Cisco ISA500 Series Quick Start Manual

Quick Start Guide

Cisco Small Business

ISA500 Series Integrated Security Appliances

Package Contents

• ISA500 Series Integrated Security Appliance

• Two Wi-Fi Antennas (for ISA550W and ISA570W only)

• Mounting Kits

• Power Cord and Adapter

• RJ-45 Ethernet Cable

• Quick Start Guide

• Product CD

France French Version on CD
Italian Version on CD
German Version on CD
Spanish-ES Version on CD

Welcome

1

2

Thank you for choosing the Cisco ISA500 Series Integrated Security
Appliances, a member of the Small Business Family. The ISA500 Series
are a set of Unified Threat Management (UTM) security appliances that
provide business class security gateway solutions with dual WAN, DMZ,
zone-based firewall, Site-to-Site and remote access VPN (including Cisco
IPSec VPN and SSL VPN) support, and Internet threat protection, such as
Intrusion Prevention System, Gateway Anti-Virus, Web URL Filter, Web
Reputation Filter, Email Reputation Filter, and Network Reputation.

This guide describes how to physically install the device and how to
launch the Startup Wizard to configure it.

Before You Begin

Before you begin the installation, make sure that you have the following
equipments and services:

• An active Internet account.

• Mounting kits and tools for installing the hardware. The kits packed with

the device are used for desktop placement and rack mounting. The kits
include 4 rubber feet, 2 brackets, 2 silicon rubber spacers, 8 M3
screws, 4 M5 screws, and 4 washers.

NOTE The Wall-mounting kit is not included.

• RJ-45 Ethernet cables (Category 5 or higher) for connecting computers,

WAN and LAN interfaces, or other devices.

• A computer with Microsoft Internet Explorer 8.0, or Mozilla Firefox 3.6.x
(or later) for using the web-based device Configuration Utility.

Getting to Know the Cisco ISA500 Series Integrated Security Appliances

This section lists the available model numbers to help you become familiar
with your security appliance, and shows the front panel and back panel of
the unit.

2 Cisco ISA500 Series Integrated Security Appliances Quick Start Guide

Product Models

Models Description Configuration

ISA550 Cisco ISA550 Integrated

Security Appliance

ISA550W Cisco ISA550 Integrated

Security Appliance with
WiFi

ISA570 Cisco ISA570 Integrated

Security Appliance

ISA570W Cisco ISA570 Integrated

Security Appliance with
WiFi

NOTE Any Configurable port can be configured to be a WAN, DMZ, or

1 WAN port, 2 LAN ports, 4
Configurable ports, and 1 USB 2.0 port

1 WAN port, 2 LAN ports, 4
Configurable ports, 1 USB 2.0 port, and

802.11b/g/n
1 WAN port, 4 LAN ports, 5

Configurable ports, and 1 USB 2.0 port
1 WAN port, 4 LAN ports, 5

Configurable ports, 1 USB 2.0 port, and

802.11b/g/n

LAN port. Only one Configurable port can be configured as a WAN port
at a time. Up to 4 Configurable ports can be configured as DMZ ports.

Front Panel

ISA550 Front Panel

ISA550

SPEED

LINK /ACT

1

USB

VPN

234

WAN LAN

56

CONFIGURABLEPOWER/SYS

7

Cisco

Small Business

ISA550W Front Panel

ISA550W

SPEED

LINK /ACT

1

USB

WLAN

VPN

234

WAN LAN

56

CONFIGURABLEPOWER/SYS

7

Cisco

Small Business

ISA570 Front Panel

ISA570

SPEED

LINK /ACT

1

USB

VPN

234

WAN LAN

56

8

910

7

CONFIGURABLEPOWER/SYS

Cisco ISA500 Series Integrated Security Appliances Quick Start Guide 3

Cisco

Small Business

282351

281983

282350

ISA570W Front Panel

ISA570W

SPEED

LINK /ACT

1

USB

VPN

WLAN

234

WAN LAN

56

8

910

7

CONFIGURABLEPOWER/SYS

Cisco

Small Business

Front Panel Lights

The following table describes the lights on the front panel of the security
appliance. These lights are used for monitoring system activity.

Lights Description

POWER/SYS Indicates the power status and system status.

• Solid green when the system is powered on and operates

normally.

• Flashes green when the system is booting.

• Solid amber when the system has a booting problem, a

device error occurs, or the system has a problem.

VPN Indicates the Site-to-Site VPN connection status.

• Solid green when the Site-to-Site VPN tunnel is

established.

• Flashes green when attempting to establish the Site-to­Site VPN tunnel.

• Flashes amber when the system is experiencing problems
setting up the Site-to-Site VPN connection and there is no
VPN connection up and running.

USB Indicates the USB device status.

• Solid green when a USB device is detected and operates

normally.

• Flashes green when the USB device is transmitting and
receiving data.

WLAN

(ISA550W and
ISA570W only)

Indicates the WLAN status.

• Solid green when the WLAN is up.

• Flashes green when the WLAN is transmitting and

receiving data.

281980

4 Cisco ISA500 Series Integrated Security Appliances Quick Start Guide

Lights Description

SPEED Indicates the traffic rate of the associated port.

• Off when the traffic rate is 10 or 100 Mbps.

• Solid green when the traffic rate is 1000 Mbps.

LINK/ACT Indicates a connection is being made through the port.

• Solid green when the link is up.

• Flashes green when the port is transmitting and receiving

data.

Back Panel

The back panel is where you connect the network devices. The ports on
the back panel vary depending on the model.

ISA550 and ISA550W Back Panel

Power

Switch

Reset

ANT01 ANT02

Button

7

6

5

CONFIGURABLE

USB

Configurable

Por t

Por ts

ISA570 and ISA570W Back Panel

ANT01 ANT02

ANT01 ANT02

6

8910

6

8910

7

7

CONFIGURABLE

CONFIGURABLE

USB

USB

Por t

Por t

Configurable

Configurable

Por ts

Por ts

5

5

4

4

4

LAN

LAN

Por ts

Por ts

LAN

LAN

3

LAN

LAN

Por ts

3

3

1

2

WAN

WAN

Por t

Reset

Reset

Button

Button

1

1
2

2

RESET

RESET
WAN

WAN

WAN

WAN

Por t

Por t

I

/

O

RESET

Power

Connector

Power

Power

Switch

Switch

I

I

/

/

O

O

Power

Power

Connector

Connector

12VDC

ANT02ANT01

POWER

12VDC

12VDC

POWER

POWER

281984

ANT02ANT01

ANT02ANT01

281981

281981

Cisco ISA500 Series Integrated Security Appliances Quick Start Guide 5

Back Panel Descriptions

3

Feature Description

ANT01/ANT02 Threaded connectors for the antennas (ISA550W and

ISA570W only).

USB Port Connects the unit to a USB device. You can use a USB

device to save and restore the configurations, or to upgrade
the firmware images.

Configurable
Ports

LAN Ports Connects PCs and other network appliances to the unit.

WAN Port Connects the unit to a DSL or cable modem, or other WAN

RESET Button To restore the factory default settings, push and hold the

Power Switch Powers the unit on or off.
Power Connector Connects the unit to power using the supplied power cord

Can be set to operate as WAN, LAN, or DMZ ports. The
ISA550 and ISA550W have 4 Configurable ports. The
ISA570 and ISA570W have 5 Configurable ports.

OTE Only one Configurable port can be configured as a

N

WAN port at a time. Up to 4 Configurable ports can be
configured as DMZ ports.

The ISA550 and ISA550W have 2 Dedicated LAN ports.
The ISA570 and ISA570W have 4 Dedicated LAN ports.

connectivity device.

RESET button for minimum of 3 seconds while the unit is
powered on. The POWER/SYS light will flash green when
the system is rebooting.

and adapter.

Default Settings

Parameter Default Value

Username cisco
Password cisco
LAN IP 192.168.1.1
DHCP Range 192.168.1.100 to 200
Netmask 255.255.255.0
GUEST VLAN 192.168.2.1

Mounting the Cisco ISA500 Series Integrated Security Appliances

You can place your security appliance on a desktop, mount it on a wall, or
mount it in a rack.

6 Cisco ISA500 Series Integrated Security Appliances Quick Start Guide

Placement Tips

1

2

4

3

196243

• Ambient Temperature: To prevent the security appliance from
overheating, do not operate it in an area that exceeds an ambient
temperature of 104°F (40°C).

•Air Flow: Be sure that there is adequate air flow around the security
appliance.

• Mechanical Loading: Be sure that the security appliance is level and
stable to avoid any hazardous conditions.

To place your security appliance on a desktop, install the supplied four
rubber feet on the bottom of the security appliance. Place the security
appliance on a flat surface.

Wall Mounting

There is no wall-mounting kit included with your security appliance. We
recommend that you use the following mounting screws to install your
security appliance to the wall or the ceiling:

1 8 mm/0.32 in 2 25 mm/0.98 in 3 6.5 mm/0.26 in 4 18.6 mm/0.73 in

WARNING Insecure mounting might damage the device or cause injury.

Cisco is not responsible for damages incurred by improper
wall-mounting.

STEP 1 Determine where you want to mount the security appliance. Verify

that the surface is smooth, flat, dry, and sturdy.

STEP 2 Insert two 18.6 mm (0.73 inch) screws, with anchors, into the wall

234 mm apart (9.21 inches) horizontally. Leave 3 to 4 mm (about 1/
8 inch) of the screw threads beneath the screw head exposed.

Cisco ISA500 Series Integrated Security Appliances Quick Start Guide 7

S

TEP 3 Place the wall-mount slots over the screws and slide the unit down

until the screws fit snugly into the wall-mount slots.

Rack Mounting

You can mount the security appliance in any standard size, 19-inch (about
48 cm) wide rack. The security appliance requires 1 rack unit (RU) of
space, which is 1.75-inch (44.45 mm) high. The rack-mounting kit is
included with the unit.

CAUTION Do not overload the power outlet or circuit when installing

multiple devices in a rack.

STEP 1 Place one of the supplied silicon rubber spacers on the side of the

security appliance so that the four holes align to the screw holes.
Place the rack mount bracket next to the silicon rubber spacer and
install the M3 screws.

If the M3 screws are not long enough to reattach the bracket with
the silicon rubber spacer, attach the bracket directly to the case
without the silicon rubber spacer.

STEP 2 Install the security appliance into a standard rack as shown below.

Place the washers on the brackets so that the holes align to the
screw holes and then install the M5 screws.

Step 1

8 Cisco ISA500 Series Integrated Security Appliances Quick Start Guide

Step 2

281985

Connecting the Cisco ISA500 Series

4

Integrated Security Appliances

STEP 1 Connect the security appliance to power using the supplied power

cord and adapter. Make sure that the power switch is turned off.

STEP 2 If you are installing the ISA550W or ISA570W, screw each antenna

onto a threaded connector on the back panel. Orient each antenna
to point upward.

STEP 3 For a DSL or cable modem, or other WAN connectivity devices,

connect an Ethernet network cable from the device to the WAN
port on the back panel. Cisco strongly recommends using Cat5E or
better cable.

STEP 4 (Optional) For network devices, connect an Ethernet network cable

from the network device to an available LAN port on the back
panel. For a Cisco UC500 or UC300 network device, connect the
WAN port of the UC500 or UC300 to an available LAN port on the
back panel.

STEP 5 Power on the connected devices.

STEP 6 Power on the security appliance. The lights on the front panel for

all connected ports light up to show active connections.

A sample configuration is illustrated below.

Internet

1

WAN

Access
Device

I

/

O

RESET

Power

12VDC

POWER

ANT02ANT01

Public

Web Server

8910

CONFIGURABLE

Network
Devices

6

7

5

2

4

3

LAN

Cisco ISA500 Series Integrated Security Appliances Quick Start Guide 9

281982

Getting Started with the Configuration

5

6

After you install the security appliance, configure it by using the Startup
Wizard.

STEP 1 Connect a computer to an available LAN port on the back panel of

the security appliance.

Your PC will become a DHCP client of the security appliance and
will receive an IP address in the 192.168.1.x range.

STEP 2 Start a web browser. In the Address bar, enter the default LAN IP

address of the security appliance: 192.168.1.1.

STEP 3 When the login page opens, enter the username and password.

The default username is “cisco”. The default password is “cisco”.
Usernames and passwords are case sensitive.

STEP 4 Click Login.

For the first login, you are forced to change the default username
and password of the default administrator account. After you
change them, the Startup Wizard launches.

STEP 5 Follow the on-screen prompts to complete the initial configuration

such as remote management, port, WAN, LAN, DMZ, WAN
redundancy, and WLAN (for ISA550W and ISA570W only).

Suggested Next Steps

Congratulations, you are now ready to start using your security appliance.

You may want to consider taking some of the following tasks to secure
your security appliance and network:

• Configure the VLANs, DMZs, and WLANs.

• Configure the zones.

• Configure the WAN redundancy if you have two ISP links.

• Configure the zone-based firewall.

• Configure the UTM services such as Intrusion Prevention System, Anti-

Virus, Email Reputation Filter, Web URL Filter, and Web Reputation Filter.

• Configure the VPNs for Site-to-Site and remote secure access.

• Configure the WAN, LAN, and Wireless QoS settings.

10 Cisco ISA500 Series Integrated Security Appliances Quick Start Guide

• Upgrade your firmware to the latest version.

7

To configure these features, you can use the wizards or menus in the left
navigation pane of the Configuration Utility. For complete details, see the
Cisco ISA500 Series Integrated Security Appliances Administration Guide
at: www.cisco.com/go/isa500resources.

Where to Go From Here

Support

Cisco Small Business
Support Community

Cisco Small Business
Support and Resources

Phone Support Contacts www.cisco.com/go/sbsc

Firmware Download www.cisco.com/go/isa500software

Product Documentation

Cisco ISA500 Series
Integrated Security
Appliances Technical
Documentation

Cisco Small Business

Cisco Partner Central for
Small Business (Partner
Login Required)

Cisco Small Business Home www.cisco.com/smb

www.cisco.com/go/smallbizsupport

www.cisco.com/go/smallbizhelp

www.cisco.com/go/isa500resources

www.cisco.com/web/partners/sell/smb

Cisco ISA500 Series Integrated Security Appliances Quick Start Guide 11

Americas Headquarters

Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
www.cisco.com
Small Business Support, Global: www.cisco.com/go/sbsc

Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S.

78-19625-01

and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/

trademarks. Third party trademarks mentioned are the property of their respective owners.

The use of the word partner does not imply a partnership relationship between Cisco and any
other company. (1005R)

© 2011 Cisco Systems, Inc. All rights reserved.