neocean, NeoVTL,
2
G, VnG, PSPT,
About This Manual
Organization
H3C SecPath U200 Series Unified Threat Management Products Installation Manual is organized as
follows:
Chapter Contents
1 Product Overview
2 Interface Modules
3 Preparing for Installation
4 Installing the U200 Series
Device
5 Starting and Configuring
the U200 Series Device
6 Maintaining Software
7 Maintaining Hardware
8 Troubleshooting
Briefly introduces the product specifications, as well as the features
and applications of the H3C SecPath U200 series UTM devices.
Describes the interface cards and interface modules supported by
the H3C SecPath U200 series UTM devices.
Describes the site requirements for installing the H3C SecPath U200
series UTM devices, safety recommendations before and during
installation, and required tools.
Introduces how to install an H3C SecPath U200 series UTM device,
as well as how to connect the power cable, console cable, Ethernet
cable, and interface cable.
Describes how to boot and configure an H3C SecPath U200 serie s
UTM device, including device startup, power-on, and initialization of
system files.
Introduces how to maintain software of the H3C SecPath U200
series UTM devices, including upgrading software and updating
configuration files.
Introduces how to maintain hardware of the H3C SecPath U200
series UTM devices.
Describes some problems you may encounter during installation and
startup of an H3C SecPath U200 series UTM device and how to
solve them.
Appendix Compliance and
Safety Manual
Conventions
The manual uses the following conventions:
Command conventions
Convention Description
Boldface
italic
[ ] Items (keywords or arguments) in square brackets [ ] are optional.
{ x | y | ... }
[ x | y | ... ]
{ x | y | ... } *
This section introduces part of the compliance and safety
precautions that should be followed during the installation and
maintenance of the equipment.
The keywords of a command line are in Boldface.
Command arguments are in italic.
Alternative items are grouped in braces and separated by vertical bars.
One is selected.
Optional alternative items are grouped in square brackets and
separated by vertical bars. One or none is selected.
Alternative items are grouped in braces and separated by vertical bars.
A minimum of one or a maximum of all can be selected.
Convention Description
[ x | y | ... ] *
&<1-n>
# A line starting with the # sign is comments.
Optional alternative items are grouped in square brackets and
separated by vertical bars. Many or none can be selected.
The argument(s) before the ampersand (&) sign can be entered 1 to n
times.
GUI conventions
Convention Description
Boldface
>
Window names, button names, field names, and menu items are in
Boldface. For example, the New User window appears; click OK.
Multi-level menus are separated by angle brackets. For example, File >
Create > Folder.
Symbols
Convention Description
Means reader be extremely careful. Improper operation may cause
bodily injury.
Related Documentation
In addition to this manual, each H3C SecPath Series Security Products documentation set includes the
following:
Manual Description
H3C SecPath Series Security
Products User Manual
Obtaining Documentation
You can access the most up-to-date H3C product documentation on the World Wide Web at this URL:
http://www.h3c.com.
The following are the columns from which you can obtain different categories of product docume ntation:
Means reader be careful. Improper operation may cause data loss or
damage to equipment.
Means a complementary description.
Describes the features, operation fundamentals, and configuration
commands of the H3C SecPath series security products, guides
you to make configuration, and provides configuration examples.
[Products & Solutions]: Provides information about products and technologies.
[Technical Support & Document > Technical Documents]: Provides several categories of product
documentation, such as installation, configuration, and maintenance.
[Technical Support & Document > Software Download]: Provides the documentation released with the
software version.
Documentation Feedback
You can e-mail your comments about product documentation to info@h3c.com.
We appreciate your comments.
Environmental Protection
This product has been designed to comply with the requirements on environmental protection. For the
proper storage, use and disposal of this product, national laws and regulations must be ob served.
Processor and Storages··················································································································1-5
Dimensions and Weight···················································································································1-5
Fixed Interfaces and Slots···············································································································1-6
Power Input ·····································································································································1-6
Operating Environment Specifications ····························································································1-6
Processor and Storages··················································································································1-7
Front Panel LEDs ····························································································································1-7
Fixed Interfaces ·······························································································································1-8
AC Power Input ·····························································································································1-14
Clock··············································································································································1-14
Port Lightning Arrester (Optional)··································································································1-14
Power Lightning Arrester (Optional) ······························································································1-15
Signal Lightning Arrester (Optional) ······························································································1-15
System Software ···························································································································1-16
i
1 Product Overview
Introduction
The H3C SecPath U200 Series Unified Threat Management Products are new-generation UTM devices
designed for enterprise users.
The U200 series comprises three models:
z U200-A: Designed for large- and medium-sized enterprise users
z U200-M: Designed for medium-sized enterprise users
z U200-S: Designed for small- and medium-sized enterprise users
In addition to traditional firewall functions, the U200 series protect network security by providing a wide
range of functions including virtual firewall, security zone, intrusion detection and protection, gateway
anti-virus, anti-spam, P2P traffic control, and URL filtering. With the application specification packet filter
(ASPF) technology, a U200 series device can monitor connection setup processes and illegal
operations, and dynamically filter packets based on ACLs. Moreover, the U200 series support multiple
VPN services including IPSec VPN, L2TP VPN, and GRE VPN, and thereby can be used for
constructing a variety of VPN networks. The series deliver abundant routing capabilities and support
RIP and OSPF. Adopting a high-performance multi-core CPU, the U200-A, U200-M and U200-S can
support up to 10, 8, and 7 GE interfaces respectively, delivering high scalability for user investment
protection.
The U200 series are available with AC power supply to ensure high reliability, fully satisfy requirements
for network maintenance, update, and optimization, support detection of chassis internal temperature,
support network management, and provide a Web management interface.
The U200-A provides two MIM expansion slots for future service expansion. Currently, the slots support
the NSQ1GT2UA0 and NSQ1GP4U0 MIM modules.
The U200-M provides one MIM expansion slot and currently supports the same MIM as the U200-A
does.
The U200-S provides a mini expansion slot for future service expansion. Currently, the device supports
the 2-GE and NSQ1WLAN0 interface modules.
Features
The U200 series deliver the following features:
Powerful hardware platform
The U200 series perfectly fit in enterprise networks thanks to the adoption of MIPS64-based CPUs and
The CF card is hot-swappable. When the device is reading from or writing to the CF card or performing
any other file system related operation, the CF card LED blinks. Do not unplug the CF card in this state
because doing so can corrupt the file system in it.
AC Power Input
Table 1-14 lists the AC power specifications for the U200 series.
Table 1-14 AC power specifications
Clock
Item
Description
U200-A U200-M U200-S
Rated voltage range
Maximum input current
Maximum power
100 VAC to 240 VAC; 50 Hz or 60 Hz
1.6 A
100 W 54 W
0.6 A
The U200 series are designed with a clock module for providing system time. You can set the system
time at the command line interface.
The clock module can work despite power failure to ensure that the system time is correct at reboot.
With the device powered off, the clock module can work for at least 10 years.
Note that:
z Never replace the clock module battery when power is present on the device.
z The system time gets lost once the clock module battery is removed. You can set it at the
command line interface.
You can use three commands including clock datetime, ock summer-time one-off (or clock summer-time repeating), and clock timezone to complete setting the system time. See the
accompanying documentation for how to do that.
Port Lightning Arrester (Optional)
Before connecting an outdoor Ethernet cable to an Ethernet port, install a port lightning arrester to
protect the device against lightning strikes.
The port lightning arresters available for the U200 series feature these:
1-14
zFor single-port use, maximum discharge current (8/20μs waveform): 5 kA, output voltage
(10/700μs waveform): core-core < 40 V, core-ground < 600 V.
For the installation of the port lightning arrester, refer to the “Installing a Port Lightning Arrester” section
in Chapter 4 “Installing the U200 Series Device.”
Power Lightning Arrester (Optional)
Before connecting an outdoor AC power cable to the device directly, you can connect the AC power
input to a lightning protection busbar to protect the device against lightning strikes. In a heavy lightning
area, you are recommended to install a power lightning arrester.
The lightning arresters available for the U200 series feature these:
zMaximum discharge current of 6500 A, protection for 500 VAC to 220 VAC.
For how to install a power lightning arrester, refer to the “Installing a Power Lightning Arrester
(Optional)” section in Chapter 4 “Installing the U200 Series Device.”
Signal Lightning Arrester (Optional)
Generally, you need to install a signal lightning arrester between a signal cable and the connected
device. This can protect electronic components against surge over-voltage resulting from lightning
strikes or any other interferences, and minimize the impact on the system.
The following are specifications of the three signal lightning arrester options available for the U200
series:
z Maximum discharge current 2.5KA/protection voltage 25V-SMB-75J/SMB-75J-1W-10Mbps.
z Maximum discharge current 2.5KA/protection voltage 25V-BNC-75K/BNC-75K-10MBit/s.
z For U-shape ports, maximum discharge current 3KA/common mode 400 V/differential mode
170V-RJ11
For how to install a signal lightning arrester, refer to the “Installing a Signal Lightning Arrester” section in
Chapter 4 “Installing the U200 Series Device.“
1-15
System Software
The U200 series operate on the H3C Comware V5 or i-Ware software platform, integrating a rich set of
security features including virtual firewall, attack prevention, load balancing, and P2P traffic
management. Combining network and security technologies perfectly, the series can be deployed in
various complex network environments to provide strong security protection.
1-16
Table of Contents
2 Interface Cards and Interface Modules ···································································································2-1
The antenna interface of the NSQ1WLAN0 module supports 2.4 GHz and 5 GHz dual-frequency omni
antennas.
2-6
Figure 2-8 Omni antenna for the NSQ1WLAN0 module
For how to connect the antenna for the NSQ1WLAN0 module, refer to “Connecting an antenna for the
NSQ1WLAN0 module” in Chapter 4 “Installing the U200 Series Device.”
Arranging Slots and Naming Interfaces
Slot Arrangement
The U200 series support interfaces such as console, AUX, Gigabit Ethernet, and WLAN interfaces. This
section describes how these interfaces are numbered.
Naming Interfaces
The interfaces on a U200 series device are named following these conventions:
1) An interface is named in the form of interface-type X/Y, where
z interface-type represents the type of the interface, such as GigabitEthernet.
z X represents the number of the slot in which the interface module is inserted.
z Y represents the number of the interface on the interface module.
2) The interfaces on the same interface module uses the same slot number X.
3) The interfaces of the same type on an interface module are numbered starting with 0 for Y from left
to right.
Examples
1) The five fixed GigabitEthernet interfaces on the U200-S are named as follows:
z GigabitEthernet 0/0
z GigabitEthernet 0/1
z GigabitEthernet 0/2
z GigabitEthernet 0/3
z GigabitEthernet 0/4
2) If a 2GE module is installed on the U200-S, the GigabitEthernet interfaces on the 2GE module are
numbered as follows:
z GigabitEthernet 1/0
z GigabitEthernet 1/1
2-7
Loading...
+ 100 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.