H3C F1000-S INSTALLATION GUIDE

H3C SecPath F1000-S Firewall

Installation Manual

Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com

Manual Version: T2-08044J-20070622-C-1.03

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.

Trademarks

H3C, , Aolynk, , H3Care, Neocean, NeoVTL, SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd.

All other trademarks that may be mentioned in this manual are the property of their respective owners.

Notice

The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the content s, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.

To obtain the latest information, please access: http://www. h3c.com

Technical Support

customer_service@h3c.com http://www. h3c.com

, TOP G, , IRF, NetPilot,

G, VnG, PSPT, XGbus, N-Bus, TiGem, InnoVision and

About This Manual

I. Command conventions

7 Troubleshooting

8.Multifunctional.Interface Modules

Convention Description

Boldface

italic

[ ]

The keywords of a command line are in Boldface. Command arguments are in italic. Items (keywords or arguments) in square brackets [ ] are

optional.

Lists common system failures and specific locating methods.

Details appearance, panel and LEDs of the functional modules available on the SecPath F1000-S, as well as module installation and connection of interface cables.

{ x | y | ... }

[ x | y | ... ]

{ x | y | ... } *

[ x | y | ... ] *

&<1-n>

# A line starting with the # sign is comments.

Alternative items are grouped in braces and separated by vertical bars. One is selected.

Optional alternative items are grouped in square brackets and separated by vertical bars. One or none is selected.

Alternative items are grouped in braces and separated by vertical bars. A minimum of one or a maximum of all can be selected.

Optional alternative items are grouped in square brackets and separated by vertical bars. Many or none can be selected.

The argument(s) before the ampersand (&) sign can be entered 1 to n times.

II. GUI conventions

Convention Description

< >

[ ]

Button names are inside angle brackets. For example, click <OK>.

Window names, menu items, data table and field names are inside square brackets. For example, pop up the [New User] window.

Multi-level menus are separated by forward slashes. For example, [File/Create/Folder].

III. Symbols

Convention Description

Means reader be extremely careful. Improper operation

Warning

Caution

 Note Means a complementary description.

may cause bodily injury. Means reader be careful. Improper operation may cause

data loss or damage to equipment.

Environmental Protection

This product has been designed to comply with the requirements on environmental protection. For the proper storage, use and disposal of this product, national laws and regulations must be observed.

Installation Manual H3C SecPath F1000-S Firewall Table of Contents

Table of Contents

Chapter 1 Product Overview........................................................................................................1-1

1.1 Brief Introduction................................................................................................................ 1-1

1.2 Hardware Features ............................................................................................................ 1-2

1.2.1 Appearance............................................................................................................. 1-2

1.2.2 System Description ................................................................................................. 1-2

1.2.3 LEDs........................................................................................................................ 1-3

1.2.4 Attributes of the Fixed Interfaces ............................................................................ 1-4

1.2.5 MIMs........................................................................................................................ 1-6

Chapter 2 Preparation for Installation......................................................................................... 2-1

2.1 Site Requirements ............................................................................................................. 2-1

2.1.1 Temperature/Humidity............................................................................................. 2-1

2.1.2 Cleanliness.............................................................................................................. 2-1

2.1.3 ESD Prevention....................................................................................................... 2-2

2.1.4 Electromagnetic Environment ................................................................................. 2-2

2.1.5 Lightning Protection ................................................................................................ 2-3

2.1.6 Mounting Rack ........................................................................................................ 2-3

2.2 Safety Precautions............................................................................................................. 2-3

2.3 Unpacking and Inspection ................................................................................................. 2-4

2.4 Tools, Meters, and Devices ............................................................................................... 2-4

Chapter 3 Hardware Installation .................................................................................................. 3-1

3.1 Installation Procedure ........................................................................................................ 3-1

3.2 Mounting the Device .......................................................................................................... 3-2

3.2.1 Freestanding the Device ......................................................................................... 3-2

3.2.2 Rack-Mounting the Device...................................................................................... 3-2

3.3 Installing an MIM................................................................................................................ 3-3

3.4 Connecting the Grounding Wires....................................................................................... 3-3

3.5 Connecting to the Console Terminal ................................................................................. 3-4

3.6 Connecting the Ethernet Interface..................................................................................... 3-5

3.7 Connecting a PSU ............................................................................................................. 3-8

3.8 Verifying Installation........................................................................................................... 3-9

Chapter 4 Booting and Configuration.........................................................................................4-1

4.1 Booting............................................................................................................................... 4-1

4.1.1 Setting up a Configuration Environment ................................................................. 4-1

4.1.2 Powering up the Firewall......................................................................................... 4-4

4.1.3 Booting Process ...................................................................................................... 4-5

4.2 Configuration Fundamentals.............................................................................................. 4-6

4.2.1 Basic Configuration Procedure ............................................................................... 4-6

Installation Manual H3C SecPath F1000-S Firewall Table of Contents

4.2.2 Command Line Interface......................................................................................... 4-7

Chapter 5 Software Maintenance................................................................................................. 5-1

5.1 Introduction ........................................................................................................................ 5-1

5.1.1 Boot Menu ............................................................................................................... 5-1

5.1.2 Upgrading the Application and Boot ROM Programs Using XModem.................... 5-2

5.1.3 Backing up and Restoring the Extended Segment of the Boot ROM program....... 5-5

5.1.4 Upgrading an Application Program Using TFTP..................................................... 5-6

5.1.5 Uploading/Downloading a Program/File Using FTP ............................................... 5-8

5.1.6 Modifying Boot ROM Password ............................................................................ 5-12

5.1.7 Resetting a Lost Password ................................................................................... 5-13

Chapter 6 Hardware Maintenance................................................................................................6-1

6.1 Preparing Tools.................................................................................................................. 6-1

6.2 Opening the Chassis Cover............................................................................................... 6-1

6.3 Replacing a DDR SDRAM ................................................................................................. 6-2

6.3.1 Locating the DDR SDRAMs on the Mainboard....................................................... 6-4

6.3.2 Removing a DDR SDRAM ...................................................................................... 6-5

6.3.3 Installing a DDR SDRAM ........................................................................................ 6-6

6.4 Closing the Chassis Cover ................................................................................................ 6-6

6.5 Replacing an MIM.............................................................................................................. 6-7

Chapter 7 Troubleshooting .......................................................................................................... 7-1

7.1 Troubleshooting the Power System................................................................................... 7-1

7.2 Troubleshooting the Configuration System ....................................................................... 7-1

7.3 Troubleshooting the Software Upgrade............................................................................. 7-2

Chapter 8 Multifunctional Interface Modules ............................................................................. 8-1

8.1 MIM Options....................................................................................................................... 8-1

8.2 Installing and Removing an MIM ....................................................................................... 8-1

8.3 Troubleshooting an MIM .................................................................................................... 8-3

8.4 1FE/2FE/4FE Module ........................................................................................................ 8-3

8.4.1 Introduction.............................................................................................................. 8-3

8.4.2 Appearance............................................................................................................. 8-3

8.4.3 Interface Attributes .................................................................................................. 8-5

8.4.4 Panel and Interface LEDs ....................................................................................... 8-5

8.4.5 Interface Cable........................................................................................................ 8-6

8.4.6 Connecting the Interface Cable............................................................................... 8-8

8.5 1GBE/2GBE Module.......................................................................................................... 8-9

8.5.1 Introduction.............................................................................................................. 8-9

8.5.2 Appearance............................................................................................................. 8-9

8.5.3 Interface Attributes .................................................................................................. 8-9

8.5.4 Panel and Interface LEDs ..................................................................................... 8-10

8.5.5 Interface Cable...................................................................................................... 8-10

8.5.6 Connecting the Interface Cable............................................................................. 8-11

Installation Manual H3C SecPath F1000-S Firewall Table of Contents

8.6 1GEF/2GEF Module ........................................................................................................ 8-12

8.6.1 Introduction............................................................................................................ 8-12

8.6.2 Appearance........................................................................................................... 8-12

8.6.3 Interface Attributes ................................................................................................ 8-13

8.6.4 Panel and Interface LEDs ..................................................................................... 8-13

8.6.5 Interface Fiber Cable............................................................................................. 8-14

8.6.6 Connecting the Interface Fiber Cable ................................................................... 8-15

8.7 SSL Module ..................................................................................................................... 8-15

8.7.1 Introduction............................................................................................................ 8-15

8.7.2 Appearance........................................................................................................... 8-15

8.7.3 Module Attributes .................................................................................................. 8-16

8.7.4 Panel and Module LEDs ....................................................................................... 8-16

8.7.5 Troubleshooting SSL Module................................................................................ 8-17

iii

Installation Manual H3C SecPath F1000-S Firewall List of Figures

List of Figures

Figure 1-1 Front panel of the H3C SecPath F1000-S firewall ............................................... 1-2

Figure 1-2 Rear panel of the H3C SecPath F1000-S firewall................................................ 1-2

Figure 3-1 Installation procedure ........................................................................................... 3-1

Figure 3-2 Install the firewall in a rack ...................................................................................3-3

Figure 3-3 Grounding screw on the firewall ........................................................................... 3-4

Figure 3-4 Console cable assembly....................................................................................... 3-5

Figure 3-5 Ethernet cable assembly ...................................................................................... 3-6

Figure 3-6 Power socket on a dual AC power supply firewall................................................ 3-8

Figure 4-1 Local configuration through the console port ....................................................... 4-1

Figure 4-2 Create a new connection...................................................................................... 4-2

Figure 4-3 Select serial interface ........................................................................................... 4-2

Figure 4-4 Set port parameters.............................................................................................. 4-3

Figure 4-5 Select emulation type ........................................................................................... 4-4

Figure 5-1 Send File dialog box ............................................................................................. 5-3

Figure 5-2 Sending File interface........................................................................................... 5-4

Figure 5-3 Set up an environment for local uploading/downloading...................................... 5-8

Figure 5-4 Set up an environment for remote uploading/downloading.................................. 5-9

Figure 6-1 Open the chassis.................................................................................................. 6-2

Figure 6-2 DDR SDRAM maintenance flow........................................................................... 6-3

Figure 6-3 Position of the DDR SDRAMs, Flash, and Boot ROM on the mainboard ............ 6-5

Figure 6-4 Remove a DDR SDRAM ......................................................................................6-5

Figure 6-5 Close the chassis cover........................................................................................6-7

Figure 8-1 Install the MIM I .................................................................................................... 8-2

Figure 8-2 Install the MIM II ................................................................................................... 8-2

Figure 8-3 1FE module ..........................................................................................................8-4

Figure 8-4 2FE module ..........................................................................................................8-4

Figure 8-5 4FE module ..........................................................................................................8-4

Figure 8-6 1FE module panel ................................................................................................8-5

Figure 8-7 2FE module panel ................................................................................................8-5

Figure 8-8 4FE module panel ................................................................................................8-5

Installation Manual H3C SecPath F1000-S Firewall List of Figures

Figure 8-9 Ethernet cable ......................................................................................................8-6

Figure 8-10 Category-5 twisted-pair cable............................................................................. 8-7

Figure 8-11 1GBE module ..................................................................................................... 8-9

Figure 8-12 2GBE module .....................................................................................................8-9

Figure 8-13 1GBE module panel .........................................................................................8-10

Figure 8-14 2GBE module panel .........................................................................................8-10

Figure 8-15 Ethernet cable .................................................................................................. 8-11

Figure 8-16 Category-5 twisted-pair cable........................................................................... 8-11

Figure 8-17 1GEF module ................................................................................................... 8-12

Figure 8-18 2GEF module ................................................................................................... 8-12

Figure 8-19 1GEF module panel.......................................................................................... 8-14

Figure 8-20 2GEF module panel.......................................................................................... 8-14

Figure 8-21 SSL module ...................................................................................................... 8-16

Figure 8-22 SSL module panel ............................................................................................ 8-16

Installation Manual H3C SecPath F1000-S Firewall List of Tables

List of Tables

Table 1-1 Technical specifications of the H3C SecPath F1000-S firewall.............................. 1-2

Table 1-2 LEDs on the front panel of the H3C SecPath F1000-S firewall .............................1-3

Table 1-3 Attributes of the console port.................................................................................. 1-4

Table 1-4 Attributes of the AUX port ....................................................................................... 1-4

Table 1-5 Attributes of the GE electrical interfaces ................................................................ 1-5

Table 1-6 Attributes of the GE optical interfaces .................................................................... 1-5

Table 2-1 Temperature/humidity requirements in the equipment room.................................. 2-1

Table 2-2 Dust limit in the equipment room............................................................................ 2-2

Table 2-3 Limit of harmful gases in the equipment room ....................................................... 2-2

Table 3-1 Dimensions of the H3C SecPath F1000-S firewall................................................. 3-2

Table 6-1 Memory specifications............................................................................................ 6-4

Table 8-1 Interface attributes of the 1FE, 2FE and 4FE modules .......................................... 8-5

Table 8-2 LEDs on the 1FE/2FE module................................................................................ 8-6

Table 8-3 Straight-through cable pinout ................................................................................. 8-7

Table 8-4 Crossover cable pinout........................................................................................... 8-7

Table 8-5 Interface attributes of the 1GBE/2GBE module .....................................................8-9

Table 8-6 LEDs on the 1GBE/2GBE module........................................................................ 8-10

Table 8-7 Interface attributes of the 1GEF/2GEF module.................................................... 8-13

Table 8-8 LEDs on the 1GEF/2GEF module ........................................................................ 8-14

Table 8-9 SSL module attributes .......................................................................................... 8-16

Table 8-10 LEDs on the SSL module ................................................................................... 8-16

Installation Manual H3C SecPath F1000-S Firewall Chapter 1

Chapter 1 Product Overview

1.1 Brief Introduction

H3C SecPath F1000-S Firewall is a new-generation firewall intended for enterprise

users. It can act as the egress firewall for small and medium businesses and internal

firewall for large and medium enterprises.

H3C SecPath F1000-S Firewall provides four fixed 10/100/1000 Mbps auto-sensing

interfaces (with two electrical interfaces and two applicable to both optical and electrical

modes). It provides two multifunctional interface module (MIM) expansion slots, which

currently can accommodate 1FE/2FE/4FE/1GBE/2GBE/1GEF/2GEF/SSL module. It

adopts power redundancy solutions (AC+AC), provides inside-chassis temperature

detection, and supports network management and Web configuration to meet the

carrier-class reliability requirements.

Product Overview

It supports multiple attack prevention approaches, TCP proxy, internal network security,

traffic policing, URL filtering, Web page filtering, and email filtering, to effectively

safeguard your network.

It adopts the application specific packet filtering (ASPF) technology to monitor

connection process and malicious commands and works together with access control

lists (ACLs) to implement dynamic packet filtering.

It provides various intelligent analysis and management methods, supports email

alarming and multiple sorts of logs, and provides network management monitoring to

help network administrators perform network security management.

It supports authentication, authorization, accounting (AAA), network address

translation (NAT) , hybrid mode, and object oriented management to ensure security

and guaranteed services for the private networks constructed on the open Internet.

It supports multiple virtual private network (VPN) services, such as Layer 2 tunneling

protocol (L2TP) VPN, IP security (IPsec) VPN, generic routing encapsulation (GRE)

VPN, dynamic VPN, and multi-protocol label switching (MPLS) VPN, as well as

hardware encryption, and allows users to build various VPNs, like Internet, Intranet,

and remote access VPNs using customized remote-user access approaches, such as

ADSL dial-up, virtual LAN (VLAN), and tunneling.

It provides basic routing features, including routing information protocol (RIP), open

shortest path first (OSPF), border gateway protocol (BGP), routing policy and policy

routing, and also provides abundant QoS (quality of service) features, such as traffic

policing, traffic shaping and queue scheduling.

It supports deeper application recognition (DAR) to recognize and classify packets

more deeply, enhancing the control over data flows.

1-1

Installation Manual H3C SecPath F1000-S Firewall Chapter 1

It supports active/standby switchover to protect current services against interruption,

eliminating the defects of traditional networking solution, for example, VRRP

networking solution.

You can upgrade the application and Boot ROM programs on line to add features and

extend functions.

It supports the branch intelligent management system (BIMS) feature to automatically

upgrade the configuration file and application programs, and the VPN manager

function to configure and deploy VPNs.

It supports the SNMP v3 protocol to offer powerful device management functions. With

the national and international standards dominant in China, North America, Europe,

Australia and Japan taken into consideration in its design, the firewall complies with the

requirements of these countries and regions in electromagnetic compatibility (EMC),

safety, and network access.

1.2 Hardware Features

Product Overview

1.2.1 Appearance

Figure 1-1 Front panel of the H3C SecPath F1000-S firewall

Figure 1-2 Rear panel of the H3C SecPath F1000-S firewall

1.2.2 System Description

Table 1-1 Technical specifications of the H3C SecPath F1000-S firewall

Item Description

MIM slot Two

Two 10/100/1000 Mbps Ethernet interfaces (applicable to both optical and electrical modes)

Fixed interface

Boot ROM 512 KB

Two 10/100/1000 Mbps Ethernet electrical interfaces

One auxiliary port (AUX)

One console port (CON)

1-2

Installation Manual H3C SecPath F1000-S Firewall Chapter 1

Item Description

Product Overview

DDR SDRAM

Flash memory

Physical dimensions (H × W × D)

Input power

AC+AC

Max power consumption

Operating temperature

Operating humidity (noncondensing)

 Note:

Default: 512 MB

Max: 1 GB

Default: 16 MB

Max: 32 MB

44 × 436 × 430 mm (1.7 × 17.2 × 16.9 in.), excluding the rubber feet

Rated voltage range: 100 VAC to 240 VAC, 50 Hz or 60 Hz

Max voltage range: 90 VAC to 264 VAC, 50 Hz or 60 Hz

Rated current: 1.5 A

100 W

0°C to 40°C (32°F to 104°F

)

10% to 90%

Synchronous dynamic random access memory (DSRAM) stores the communication

data with the CPU and running system.

Flash memory stores application files, exceptional information and configuration files.

Boot read only memory (Boot ROM) stores the bootstrap program files.

1.2.3 LEDs

Table 1-2 describes the LEDs on the front panel of the H3C SecPath F1000-S firewall

and describes how to read their state.

Table 1-2 LEDs on the front panel of the H3C SecPath F1000-S firewall

LED Description

Power supply unit (PSU) LED:

PWR0

OFF means the PWR0 is not supplying power to the device; ON means the PWR0 is supplying power to the device.

PSU LED:

PWR1

OFF means the PWR1 is not supplying power to the device; ON means the PWR1 is supplying power to the device.

1-3

Installation Manual H3C SecPath F1000-S Firewall Chapter 1

LED Description

System operating state LED:

SYS

ON means the system is operating normally; OFF means the system is operating abnormally.

Software running LED:

ACT

Blinking means the software is operating normally; OFF means the software is faulty.

Product Overview

LINK

GE interface LED:

ON means a link is present; OFF means no link is present.

GE interface LED:

ACTIVE

Blinking means packets are being transmitted/received on the interface; OFF means no packets are being transmitted/received on the interface.

1.2.4 Attributes of the Fixed Interfaces

I. Console port (CON)

Table 1-3 Attributes of the console port

Attribute Description

Connector RJ-45

Standard RS-232

Baud rate 1200 bps to 115200 bps, defaults to 9600 bps

Connected to an ASCII terminal

Services

Connected to the serial interface of a local PC running terminal emulation software

Command line interface (CLI)

II. Auxiliary port (AUX)

Table 1-4 Attributes of the AUX port

Attribute Description

Connector RJ-45

Standard RS-232

Baud rate 1200 bps to 115200 bps

Services

Modem dial-up

Backup

1-4

Installation Manual H3C SecPath F1000-S Firewall Chapter 1

III. Gigabit Ethernet (GE) Interface

The H3C SecPath F1000-S firewall provides four fixed 10/100/1000 Mbps

auto-sensing interfaces (with two electrical interfaces and two applicable to both optical

and electrical modes). The electrical interface uses the RJ-45 connector and the optical

interface uses the small form-factor pluggable (SFP) connector.

Five 1000Base-FX SFP optical transceiver options are available for the H3C SecPath

F1000-S firewall:

z Multimode short-haul (850 nm)

z Single mode medium-haul (1310 nm)

z Single mode long-haul (1310 nm)

z Single mode long-haul (1550 nm)

z Single mode ultra-long haul (1550 nm)

They all provide LC interfaces and are hot swappable.

Table 1-5 shows the Ethernet interface attributes of the H3C SecPath F1000-S firewall.

Table 1-5 Attributes of the GE electrical interfaces

Product Overview

Attribute Description

Connector RJ-45

Interface type auto-MDI/MDIX

Frame format

Ethernet_II

Ethernet_SNAP

10/100/1000 Mbps auto-sensing

Operating mode

Full/half duplex

(1000 Mbps and half duplex cannot be used at the same time)

Table 1-6 Attributes of the GE optical interfaces

Description

Attribute

Multimo

short-ha

ul (850

nm)

Single

mode

medium-ha

ul (1310

nm)

Long-haul

(1310 nm)

Connector SFP/LC

Long-haul

(1550 nm)

Ultra-long

haul (1550

nm)

Optical fiber

62.5/125 μm

multimod e fiber

9/125 μm

single mode fiber

1-5

9/125 μm

single mode fiber

9/125 μm

single mode fiber

9/125 μm

single mode fiber

Installation Manual H3C SecPath F1000-S Firewall Chapter 1

Description

Product Overview

Attribute

Max transmission distance

Central wavelength

Min –9.5 dBm –9 dBm –2 dBm –4 dBm –4 dBm Transmi tter optical power

Max 0 dBm –3 dBm 5 dBm 1 dBm 2 dBm

Receiver sensitivity

Operating mode

Frame format

Multimo

short-ha

ul (850

nm)

0.55 km (0.34 mi)

Single

mode

medium-ha

ul (1310

nm)

10 km (6.21 mi)

Long-haul

(1310 nm)

40 km (24.86 mi)

Long-haul

(1550 nm)

40 km (24.86 mi)

Ultra-long

haul (1550

nm)

70 km (43.5 mi)

850 nm 1310 nm 1310 nm 1550 nm 1550 nm

–17 dBm –20 dBm –23 dBm –21 dBm –22 dBm

1000 Mbps

Full duplex

Ethernet_II

Ethernet_SNAP

 Note:

z When using optical transceivers, select those that have been approved by our

z Before performing switchover between electrical/optical interfaces, you need to first

1.2.5 MIMs

The H3C SecPath F1000-S firewall provides two MIM (multifunctional interface module)

expansion slots, which can hold these types of MIMs:

z 1-port 10Base-T/100Base-TX fast Ethernet interface module (1FE)

z 2-port 10Base-T/100Base-TX fast Ethernet interface module (2FE)

z 4-port 10Base-T/100Base-TX fast Ethernet interface module (4FE)

z 1-port 10Base-T/100Base-TX/1000Base-T Ethernet interface module (1GBE)

z 2-port 10Base-T/100Base-TX/1000Base-T Ethernet interface module (2GBE)

z 1-port 1000Base-LX/1000Base-SX optical interface module (1GEF)

z 2-port 1000Base-LX/1000Base-SX optical interface module (2GEF)

company.

disable the rate and duplex mode configurations in the current mode (electrical or

optical), and then configure the interface after the switchover.

1-6

Installation Manual H3C SecPath F1000-S Firewall Chapter 1

z Security socket layer encryption module (SSL)

Product Overview

For more information on the MIMs, see

Chapter 8 “Multifunctional Interface Modules”.

1-7

Installation Manual H3C SecPath F1000-S Firewall Chapter 2

Chapter 2 Preparation for Installation

2.1 Site Requirements

The H3C SecPath Series Firewalls must be used indoors. To guarantee the normal

operation and long service life of your firewall, install it in an environment that can meet

the requirements in the following sections.

2.1.1 Temperature/Humidity

The equipment room must maintain adequate temperature and humidity. Long-lasting

high humidity is prone to cause bad insulation and even electricity creepage.

Sometimes the mechanical performance changes of materials, the rustiness and

corrosion of some metal parts are also likely to occur. If the relative humidity is too low,

the captive screws can become loose due to insulation washer contraction. Meanwhile,

the static is likely produced in the dry environments, jeopardizing the CMOS circuit of

the product. The higher the temperature is, the greater the damage to your device.

Long-lasting high temperature can speed up the aging of the insulation materials,

greatly lower the device reliability, and hence significantly shorten its service life.

Preparation for Installation

Table 2-1 lists the temperature and humidity requirements.

Table 2-1 Temperature/humidity requirements in the equipment room

0°C to 40°C (32°F to 104°F)

2.1.2 Cleanliness

Dust is a hazard to the operating safety of your device. The dust accumulated on the

chassis can cause electrostatic adsorption, one of the sources that cause the poor

contact of connectors or metal contact points. This not only shortens the service life of

your device but also causes communications failures. When the indoor relative

humidity is low, electrostatic adsorption is more likely to happen.

The equipment room must be free of explosion hazards and the electric and magnetic

conductible dust as well. The contents of the dust must be limited to the values shown

Table 2-2.

Temperature Relative humidity

10% to 90% (noncondensing)

2-1

Installation Manual H3C SecPath F1000-S Firewall Chapter 2

Table 2-2 Dust limit in the equipment room

Substance Unit Content

≤ 3 X 10

Dust Particles/m³

(No visible dust on the table top for three days)

Note: Diameter of a dust particle ≥ 5μm

Besides the dust, there are rigorous limits on the harmful gases that can accelerate the

erosion and aging of metals, such as salts, acids, and sulfides, as shown in

Table 2-3 Limit of harmful gases in the equipment room

Gas Maximum (mg/m3)

Preparation for Installation

Table 2-3.

H2S 0.006

2.1.3 ESD Prevention

Although the H3C SecPath Series Firewall is designed to be electrostatic discharge

(ESD) preventive, the card circuits and even the device can be badly damaged when

excessive static electricity is present.

On the communication network connected to your device, the static electricity mainly

comes from the outside electric fields, such as outdoor high-voltage power cables and

lightning, and from the indoor environments, floor materials and the internal system

such as the equipment frame. To prevent damage, observe the following:

z Connect your device to the earth ground properly.

z Keep the equipment room as clean as possible.

z Maintain adequate temperature and humidity.

z Wear an ESD-preventive wrist strap and clothes when handling the circuit board.

z Place the removed circuit board upward on the ESD-preventive workbench, or into

a static shielding bag.

z Hold the circuit board by its edge when observing or moving it, avoiding direct

contact with the elements on it.

0.2

0.05

0.01

2.1.4 Electromagnetic Environment

All interference sources, wherever they are from, impact the firewall negatively in the

conducted emission patterns of capacitance coupling, inductance coupling,

2-2

Installation Manual H3C SecPath F1000-S Firewall Chapter 2

electromagnetic wave radiation, and common impedance (including the grounding

system) coupling. To resist the interference, make sure to

z Take effective measures against the interference caused by the power supply grid.

z Use a grounding system or lightning protection grounding different from that for

the power supply equipment and keep them as far as possible.

z Keep the device far from strong the power radio launchers, radar launchers, and

high frequency and high-current equipment.

z Use electromagnetic shielding when necessary.

2.1.5 Lightning Protection

Although the H3C SecPath Series Firewall is designed to be lightning resistant, your

device can get damaged when excessive lightning is present. To protect your device

against lightning,

z Ensure the chassis is connected to the earth ground.

z Ensure the ground point of the power socket is well connected to the earth ground.

z Add a lightning arrester onto the front end of the power input to better protect the

power supply from lightning strikes.

Preparation for Installation

2.1.6 Mounting Rack

When installing the device in a rack, make sure that

z There is adequate clearance between the air inlet/exhaust vents and the rack for

ventilation.

z The rack has a good ventilation system.

z The rack is firm enough to support the device and its accessories.

z The rack is well grounded.

2.2 Safety Precautions

Be sure that you observe all safety precautions when you install your firewall and pay

adequate attention to the following icons:

Warning appears in operation procedures that, if performed incorrectly, might

cause bodily injury to the operators or damage the device.

Caution means care should be taken in these operations during installation and

use. Improper operations may result in abnormal running of the device.

Follow these safety precautions when installing or using your firewall:

z Keep the device far from the moisture and heat sources.

z Make sure that the device is well grounded.

2-3

Installation Manual H3C SecPath F1000-S Firewall Chapter 2

z Always wear an ESD-preventive wrist strap when installing and maintaining the

firewall, making sure the strap has good skin-contact.

z Do not hot-swap the console cable and auxiliary cable.

z Do not look directly into the fiber Tx port or the optical connector connected to it.

z You are recommended to use Uninterrupted Power Supply (UPS) for the firewall.

2.3 Unpacking and Inspection

Check the arrived shipment against the packing list, making sure all the items are

included and in good condition. Contact your agent for shortage or wrong delivery.

2.4 Tools, Meters, and Devices

I. Tools

z Phillips screwdriver

z Flat-blade screwdriver

z ESD-preventive wrist strap

z Static shielding bag

Preparation for Installation

II. Cables

z Grounding wire and power cord

z Console cable

z Optional cables

III. Meters and devices

z HUB or LAN switch

z Console terminal (or PC)

z Optional interface module-related device

z Multimeter

 Note:

The installation tools, meters and devices are not shipped with the firewall.

2-4

Installation Manual H3C SecPath F1000-S Firewall Chapter 3

Chapter 3 Hardware Installation

3.1 Installation Procedure

Start

Install the cabinet (optional)

Install the device at the

specified place

Connect the grounding wires

Connect the power cord

Hardware Installation

Connect the consol e

terminal to device

Verify the installation

Power up the device

Normal?

YES

Power down the device and

remove the power cord

Install MIM ( optional)

Connect the Ethernet

interface

Verify the installation

Connect the power cord

/power up the device

Troubleshooting

Power down the

device

End

Figure 3-1 Installation procedure

3-1

Installation Manual H3C SecPath F1000-S Firewall Chapter 3

Caution:

Before you install your device, make sure that:

z You have read Chapter 2 “Preparation for Installation” carefully.

z The requirements in Chapter 2 are satisfied.

3.2 Mounting the Device

You can install your device on a workbench/tabletop or in a rack.

3.2.1 Freestanding the Device

If a standard 19-inch rack is unavailable, you can place the firewall on a clean

workbench/tabletop. To prevent any damage, observe the following:

z Ensure the table is stable and well grounded.

z Reserve the clearance of 10 cm (3.9 in.) around the device for adequate

ventilation.

z Do not place any heavy stuff on the device.

Hardware Installation

3.2.2 Rack-Mounting the Device

The H3C SecPath Series Firewall can be placed in a standard 19-inch rack. Table 3-1

shows its dimensions.

Table 3-1 Dimensions of the H3C SecPath F1000-S firewall

Model

H3C SecPath F1000-S firewall

Follow these steps to install the H3C SecPath F1000-S firewall:

Step 1: Check that the rack is stable enough and properly grounded. Attach the

mounting ears to the front or rear of the chassis with screws.

Step 2: Place the device on a shelf in the rack and slide it to a proper position along the

guide rails, reserving a suitable clearance between the device and the guide rails.

Step 3: Fix the brackets to the rack posts with suitable antirust pan-head screws,

making sure that the device is securely fixed.

Dimensions (H × W × D)

44 × 436 × 430 mm (1.7 × 17.2 × 16.9 in.), excluding the rubber feet

3-2

+ 54 hidden pages