H3C F1000-A INSTALLATION GUIDE

H3C SecPath F1000-A Firewall

Installation Manual

Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com

Manual Version: T2-08044H-20070622-C-1.03

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.

Trademarks

H3C, , Aolynk, , H3Care, Neocean, NeoVTL, SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd.

All other trademarks that may be mentioned in this manual are the property of their respective owners.

Notice

The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the content s, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.

To obtain the latest information, please access: http://www. h3c.com

Technical Support

customer_service@h3c.com http://www. h3c.com

, TOP G, , IRF, NetPilot,

G, VnG, PSPT, XGbus, N-Bus, TiGem, InnoVision and

About This Manual

I. Command conventions

6 Hardware Maintenance

7 Troubleshooting

8 Multifunctional Interface Modules

Convention Description

Boldface

italic

The keywords of a command line are in Boldface. Command arguments are in italic.

Introduces system hardware maintenance, including replacing DDR SDRAM.

Lists common system failures and specific locating methods.

Details appearance, panel and LEDs of the functional modules available on the SecPath F1000-A, as well as module installation and connection of interface cables.

[ ]

{ x | y | ... }

[ x | y | ... ]

{ x | y | ... } *

[ x | y | ... ] *

&<1-n>

# A line starting with the # sign is comments.

Items (keywords or arguments) in square brackets [ ] are optional.

Alternative items are grouped in braces and separated by vertical bars. One is selected.

Optional alternative items are grouped in square brackets and separated by vertical bars. One or none is selected.

Alternative items are grouped in braces and separated by vertical bars. A minimum of one or a maximum of all can be selected.

Optional alternative items are grouped in square brackets and separated by vertical bars. Many or none can be selected.

The argument(s) before the ampersand (&) sign can be entered 1 to n times.

II. GUI conventions

Convention Description

< >

[ ]

Button names are inside angle brackets. For example, click <OK>.

Window names, menu items, data table and field names are inside square brackets. For example, pop up the [New User] window.

Multi-level menus are separated by forward slashes. For example, [File/Create/Folder].

III. Symbols

Convention Description

Means reader be extremely careful. Improper operation

Warning

Caution

 Note Means a complementary description.

may cause bodily injury. Means reader be careful. Improper operation may cause

data loss or damage to equipment.

Environmental Protection

This product has been designed to comply with the requirements on environmental protection. For the proper storage, use and disposal of this product, national laws and regulations must be observed.

Installation Manual H3C SecPath F1000-A Firewall Table of Contents

Table of Contents

Chapter 1 Product Overview........................................................................................................1-1

1.1 Brief Introduction................................................................................................................ 1-1

1.2 Hardware Features ............................................................................................................ 1-2

1.2.1 Appearance............................................................................................................. 1-2

1.2.2 System Description ................................................................................................. 1-2

1.2.3 LEDs........................................................................................................................ 1-3

1.2.4 Attributes of the Fixed Interfaces ............................................................................ 1-4

1.2.5 MIM ......................................................................................................................... 1-6

Chapter 2 Preparation for Installation.........................................................................................2-1

2.1 Site Requirements ............................................................................................................. 2-1

2.1.1 Temperature/Humidity............................................................................................. 2-1

2.1.2 Cleanness ............................................................................................................... 2-1

2.1.3 ESD Prevention....................................................................................................... 2-2

2.1.4 Electromagnetic Environment ................................................................................. 2-3

2.1.5 Lightning Protection ................................................................................................ 2-3

2.1.6 Mounting Rack ........................................................................................................ 2-3

2.2 Safety Precautions............................................................................................................. 2-3

2.3 Unpacking Check............................................................................................................... 2-4

2.4 Tools, Meters, and Devices ............................................................................................... 2-4

Chapter 3 Hardware Installation .................................................................................................. 3-1

3.1 Installation Procedure ........................................................................................................ 3-1

3.2 Mounting the Device .......................................................................................................... 3-2

3.2.1 Tabletop/Workbench-Mounting the Device............................................................. 3-2

3.2.2 Rack-Mounting the Device...................................................................................... 3-2

3.3 Installing an MIM................................................................................................................ 3-3

3.4 Connecting the Grounding Wires....................................................................................... 3-3

3.5 Connecting to the Console Terminal ................................................................................. 3-4

3.6 Connecting the Ethernet Interface..................................................................................... 3-5

3.7 Connecting a PSU ............................................................................................................. 3-8

3.7.1 Connecting an AC-Input PSU ................................................................................. 3-8

3.7.2 Connecting a DC-Input PSU ................................................................................. 3-10

3.8 Verifying Installation......................................................................................................... 3-10

Chapter 4 Booting and Configuration......................................................................................... 4-1

4.1 Booting............................................................................................................................... 4-1

4.1.1 Setting up a Configuration Environment ................................................................. 4-1

4.1.2 Powering up the Firewall......................................................................................... 4-4

4.1.3 Booting Process ...................................................................................................... 4-5

Installation Manual H3C SecPath F1000-A Firewall Table of Contents

4.2 Configuration Fundamentals.............................................................................................. 4-6

4.2.1 Basic Configuration Procedures.............................................................................. 4-6

4.2.2 Command Line Interface......................................................................................... 4-7

Chapter 5 Software Maintenance................................................................................................. 5-1

5.1 Introduction ........................................................................................................................ 5-1

5.1.1 Boot Menu ............................................................................................................... 5-1

5.1.2 Upgrading the Application and Boot ROM Programs Using XModem.................... 5-3

5.1.3 Backing up and Restoring the Extended Segment of the Boot ROM ..................... 5-6

5.1.4 Upgrading an Application Program Using TFTP..................................................... 5-7

5.1.5 Uploading/Downloading a Program/File Using FTP ............................................... 5-9

5.1.6 Modifying Boot ROM Password ............................................................................ 5-13

5.1.7 Resetting a Lost Password ................................................................................... 5-14

Chapter 6 Hardware Maintenance................................................................................................6-1

6.1 Preparing Tools.................................................................................................................. 6-1

6.2 Opening the Chassis Cover............................................................................................... 6-1

6.3 Replacing a DDR SDRAM ................................................................................................. 6-2

6.3.1 Locating the DDR SDRAMs on the Mainboard....................................................... 6-4

6.3.2 Removing a DDR SDRAM ...................................................................................... 6-5

6.3.3 Installing a DDR SDRAM ........................................................................................ 6-6

6.4 Closing the Chassis Cover ................................................................................................ 6-6

6.5 Replacing an MIM.............................................................................................................. 6-7

Chapter 7 Troubleshooting .......................................................................................................... 7-1

7.1 Troubleshooting the Power System................................................................................... 7-1

7.2 Troubleshooting the Configuration System ....................................................................... 7-1

7.3 Troubleshooting the Software Upgrade............................................................................. 7-2

Chapter 8 Multifunctional Interface Modules ............................................................................. 8-1

8.1 Multifunctional Interface Module Options .......................................................................... 8-1

8.2 Installing and Removing an MIM ....................................................................................... 8-1

8.3 Troubleshooting an MIM .................................................................................................... 8-3

8.4 1FE/2FE/4FE Module ........................................................................................................ 8-3

8.4.1 Introduction.............................................................................................................. 8-3

8.4.2 Appearance............................................................................................................. 8-3

8.4.3 Interface Attributes .................................................................................................. 8-5

8.4.4 Panel and Interface LEDs ....................................................................................... 8-5

8.4.5 Interface Cable........................................................................................................ 8-6

8.4.6 Connecting the Interface Cable............................................................................... 8-8

8.5 1GBE/2GBE Module.......................................................................................................... 8-9

8.5.1 Introduction.............................................................................................................. 8-9

8.5.2 Appearance............................................................................................................. 8-9

8.5.3 Interface Attributes .................................................................................................. 8-9

8.5.4 Panel and Interface LEDs ..................................................................................... 8-10

Installation Manual H3C SecPath F1000-A Firewall Table of Contents

8.5.5 Interface Connection Cable................................................................................... 8-10

8.5.6 Connecting the Interface Cable............................................................................. 8-11

8.6 1GEF/2GEF Module ........................................................................................................ 8-12

8.6.1 Introduction............................................................................................................ 8-12

8.6.2 Appearance........................................................................................................... 8-12

8.6.3 Interface Attributes ................................................................................................ 8-13

8.6.4 Panel and Interface LEDs ..................................................................................... 8-13

8.6.5 Interface Connection Fiber Cable ......................................................................... 8-14

8.6.6 Connecting the Interface Fiber Cable ................................................................... 8-15

8.7 SSL Module ..................................................................................................................... 8-15

8.7.1 Introduction............................................................................................................ 8-15

8.7.2 Appearance........................................................................................................... 8-15

8.7.3 Module Attributes .................................................................................................. 8-16

8.7.4 Panel and Module LEDs ....................................................................................... 8-16

8.7.5 Troubleshooting SSL Module................................................................................ 8-17

iii

Installation Manual H3C SecPath F1000-A Firewall List of Figures

List of Figures

Figure 1-1 Front panel of the H3C SecPath F1000-A............................................................ 1-2

Figure 1-2 Rear panel of the H3C SecPath F1000-A ............................................................ 1-2

Figure 3-1 Installation procedure ........................................................................................... 3-1

Figure 3-2 Install the H3C SecPath F1000-A firewall in a rack.............................................. 3-3

Figure 3-3 Grounding screw on the firewall ........................................................................... 3-4

Figure 3-4 Console cable assembly....................................................................................... 3-5

Figure 3-5 Ethernet cable assembly ...................................................................................... 3-6

Figure 3-6 Power socket on the AC-powered firewall............................................................ 3-9

Figure 4-1 Local configuration through the console port ....................................................... 4-1

Figure 4-2 Set up a new connection ...................................................................................... 4-2

Figure 4-3 Select serial interface ........................................................................................... 4-2

Figure 4-4 Set communications parameters.......................................................................... 4-3

Figure 4-5 Settings tab........................................................................................................... 4-4

Figure 5-1 Send File dialog box ............................................................................................. 5-4

Figure 5-2 Sending File interface........................................................................................... 5-4

Figure 5-3 Set up an environment for local uploading/downloading using FTP.................... 5-9

Figure 5-4 Set up an environment for remote uploading/downloading using FTP .............. 5-10

Figure 6-1 Open the chassis.................................................................................................. 6-2

Figure 6-2 DDR SDRAM maintenance flow........................................................................... 6-3

Figure 6-3 Position of the DDR SDRAMs, Flash, and Boot ROM on the mainboard ............ 6-5

Figure 6-4 Remove a DDR SDRAM ......................................................................................6-5

Figure 6-5 Close the chassis cover........................................................................................6-7

Figure 8-1 Install the MIM I .................................................................................................... 8-2

Figure 8-2 Install the MIM II ................................................................................................... 8-2

Figure 8-3 1FE module ..........................................................................................................8-4

Figure 8-4 2FE module ..........................................................................................................8-4

Figure 8-5 4FE module ..........................................................................................................8-4

Figure 8-6 1FE module panel ................................................................................................8-5

Figure 8-7 2FE module panel ................................................................................................8-5

Figure 8-8 4FE module panel ................................................................................................8-5

Installation Manual H3C SecPath F1000-A Firewall List of Figures

Figure 8-9 Ethernet cable ...................................................................................................... 8-6

Figure 8-10 Category-5 twisted-pair cable............................................................................. 8-7

Figure 8-11 1GBE module ..................................................................................................... 8-9

Figure 8-12 2GBE module .....................................................................................................8-9

Figure 8-13 1GBE module panel .........................................................................................8-10

Figure 8-14 2GBE module panel .........................................................................................8-10

Figure 8-15 Ethernet cable .................................................................................................. 8-11

Figure 8-16 Category-5 twisted-pair cable........................................................................... 8-11

Figure 8-17 1GEF module ................................................................................................... 8-12

Figure 8-18 2GEF module ................................................................................................... 8-12

Figure 8-19 1GEF module panel.......................................................................................... 8-14

Figure 8-20 2GEF module panel.......................................................................................... 8-14

Figure 8-21 SSL module ...................................................................................................... 8-16

Figure 8-22 SSL module panel ............................................................................................ 8-16

Installation Manual H3C SecPath F1000-A Firewall List of Tables

List of Tables

Table 1-1 Technical specifications of the H3C SecPath F1000-A.......................................... 1-2

Table 1-2 LEDs on the front panel of the H3C SecPath F1000-A.......................................... 1-3

Table 1-3 Attributes of the console port.................................................................................. 1-4

Table 1-4 Attributes of the AUX port....................................................................................... 1-4

Table 1-5 Attributes of the GE electrical interfaces ................................................................ 1-5

Table 1-6 Attributes of the GE optical interfaces .................................................................... 1-5

Table 2-1 Temperature/Humidity requirements in the equipment room ................................. 2-1

Table 2-2 Limit to the content of dust in an equipment room .................................................2-2

Table 2-3 Limits on the contents of harmful gases in the equipment room............................ 2-2

Table 3-1 Dimensions of the firewall ...................................................................................... 3-2

Table 6-1 Memory specifications ............................................................................................ 6-4

Table 8-1 Interface attributes of the 1FE, 2FE and 4FEmodules ........................................... 8-5

Table 8-2 LEDs on the 1FE/2FE/4FE module ........................................................................ 8-6

Table 8-3 Straight-through cable pinout ................................................................................. 8-7

Table 8-4 Crossover cable pinout...........................................................................................8-7

Table 8-5 Interface attributes of the 1GBE/2GBE module ..................................................... 8-9

Table 8-6 LEDs on the 1GBE/2GBE module........................................................................ 8-10

Table 8-7 Interface attributes of the 1GEF/2GEF module.................................................... 8-13

Table 8-8 LEDs on the 1GEF/2GEF module ........................................................................ 8-14

Table 8-9 SSL module attributes .......................................................................................... 8-16

Table 8-10 LEDs on the SSL module ................................................................................... 8-16

Installation Manual H3C SecPath F1000-A Firewall Chapter 1

Chapter 1 Product Overview

1.1 Brief Introduction

H3C SecPath F1000-A Firewall is a new-generation firewall intended for the use on

enterprise networks. It can act as the egress firewall for medium businesses and

internal firewall for large and medium enterprises.

H3C SecPath F1000-A Firewall provides:

z Two fixed 10/100/1000 Mbps auto-sensing Ethernet interfaces that can be optical

or electrical

z One multifunctional interface module (MIM) expansion slot, which currently can

accommodate 1FE/2FE/4FE/1GBE/2GBE/1GEF/2GEF/SSL module

z Dual-power redundancy (AC+AC model and DC+DC model)

z Inside-chassis temperature detection, network management and carrier-class

reliability

Product Overview

It supports such features as external attack defense, TCP proxy, internal network

security, traffic policing, web filtering, and email filtering, to effectively safeguard your

network.

It adopts the application specific packet filtering (ASPF) technology to monitor

connection process and malicious commands and works together with access control

lists (ACLs) to implement dynamic packet filtering.

It provides various intelligent analysis and management methods, supports email

alarming and multiple logs, and provides network management monitoring to help

network administrators perform network security management.

It supports authentication, authorization and accounting (AAA), network address

translation (NAT), hybrid mode, and object oriented management to ensure security

and guaranteed services to the private networks constructed on the open Internet.

It supports multiple virtual private network (VPN) services, such as layer 2 tunneling

protocol (L2TP) VPN, IP security (IPsec) VPN, generic routing encapsulation (GRE)

VPN, and dynamic VPN, and allows users to build various VPNs, like Internet, Intranet,

and remote access VPNs using customized remote-user access approaches, such as

dial-up, leased line, virtual LAN (VLAN), and tunneling.

It provides basic routing features, including routing information protocol (RIP), open

shortest path first (OSPF), border gateway protocol (BGP) routing policy and policy

routing, and also provides abundant QoS (quality of service) features, such as traffic

policing, traffic shaping and queue scheduling.

It supports deeper application recognition (DAR) to recognize and classify packets

more deeply, enhancing the control over data flows.

1-1

Installation Manual H3C SecPath F1000-A Firewall Chapter 1

It supports active/standby switchover to protect current services against interruption,

eliminating the defects of traditional networking solution, for example, VRRP

networking solution.

You can upgrade the application and Boot ROM programs on line to add features and

extend functions.

Designed taking into considerations the national and international standards dominant

in China, North America, Europe, Australia, and Japan, the SecPath Series Firewall

complies with the requirements of these countries and regions in EMC, safety, and

network access.

1.2 Hardware Features

1.2.1 Appearance

Product Overview

Figure 1-1 Front panel of the H3C SecPath F1000-A

Figure 1-2 Rear panel of the H3C SecPath F1000-A

1.2.2 System Description

Table 1-1 Technical specifications of the H3C SecPath F1000-A

Item Description

MIM slot One

Fixed interface

Boot ROM 512 Kb

Two 10/100/1000 Mbps Ethernet interfaces (applicable to both optical and electrical modes)

One auxiliary port (AUX)

One console port (CON)

DDR SDRAM

Flash memory

Default: 512 MB

Max: 1 GB

Default: 16 MB

Max: 32 MB

1-2

Installation Manual H3C SecPath F1000-A Firewall Chapter 1

Item Description

Product Overview

Physical dimensions (H × W × D)

44 × 436 × 430 mm (1.7 × 17.2 × 16.9 in.), excluding the rubber feet

Rated voltage range: 100 VAC to 240 VAC, 50 Hz or 60 Hz

AC+AC

Input

Max voltage range: 90 VAC to 264 VAC, 50 Hz or 60 Hz

Rated current: 1.5 A

power

Rated voltage range: – 60 VDC to –48 VDC

DC+DC

Max voltage range: – 72 VDC to –36 VDC

Rated current: 1.5 A

Max power consumption

Operating temperature

Operating humidity (non-condensing)

100 W

0°C to 40°C (32°F to 104°F

10% to 90%

)

 Note:

Double data rate synchronous dynamic random access memory (DDR DSRAM) stores

the communication data with the CPU and running system.

Flash memory stores application files, exceptional information and configuration files.

Boot read only memory (Boot ROM) stores the bootstrap program files.

1.2.3 LEDs

The following table describes the LEDs on the front panel of the H3C SecPath F1000-A

and describes how to read their status.

Table 1-2 LEDs on the front panel of the H3C SecPath F1000-A

LED Description

Power supply unit (PSU) LED:

PWR0

OFF means the PWR0 is not supplying power to the device; ON means the PWR0 is supplying power to the device.

PSU LED:

PWR1

OFF means the PWR1 is not supplying power to the device; ON means the PWR1 is supplying power to the device.

System operating status LED:

SYS

On means the system is operating normally; OFF means the system is operating abnormally.

1-3

Installation Manual H3C SecPath F1000-A Firewall Chapter 1

LED Description

Software running LED:

ACT

Blinking means the software is operating normally; OFF means the software is faulty.

Product Overview

LINK

GE interface LED:

ON means a link is present; OFF means no link is present.

GE interface LED:

ACTIVE

ON means data are being transmitted/received on the interface; OFF means no packets are being transmitted/received on the interface.

1.2.4 Attributes of the Fixed Interfaces

I. Console port (CON)

Table 1-3 Attributes of the console port

Attribute Description

Connector RJ-45

Standard RS-232

Baud rate 1200 bps to 115200 bps, defaults to 9600 bps

Connected to an ASCII terminal

Services

Connected to the serial interface of a local PC running terminal emulation software

Command line interface (CLI)

II. Auxiliary port (AUX)

Table 1-4 Attributes of the AUX port

Attribute Description

Connector RJ-45

Standard RS-232

Baud rate 1200 bps to 115200 bps

Services

Modem dial-up

Backup

1-4

Installation Manual H3C SecPath F1000-A Firewall Chapter 1

III. Gigabit Ethernet (GE) Interface

On the H3C SecPath F1000-A, the SRPU board provides two 10/100/1000 Mbps

Ethernet interfaces: Ethernet 0 (right) and Ethernet 1 (left), each as optical or electric

interface. The electric interface uses the RJ-45 connector and the optical interface uses

the Small Form-Factor Pluggable (SFP) connector.

Five 1000Base-FX SFP optical transceiver options are available for the H3C SecPath

F1000-A: multi-mode short-haul (850 nm), single mode medium-haul (1310 nm), single

mode long-haul (1310 nm), single mode long-haul (1550 nm), and single mode

ultra-long haul (1550 nm). They all provide LC interfaces and are hot swappable.

The following table shows the Ethernet interface attributes of the H3C SecPath

F1000-A:

Table 1-5 Attributes of the GE electrical interfaces

Attribute Description

Connector RJ-45

Product Overview

Interface type auto-MDI/MDIX

Frame format

Ethernet_II

Ethernet_SNAP

10/100/1000 Mbps auto-sensing

Operating mode

Full duplex/Half-duplex

(1000 Mbps and half-duplex cannot be used at the same time)

Table 1-6 Attributes of the GE optical interfaces

Description

Attribute

Multi-mo

short-ha

ul (850

nm)

Single

mode

medium-ha

ul (1310

nm)

Single

mode

short-haul

(1310 nm)

Connector SFP/LC

Optical fiber

62.5/125 μm

multi-mod e fiber

9/125μm

single-mod e fiber

9/125μm

single-mod e fiber

Single

mode

long-haul

(1550 nm)

9/125μm

single-mod e fiber

Single

mode

ultra-long

haul (1550

nm)

9/125μm

single-mod e fiber

Max transmission distance

0.55 km (0.34 mi)

10 km (6.21 mi)

1-5

40 km (24.86 mi)

70 km (43.5 mi)

Installation Manual H3C SecPath F1000-A Firewall Chapter 1

Description

Product Overview

Attribute

Central wavelength

tter optical power

Receiver sensitivity

Operating mode

Frame format

 Note:

Multi-mo

short-ha

ul (850

nm)

Single

mode

medium-ha

ul (1310

nm)

Single

mode

short-haul

(1310 nm)

Single

mode

long-haul

(1550 nm)

Single

mode

ultra-long

haul (1550

nm)

850 nm 1310 nm 1310 nm 1550 nm 1550 nm

Min -9.5 dBm -9 dBm -2 dBm -4 dBm -4 dBm Transmi

Max 0 dBm -3 dBm 5 dBm 1 dBm 2 dBm

-17 dBm -20 dBm -23 dBm -21 dBm -22 dBm

1000 Mbps

Full duplex

Ethernet_II

Ethernet_SNAP

1.2.5 MIM

z When using optical transceivers, select those that have been approved by our

company.

z Before performing switchover between electrical/optical interfaces, you need to first

disable the rate and duplex mode configurations in the current mode (electrical or

optical), and then configure the interface after the switchover.

The H3C SecPath F1000-A provides one extended MIM slot where one of the following

MIMs can be installed:

z 1-port 10Base-T/100Base-TX Fast Ethernet interface module (1FE)

z 2-port 10Base-T/100Base-TX Fast Ethernet interface module (2FE)

z 4-port 10Base-T/100Base-TX Fast Ethernet interface module (4FE)

z 1-port 10Base-T/100Base-T/1000Base-TX Ethernet interface module (1GBE)

z 2-port 10Base-T/100Base-T/1000Base-TX Ethernet interface module (2GBE)

z 1-port 1000Base-LX/1000Base-SX optical interface module (1GEF)

z 2-port 1000Base-LX/1000Base-SX optical interface module (2GEF)

z Security socket layer encryption module (SSL)

For more information on the MIMs, see

1-6

Chapter 8 “Multifunctional Interface Module”.

Installation Manual H3C SecPath F1000-A Firewall Chapter 1

Product Overview

1-7

Installation Manual H3C SecPath F1000-A Firewall Chapter 2

Chapter 2 Preparation for Installation

2.1 Site Requirements

The H3C SecPath Series Firewalls must be used indoors. To guarantee the normal

operation and long service life of your device, install it in an environment that can meet

the requirements in the following subsections.

2.1.1 Temperature/Humidity

The equipment room must maintain adequate temperature and humidity. Long-lasting

high humidity is prone to cause bad insulation and even electricity creepage.

Sometimes the mechanical performance changes of materials, the rustiness and

corrosion of some metal parts are also likely to occur. If the relative humidity is too low,

the captive screws can become loose due to insulation washer contraction. Meanwhile,

the static is likely produced in the dry environments, jeopardizing the CMOS circuit of

the product. The higher the temperature is, the greater the damage to your device.

Long-lasting high temperature can speed up the aging of the insulation materials,

greatly lower the device reliability, and hence significantly shorten its service life.

Preparation for Installation

The following table lists the temperature and humidity requirements.

Table 2-1 Temperature/Humidity requirements in the equipment room

0°C to 40°C (32°F to 104°F)

2.1.2 Cleanness

Dust is a hazard to the operating safety of your device. The dust accumulated on the

chassis can cause electrostatic adsorption, one of the sources that cause the poor

contact of connectors or metal contact points. This not only shortens the service life of

your device but also causes communications failures. When the indoor relative

humidity is low, electrostatic adsorption is more likely to happen.

The equipment room must be free of explosion hazards and the electrical and magnetic

conductible dust as well. The contents of the dust must be limited as shown in the

following table:

Temperature Relative humidity

10% to 90% (noncondensing)

2-1

Installation Manual H3C SecPath F1000-A Firewall Chapter 2

Table 2-2 Limit to the content of dust in an equipment room

Substance Unit Content

≤ 3 X 10

Dust Particles/m³

(No visible dust on the table top for three days)

Note: diameter of a dust particle ≥ 5μm

Besides the dust, there are rigorous limits on the harmful gases that can accelerate the

erosion and aging of metals, such as salts, acids, and sulfides, as shown in the

following table.

Table 2-3 Limits on the contents of harmful gases in the equipment room

Gas Maximum (mg/m3)

Preparation for Installation

H2S 0.006

2.1.3 ESD Prevention

Although the H3C SecPath Series Firewall is designed to be electrostatic discharge

(ESD) preventive, the card circuits and even the device can be badly damaged when

excessive static electricity is present.

On the communication network connected to your device, the static electricity mainly

comes from the outside electrical fields, such as outdoor high-voltage power cables

and lightning, and from the indoor environments, floor materials and the internal system

such as the equipment frame. To prevent damage, observe the following:

z Connect your device and the floor to the earth ground properly.

z Keep the equipment room as clean as possible.

z Maintain adequate temperature and humidity.

z Wear an ESD-preventive wrist strap and clothes when handling the circuit board.

z Place the removed circuit board upward on the ESD-preventive workbench, or into

a static shielding bag.

z Hold the circuit board by its edge when observing or moving it, avoiding direct

contact with the elements on it.

0.2

0.05

0.01

2-2

Installation Manual H3C SecPath F1000-A Firewall Chapter 2

2.1.4 Electromagnetic Environment

All interference sources, wherever they are from, impact the firewall negatively in the

conducted emission patterns of capacitance coupling, inductance coupling,

electromagnetic wave radiation, and common impedance (including the grounding

system) coupling. To resist the interference, make sure to:

z Take effective measures against the interference caused by the power supply grid.

z Use a grounding system or lightning protection grounding different from that for the

power supply equipment and keep them as far as possible.

z Keep the device far from strong the power radio launchers, radar launchers, and

high frequency and high-current equipment.

z Use electromagnetic shielding when necessary.

2.1.5 Lightning Protection

Although the H3C SecPath Series Firewall is designed to be lightning resistant, your

device can get damaged when excessive lightning is present. To protect your device

against lightning,

Preparation for Installation

z Ensure the chassis is connected to the earth ground.

z Ensure the earth point of the power socket is well connected to the earth ground.

z Add a lightning arrester onto the front end of the power input to better protect the

power supply from lightning strikes.

2.1.6 Mounting Rack

When installing the device in a rack, make sure that:

z There is adequate clearance between the air inlet/exhaust vents and the rack for

ventilation.

z The rack has a good ventilation system.

z The rack is firm enough to support the device and its accessories.

z The rack is well earthed.

2.2 Safety Precautions

Be sure that you observe all safety precautions when you install your device and pay

adequate attention to the following icons:

Warning appears in operation procedures that, if performed incorrectly, might

cause bodily injury to the operators or damage the device.

Caution means care should be taken in these operations during installation and

use. Improper operations may result in abnormal running of the device.

2-3

Installation Manual H3C SecPath F1000-A Firewall Chapter 2

Follow these safety precautions when installing or using your device:

z Keep the device far from the moisture and heat sources.

z Make sure that the device is well earthed.

z Always wear an ESD-preventive wrist strap when installing and maintaining the

SecPath 1000F, making sure the strap has good skin-contact.

z Do not hot-swap the console cable and auxiliary cable.

z Do not look directly into the fiber Tx port or the optical connector connected to it.

z You are recommended to use Uninterrupted Power Supply (UPS) for the firewall.

2.3 Unpacking Check

Check the arrived shipment against the packing list, making sure all the items are

included and in good condition. Contact your agent for shortage or wrong delivery.

2.4 Tools, Meters, and Devices

I. Tools

Preparation for Installation

z Phillips screwdriver

z Flat-blade screwdriver

z ESD-preventive wrist strap

z Static shielding bag

II. Cables

z Grounding wire and power cord

z Console cable

z Interface cable (optional)

III. Meters and devices

z HUB or LAN switch

z Console terminal (or PC)

z Multimeter

 Note:

The installation tools, meters and devices are not shipped with the firewall.

2-4

Installation Manual H3C SecPath F1000-A Firewall Chapter 3

Chapter 3 Hardware Installation

3.1 Installation Procedure

Start

Install the cabinet (optional)

Install the device at the

specified place

Connect the grounding wires

Connect the power cord

Hardware Installation

Connect the consol e

terminal to device

Verify the installation

Power up the device

Normal?

YES

Power down the device and

remove the power cord

Install MIM (optional)

Connect the Ethernet

interface

Verify the installation

Connect the power cord

/power up the device

Troubleshooting

Power down the

device

End

Figure 3-1 Installation procedure

3-1

Installation Manual H3C SecPath F1000-A Firewall Chapter 3

Caution:

Before you install your device, make sure that:

You have read

Chapter 2 “Preparation for Installation” carefully.

The requirements in Chapter 2 are satisfied.

3.2 Mounting the Device

You can install your device on a workbench/tabletop or in a rack.

3.2.1 Tabletop/Workbench-Mounting the Device

If a 19-inch standard rack is unavailable, you can place the firewall on a clean

workbench/tabletop. To prevent any damage, observe the following:

z Ensure the table is stable and well earthed.

z Reserve the clearance of 10 cm (3.9 in.) around the device for adequate

ventilation.

z Do not place any heavy stuff on the device.

Hardware Installation

3.2.2 Rack-Mounting the Device

The firewall can be placed in a 19-inch standard rack. The following table shows its

dimensions:

Table 3-1 Dimensions of the firewall

Model

H3C SecPath F1000-A

Follow these steps to install the H3C SecPath F1000-A firewall:

Step 1: Check that the rack is stable enough and properly earthed. Attach the mounting

ears to the front or rear of the chassis with screws.

Step 2: Place the device on a shelf in the rack and slide it to a proper position along the

guide rails, reserving a suitable clearance between the device and the guide rails.

Step 3: Fix the brackets to the rack posts with suitable antirust pan-head screws,

making sure that the device is securely fixed.

Dimensions (H × W × D)

44 × 436 × 430 mm (1.7 × 17.2 × 16.9 in.), excluding the rubber feet

3-2

Installation Manual H3C SecPath F1000-A Firewall Chapter 3

(1) Pan-head screws (4) (2) Mounting ear (3) Guide rail

Figure 3-2 Install the H3C SecPath F1000-A firewall in a rack

3.3 Installing an MIM

For details about installing MIMs, see Chapter 8 “Multifunctional Interface Modules”.

Hardware Installation

3.4 Connecting the Grounding Wires

Caution:

When installing or using your device, properly connect the grounding wire for lightning

protection and anti-interference.

The H3C SecPath Series Firewall provides a grounding screw, which must be

connected to the earth ground properly to safely channel the faradic current and

leakage electricity to the ground and have the device less susceptible to

electromagnetic interference (EMI).

On the rear panel of the firewall, the grounding screw resides at the bottom right with a

grounding mark, as shown in

Figure 3-3.

3-3

+ 56 hidden pages