Avaya SG203, SG208 User Manual
A vaya SG203 and SG208 Security Gateway Hardware Inst allation Guide
670-100-101
Issue 2
March 2004
Copyright 2004, Avaya Inc.
All Rights Reserved
Notice
Every effort was made to ensure that the information in this
document was complete and accurate at the time of release.
However, information is subject to change.
Warranty
Avaya Inc. provides a limited warranty on this product. Refer
to your sales agreement to establish the terms of the limited
warranty. In addit ion, Avaya’s st andard warranty language as
well as information regarding support for this product, while
under warranty, is available through the following website:
http://www.avaya.com/support
Preventing Toll Fraud
“Toll fraud” is the unauthorized use of your
telecommunications system by an unauthorized party (for
example, a person who is not a corporate employee, agent,
subcontractor, or is not working on your company's behalf).
Be aware that there may be a risk of toll fraud associated with
your system and that, if toll fraud occurs, it can result in
substantial additional charges for your telecommunications
services.
Avaya Fraud Intervention
If you suspect that you are being victimized by toll fraud and
you need technical assistance or support, in the United
States and Canada, call the Technical Service Center's Toll
Fraud Intervention Hotline at 1-800-643-2353.
Disclaimer
Avaya is not responsible for any modifications, additions or
deletions to the original published version of this
documentation unless such modifications, additions or
deletions were performed by Avaya. Customer and/or End
User agree to indemnify and hold harmless Avaya. Avaya’s
agents, servants and employees against all claims, lawsuits,
demands and judgements arising out of, or in connection
with, subsequent modifications, additions or deletions to this
documentation to the extent made by the Customer or End
User.
How to Get Help
For additional support telephone numbers, go to the Avaya
Web site: http://www.avaya.com/support/. If you are:
• Within the United States, click Escalation Management
link. Then click the appropriate link for the type of support
you need.
• Outside the United States, click Escalation Management
link. Then click International Services link that includes
telephone numbers for the International Centers of
Excellence.
Providing Telecommunications Security
Telecommunications security (of voice, data, and/or video
communications) is the prevention of any type of intrusion to
(that is, either unauthorized or malicious access to or use of)
your company's telecommunications equipment by some
party.
Your company's “telecommunications equipment” includes
both this Avaya product and any other voice/data/video
equipment that could be accessed via this Avaya product
(that is, “networked equipment”).
An “outside party” is anyone who is not a corporate
employee, agent, subcontractor, or is not working on your
company's behalf. Whereas, a “malicious party” is anyone
(including someone who may be otherwise authorized) who
accesses your telecommunications equipment with either
malicious or mischievous intent.
Such intrusions may be either to/through synchronous (timemultiplexed and/or circuit-based) or asynchronous
(character-, message-, or packet-based) equipment or
interfaces for reasons of:
• Utilization (of capabilities special to the accessed
equipment)
• Theft (such as, of intellectual property, financial assets, or
toll-facility access)
• Eavesdropping (privacy invasions to humans)
• Mischief (troubling, but apparently innocuous, tampering)
• Harm (such as harmful tampering, data loss or alteration,
regardless of motive or intent)
Be aware that there may be a risk of unauthorized intrusions
associated with your system and/or its networked equipment.
Also realize that, if such an intrusion should occur, it could
result in a variety of losses to your company (including but
not limited to, human/data privacy, intellectual property,
material assets, financial resources, labor costs, and/or legal
costs).
Responsibility for Your Company’s Telecommunications
Security
The final responsibility for securing both this system and its
networked equipment rests with you - Avaya’s customer
system administrator, your telecommunications peers, and
your managers. Base the fulfillment of your responsibility on
acquired knowledge and resources from a variety of sources
including but not limited to:
• Installation documents
• System administration documents
• Security documents
• Hardware-/software-based security tools
• Shared information between you and your peers
• Telecommunications security experts
To prevent intrusions to your telecommunications equipment,
you and your peers should carefully program and configure:
• Your Avaya-provided telecommunications systems and
their interfaces
• Your Avaya-provided software applications, as well as
their underlying hardware/software platforms and
interfaces
• Any other equipment networked to your Avaya products.
TCP/IP Facilities
Customers may experience differences in product
performance, reliability and security depending upon network
configurations/design and topologies, even when the product
performs as warranted.
Standards Compliance
Avaya Inc. is not responsible for any radio or television
interference caused by unauthorized modifications of this
equipment or the substitution or attachment of connecting
cables and equipment other than those specified by Avaya
Inc. The correction of interference caused by such
unauthorized modifications, substitution or attachment will be
the responsibility of the user. Pursuant to Part 15 of the
Federal Communications Commission (FCC) Rules, the user
is cautioned that changes or modifications not expressly
approved by Avaya Inc. could void the user’s authority to
operate this equipment.
Product Safety Standards
This product complies with and conforms to the following
international Product Safety standards as applicable:
• Safety of Information T echnology Equipment, IEC 60950,
3rd Edition including all relevant national deviations as
listed in Compliance with IEC for Electrical Equipment
(IECEE) CB-96A.
• Safety of Information Technology Equipment, CAN/CSAC22.2 No. 60950-00 / UL 60950, 3rd Edition
• Safety Requirements for Customer Equipment, ACA
Technical Standard (TS) 001 - 1997
• One or more of the following Mexican national standards,
as applicable: NOM 001 SCFI 1993, NOM SCFI 016
1993, NOM 019 SCFI 1998
Electromagnetic Compatibility (EMC) Standards
This product complies with and conforms to the following
international EMC standards and all relevant national
deviations:
Limits and Methods of Measurement of Radio Interference of
Information Technology Equipment, CISPR 22:1997 and
EN55022:1998.
• Electrostatic Discharge (ESD) IEC 61000-4-2
• Radiated Immunity IEC 61000-4-3
• Electrical Fast Transient IEC 61000-4-4
• Lightning Effects IEC 61000-4-5
• Conducted Immunity IEC 61000-4-6
• Mains Frequency Magnetic Field IEC 61000-4-8
• Voltage Dips and Variations IEC 61000-4-11
• Powerline Harmonics IEC 61000-3-2
• Voltage Fluctuations and Flicker IEC 61000-3-3
Federal Communications Commission Statement
Part 15:
Note: This equipment has been tested and found to comply
with the limits for a Class A digital device, pursuant to Part
15 of the FCC Rules. These limits are designed to provide
reasonable protection against harmful interference when the
equipment is operated in a commercial environment. This
equipment generates, uses, and can radiate radio frequency
energy and, if not installed and used in accordance with the
instruction manual, may cause harmful interference to radio
communications. Operation of this equipment in a residential
area is likely to cause harmful interference in which case the
user will be required to correct the interference at his own
expense.
Canadian Department of Communications (DOC)
Interference Information
This Class A digital apparatus complies with Canadian ICES-
003.
Cet appareil numérique de la classe A est conforme à la
norme NMB-003 du Canada.
This equipment meets the applicable Industry Canada
Terminal Equipment Technical Specifications. This is
confirmed by the registration number. The abbreviation, IC,
before the registration number signifies that registration was
performed based on a Declaration of Conformity indicating
that Industry Canada technical specifications were met. It
does not imply that Industry Canada approved the
equipment.
DECLARATI ONS OF CONFORMITY
United States FCC Part 68 Supplier’s Declaration of
Conformity (SDoC)
Avaya Inc. in the United States of America hereby certifies
that the equipment described in this document and bearing a
TIA TSB-168 label identification number complies with the
FCC’s Rules and Regulations 47 CFR Part 68, and the
Administrative Council on Terminal Attachments (ACTA)
adopted technical criteria.
Information Technology Equipment – Immunity
Characteristics – Limits and Methods of Measurement,
CISPR 24:1997 and EN55024:1998, including:
Avaya further asserts that Avaya handset-equipped terminal
equipment described in this document complies with
Paragraph 68.316 of the FCC Rules and Regulations
defining Hearing Aid Compatibility and is deemed compatible
with hearing aids.
Copies of SDoCs signed by the Responsible Party in the U.
S. can be obtained by contacting your local sales
representative and are available on the following Web site:
http://www.avaya.com/support
All Avaya media servers and media gateways are compliant
with FCC Part 68, but many have been registered with the
FCC before the SDoC process was available. A list of all
Avaya registered products may be found at:
http://www.part68.org/
by conducting a search using “Avaya” as manufacturer.
European Union Declarations of Conformity
Avaya Inc. declares that the equipment specified in this
document bearing the “CE” (Conformité Europeénne) mark
conforms to the European Union Radio and
Telecommunications Terminal Equipment Directive (1999/5/
EC), including the Electromagnetic Compatibility Directive
(89/336/EEC) and Low Voltage Directive (73/23/EEC). This
equipment has been certified to meet CTR3 Basic Rate
Interface (BRI) and CTR4 Primary Rate Interface (PRI) and
subsets thereof in CTR12 and CTR13, as applicable.
China
BMSI (Chinese Warning Label)
Hardware, including technical data, is subject to U.S. export
control laws, including the U.S. Export Administration Act and
its associated regulations, and may be subject to export or
import regulations in other countries. Customer agrees to
comply strictly with all such regulations and acknowledges
that it has the responsibility to obtain licenses to export, reexport, or import hardware.
Environmental Health and Safety:
!
WARNING:
Risk of explosion if battery is replaced by an incorrect type.
Dispose of used batteries according to Avaya Environmental
Health and Safety guidelines.
Documentation:
For the most current versions of documentation, go to the
Avaya support Web site: http://www.avaya.com/support/
Copies of these Declarations of Conformity (DoCs) can be
obtained by contacting your local sales representative and
are available on the following Web site:
http://www.avaya.com/support
Japan
This is a Class A product based on the standard of the
Voluntary Control Council for Interference by Information
Technology Equipment (VCCI). If this equipment is used in a
domestic environment, radio disturbance may occur, in which
case, the user may be required to take corrective actions.
Table of Content
About this book 7
Contacting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8
Chapter 1 Introduction 9
Functional overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Additional features. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
VPNmanager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12
Plug-and-Play installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Hardware components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13
Ethernet ports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14
Chapter 2 Installing SG203 and SG208 Security Gateway 15
Site requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Environmental requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Site power considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15
Equipment requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16
Physical installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Required tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Safety recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Desktop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17
Rackmount . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18
Overview of front panel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Console port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19
Multi-interface ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20
Connecting the SG203/SG208 security gateway to the network . . . . . . . . . . . . . .20
Chapter 3 Setting up the security gateway for configuration 23
Connecting to the private port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Performing the quick setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24
Index 29
5
Avaya SG203/SG208 Security Gateway Hardware Installation Guide
6
About this book
The Avaya SG203 and SG208 Security Gateways are dedicated
hardware-based network security devices designed to provide overlay
security on an IP data network.
This guide describes the Avaya SG203 and SG208 Security Gateway
and how to install and preconfigure these devices. It is recommended that
you read the entire installation guide before installing the security
gateway.
Contacting Technical Support
Technical support is available to registered users of the Avaya security
gateway products.
Domestic support
• Toll free phone support: (866) 462-8292 (24x7)
• Email: vpnsupport@avaya.com
• Web: http://www.support.avaya.com
International support
• For regional support numbers, go to http://www.avayanetwork.com/
site/GSO/defaut.htm
March 2004 About this book 7
Documentation
Avaya SG203/SG208 Security Gateway Hardware Installation Guide
The security gateway documentation includes both the Hardware
Installation Guide and the Security Gateway Configuration Guide for
VPNos. Y ou can down load these guides from
http://www.support.avaya.com. Navigate to Product Documentation, VPN
and Security.
8 About this book March 2004
Chapter 1 Introduction
The Avaya SG203 and SG208 Security Gateways are high-performance
integrated firewall, security zone, and IPSec VPN gateway devices. They
are designed to provide the high capacity, scalability and reliability
required by your networks for IPSec/firewall services in one unit or
multiple units for enterprise headquarter locations requiring a rack
mountable device.
The security gateway is easy to configure and can either be managed
locally from the Web interface or remotely using Avaya VPNmanager™.
March 2004 Introduction 9
Loading...