How it Works
H3C
Loading...
SecPath F100-C
Installation Manual
72 pgs763.71 Kb0

H3C SecPath F100-C Installation Manual

Download
Page 1
H3C SecPath F100-C Firewall
Installation Manual
Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com
Manual Version: T2-08044D-20070430-C-1.02
Page 2
Copyright © 2006-2007, Hangzhou H3C Technologies Co., Ltd. and its licensors
All Rights Reserved
No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.
Trademarks
H3C, , Aolynk, , H3Care,
, TOP G, , IRF, NetPilot, Neocean, NeoVTL, SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V
2
G, VnG, PSPT, XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd.
All other trademarks that may be mentioned in this manual are the property of their respective owners.
Notice
The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute the warranty of any kind, express or implied.
To obtain the latest information, please access: http://www.h3c.com
Technical Support
customer_service@h3c.com http://www.h3c.com
Page 3
About This Manual
Related Documentation
In addition to this manual, each H3C SecPath Series Security
Products documentation set includes the following:
Manual Content
H3C SecPath Series Security Products Operation Manual
It introduces the functional features, principles and guide to configuration and operation for H3C SecPath Series Security Gateways/Firewalls.
H3C SecPath Series Security Products Command Manual
It discusses all commands available in the configuration and operation on H3C SecPath Series Security Gateways/Firewalls. The details include command name, complete command form, parameter, operation view, usage description and configuration example.
H3C SecPath Series Security Products Web-Based Configuration Manual
It directs users to configure the H3C SecPath Series Firewalls in Web mode.
Page 4
Organization
H3C SecPath F100-C Firewall Installation Manual is organized
as follows:
Chapter Contents
1 Product Overview
Profiles the system characteristics and applications. Product appearance and system description are also available in this chapter.
2 Preparing for Installation
Focuses on environment requirements for system installation, precautions before and during the installation. Installation tools are also listed in this chapter.
3 Installing the H3C SecPath F100-C
Elaborates on mechanical installation, physical connection of power cords, console cables and Ethernet cables.
4 Starting and Configuring the H3C SecPath F100-C
Presents fundamentals on system booting and configuration.
5 Maintaining the H3C SecPath F100-C
Discusses system soft ware maintenance, including software upgrade and configuration file loading.
6 Troubleshooting
Lists common system failures and specific locating methods.
Page 5
Conventions
The manual uses the following conventions:
I.
Command conventions
Convention Description
Boldface
The keywords of a command line are in Boldface.
italic
Command arguments are in italic.
[ ]
Items (keywords or arguments) in square brackets [ ] are optional.
{ x | y | ... }
Alternative items are grouped in braces and separated by vertical bars. One is selected.
[ x | y | ... ]
Optional alternative items are grouped in square brackets and separated by vertical bars. One or none is selected.
{ x | y | ... } *
Alternative items are grouped in braces and separated by vertical bars. A minimum of one or a maximum of all can be selected.
[ x | y | ... ] *
Optional alternative items are grouped in square brackets and separated by vertical bars. Many or none can be selected.
&<1-n>
The argument(s) before the ampersand (&) sign can be entered 1 to n times.
# A line starting with the # sign is comments.
Page 6
II. GUI conventions
Convention Description
< >
Button names are inside angle brackets. For example, click <OK>.
[ ]
Window names, menu items, data table and field names are inside square brackets. For example, pop up the [New User] window.
/
Multi-level menus are separated by forward slashes. For example, [File/Create/Folder].
III.
Symbols
Convention Description
Warning
Means reader be extremely careful. Improper operation may cause bodily injury.
Caution
Means reader be careful. Improper operation may cause data loss or damage to equipment.
Note Means a complementary description.
Environmental Protection
This product has been designed to com ply with the requirement s on environmental protection. For the proper storage, use and di sposal of this product, national laws and regulations must be observed.
Page 7
Installation Manual H3C SecPath F100-C Firewall
Table of Contents
i
Table of Contents
Chapter 1 Product Overview ........................................................1-1
1.1 Introduction ........................................................................1-1
1.2 Hardware Features ............................................................1-2
1.2.1 Hardware Features of the H3C SecPath F100-C....1-2
Chapter 2 Preparing for Installation ............................................2-1
2.1 Site Requirements..............................................................2-1
2.1.1 Temperature/Humidity.............................................2-1
2.1.2 Cleanliness ..............................................................2-2
2.1.3 ESD Prevention.......................................................2-3
2.1.4 Electromagnetic Environment .................................2-3
2.1.5 Lightning Protection.................................................2-4
2.1.6 Checking the Installation Site ..................................2-4
2.2 Safety Precautions .............................................................2-5
2.3 Tools, Meters, and Devices ...............................................2-6
Chapter 3 Installing the H3C SecPath F100-C ............................3-1
3.1 Installation Procedure ........................................................3-1
3.2 Installing the H3C SecPath F100-C...................................3-2
3.2.1 Placing the H3C SecPath F100-C on a Table.........3-2
3.2.2 Mounting the H3C SecPath F100-C on a Vertical
Surface .............................................................................
3-2
3.3 Connecting PGND Wire .....................................................3-4
3.4 Connecting the Power Cord...............................................3-5
3.5 Connecting the H3C SecPath F100-C to a Console
Terminal ..................................................................................
3-7
Page 8
Installation Manual H3C SecPath F100-C Firewall
Table of Contents
ii
3.6 Connecting the H3C SecPath F100-C to LAN...................3-8
3.7 Connecting the H3C SecPath F100-C to WAN ...............3-10
3.8 Verifying Installation.........................................................3-10
Cha p te r 4 St a r ti n g a n d C o nf i gu r i ng t he H3 C Se c P at h F1 0 0 -C......4-1
4.1 Starting the H3C SecPath F100-C.....................................4-1
4.1.1 Setting Up a Configuration Environment.................4-1
4.1.2 Powering On the H3C SecPath F100-C..................4-5
4.1.3 Startup Process.......................................................4-6
4.2 Configuration Fundamentals..............................................4-8
4.2.1 Basic Configuration Procedure................................4-8
4.2.2 Command Line Interface .........................................4-9
Chapter 5 Maintaining the H3C SecPath F100-C........................5-1
5.1 Boot Menu..........................................................................5-1
5.2 Upgrading Application Programs and Boot ROM program
Using XModem.........................................................................
5-4
5.3 Backing up and Restoring the Extended Segment of the Boot
ROM Program ..........................................................................
5-9
5.4 Upgrading the Application Programs Using TFTP...........5-10
5.5 Uploading/Downloading Application Programs/Files Using
FTP.........................................................................................
5-13
5.5.1 Upgrading Application Programs Using FTP in Boot
ROM ...............................................................................
5-13
5.5.2 Upgrading Application Programs Using FTP in Host
Software .........................................................................
5-16
5.6 Modifying Boot ROM Password .......................................5-23
5.7 Resetting a Lost Password ..............................................5-25
Chapter 6 Troubleshooting...........................................................6-1
6.1 Troubleshooting the Power System ...................................6-1
Page 9
Installation Manual H3C SecPath F100-C Firewall
Table of Contents
iii
6.2 Troubleshooting the Console Terminal ..............................6-1
Page 10
Installation Manual H3C SecPath F100-C Firewall
List of Figures
iv
List of Figures
Figure 1-1 Front panel of the H3C SecPath F100-C...............1-2
Figure 1-2 Rear panel of the H3C SecPath F100-C ...............1-3
Figure 3-1 Installation procedure ............................................3-1
Figure 3-2 Bottom of the H3C SecPath F100-C chassis ........3-3
Figure 3-3 Wall-mounting the H3C SecPath F100-C..............3-4
Figure 3-4 AC-input PSU.........................................................3-5
Figure 3-5 Console cable assembly........................................3-7
Figure 3-6 Ethernet cable assembly .......................................3-9
Figure 4-1 Local configuration through the console port.........4-1
Figure 4-2 Create a new connection.......................................4-2
Figure 4-3 Select serial interface ............................................4-3
Figure 4-4 Set communication parameter...............................4-4
Figure 4-5 Select emulation type ............................................4-5
Figure 5-1 Send File dialog box ..............................................5-6
Figure 5-2 Sending file interface .............................................5-6
Figure 5-3 Set up a local upload/download environment using
FTP.................................................................................
5-17
Figure 5-4 Set up a remote upload/download environment using
FTP.................................................................................
5-18
Page 11
Installation Manual H3C SecPath F100-C Firewall
List of Tables
v
List of Tables
Table 1-1 Technical specifications of the H3C SecPath F100-C
..........................................................................................
1-3
Table 1-2 LEDs on the H3C SecPath F100-C .........................1-4
Table 1-3 Attributes of the console port ...................................1-5
Table 1-4 Attributes of the Ethernet interface ..........................1-6
Table 2-1 Temperature and humidity requirements in the
equipment room................................................................
2-2
Table 2-2 Limit to the content of dust in an equipment room ..2-2
Table 2-3 Limits of harmful gases in the equipment room.......2-2
Page 12
Installation Manual H3C SecPath F100-C Firewall
Chapter 1 Product Overvie
w
1-1
Chapter 1 Product Overview
1.1 Introduction
H3C SecPath F100-C Firewall (referred to as the H3C SecPath
F100-C) is designed for small office home office (SOHO) users.
H3C SecPath F100-C provides the standard-compliant uplink
Ethernet interface, and can interoperate with the products of other
vendors at every layer, which protects customer’s investment.
H3C SecPath F100-C provides four 10/100 Mbps autosensing
LAN FE interfaces and one 10 Mbps WAN Ethernet interface.
H3C SecPath F100-C employs application specific packet filter
(ASPF) to monitor connection process and malicious commands, and
works together with access control lists (ACLs) to implement dynamic
packet filtering.
H3C SecPath F100-C supports authentication, authorization,
accounting (AAA) and network address translation (NAT) to allow the
secure and reliable network built over the open Internet.
H3C SecPath F100-C provides multiple attack prevention means,
TCP proxy, inside network security, traffic policing, network address
filtering, webpage filtering, mail filtering, to improve network security.
H3C SecPath F100-C provides multiple intelligent analysis and
management means, as well as mail filtering, diverse logs, to help the
network administrator perform security management.
H3C SecPath F100-C supports multiple virtual private network
(VPN) services, such as Layer 2 tunneling protocol (L2TP) VPN, IP
Page 13
Installation Manual H3C SecPath F100-C Firewall
Chapter 1 Product Overvie
w
1-2
security (IPsec) VPN, generic routing encapsulation (GRE) VPN and
dynamic VPN, to access remote branch office into the headquarters.
H3C SecPath F100-C supports the branch intelligent
management system (BIMS) feature to automatically upgrade the
configuration file and application programs, and the VPN manager
function to configure and deploy VPNs.
H3C SecPath F100-C provides basic routing features, including
the routing information protocol (RIP), open shortest path first (OSPF),
routing policy, and policy routing, as well as abundant QoS features,
such as traffic policing, traffic shaping, and queue scheduling.
1.2 Hardware Features
1.2.1 Hardware Features of the H3C SecPath F100-C
I. Appearance
(1)
(2)
(3)
(4) (5)
(6)(7)
(1) Ethernet LED LAN3 (2) Ethernet LED LAN2 (3) Ethernet LED LAN1 (4) Ethernet LED LAN0 (5) WAN LED (6) System LED (SYS) (7) Power LED (PWR)
Figure 1-1 Front panel of the H3C SecPath F100-C
Page 14
Installation Manual H3C SecPath F100-C Firewall
Chapter 1 Product Overvie
w
1-3
(1)
(2) (3) (4) (5) (6) (7) (8) (9)
(1) Power switch (2) Power socket (3) Console port (CONSOLE) (4) Ethernet interface 0 (LAN0) (5) Ethernet interface 1 (LAN1) (6) Ethernet interface 2 (LAN2) (7) Ethernet interface 3 (LAN3) (8) Grounding screw (9) WAN interface (WAN)
Figure 1-2 Rear panel of the H3C SecPath F100-C
II. System specifications
Table 1-1 Technical specifications of the H3C SecPath F100-C
Item Description
Interface
One console port
One 10 Mbps Ethernet interface (WAN)
Four 10/100 Mbps Ethernet interface (LAN)
SDRAM 64 MB
Flash memory 8 MB
Max power consumption
10 W
Page 15
Installation Manual H3C SecPath F100-C Firewall
Chapter 1 Product Overvie
w
1-4
Item Description
Input
Rated voltage range: 100 VAC to 240 VAC, 50 Hz or 60 Hz
Max voltage range: 90 VAC to 264 VAC, 50 Hz or 60 Hz
Current: 0.5 A to 1 A
Power supply (external)
output
Voltage: 12 VDC
Current: 4 A
Physical dimensions (H x W x D)
45 × 300 × 180 mm (1.8 × 11.8 × 7.1 in), including bulge
Weight 1 kg (2.2 lb)
Operating temperature
0°C to 40°C (32°F to 104°F)
Relative humidity (noncondensing)
10% to 90%
III. LEDs
There are seven LEDs, which are described in
Table 1-2, on the
cover of the H3C SecPath F100-C firewall.
Table 1-2 LEDs on the H3C SecPath F100-C
LED Description
LAN0/LAN1/LAN2/LA N3/WAN
OFF: No link is present.
ON: A link is present.
Blinking: Data is being received or transmitted on the interface.
Page 16
Installation Manual H3C SecPath F100-C Firewall
Chapter 1 Product Overvie
w
1-5
LED Description
SYS
Blinking: The system is operating normally.
ON or OFF: The system is faulty.
PWR
OFF: No power is supplied.
ON: Power is being supplied.
IV. Interface attributes
The H3C SecPath F100-C firewall provides the console port, 10
Mbps interface and 10/100 Mbps Ethernet interfaces.
1) Console port
Table 1-3 Attributes of the console port
Item Description
Connector RJ-45
Interface standard Asynchronous RS232
Baud rate
1200 bps to 115200 bps, defaults to 9600 bps
Service
Connected to an ASCII terminal
Connected to the serial interface on a PC running the terminal emulation software
Command line interface (CLI)
Page 17
Installation Manual H3C SecPath F100-C Firewall
Chapter 1 Product Overvie
w
1-6
2) Ethernet interface
Table 1-4 Attributes of the Ethernet interface
Item 10BASE-T 10/100BASE-T
Connector RJ-45
Operating mode
10 Mbps
Half/full duplex
10/100 Mbps auto-sensing
Auto-MDI/MDIX
Half/full duplex
Only Layer 2 switching available
Page 18
Installation Manual H3C SecPath F100-C Firewall
Chapter 2 Preparing for Installation
2-1
Chapter 2 Preparing for Installation
2.1 Site Requirements
Install the H3C SecPath F100-C indoors and make sure the
environment meets the following requirements for its normal and
durable usage.
2.1.1 Temperature/Humidity
The equipment room must maintain adequate temperature and
humidity. Long-lasting high humidity is prone to cause bad insulation
and even electricity leakage. Sometimes the mechanical performance
changes of materials, the rustiness and corrosion of some metal parts
are also likely to occur. If the relative humidity is too low, the captive
screws can become loose due to insulation washer contraction.
Meanwhile, the static is likely produced in the dry environments,
jeopardizing the CMOS circuit of the product. The higher the
temperature is, the greater the damage to your device. Long-lasting
high temperature can speed up the aging of the insulation materials,
greatly lower the device reliability, and hence significantly shorten its
service life.
Table 2-1 lists the temperature and humidity requirements.
Page 19
Installation Manual H3C SecPath F100-C Firewall
Chapter 2 Preparing for Installation
2-2
Table 2-1 Temperature and humidity requirements in the
equipment room
Temperature Relative Humidity
0°C to 40°C (32°F to 104°F)
10% to 90%
2.1.2 Cleanliness
The equipment room must be free of explosion hazards and the
electrical and magnetic conductible dust as well. The contents of the
dust must be limited as shown in the following table:
Table 2-2 Limit to the content of dust in an equipment room
Substance Unit Content
Dust Particle/m³
3 X 10
4
(No visible dust on the table top for three days)
Note: Diameter of a dust particle ≥ 5μm
Besides the dust, there are rigorous limits on the harmful gases
that can accelerate the erosion and aging of metals, such as salts,
acids, and sulfides, as shown in the following table.
Table 2-3 Limits of harmful gases in the equipment room
Gas Maximum (mg/m3)
SO2 0.2
H2S 0.006
Page 20
Installation Manual H3C SecPath F100-C Firewall
Chapter 2 Preparing for Installation
2-3
Gas Maximum (mg/m3)
NH3 0.05
Cl2 0.01
2.1.3 ESD Prevention
Although the H3C SecPath F100-C takes measures to prevent
electrostatic discharge (ESD), its card circuits and even the device can
be badly damaged when excessive static electricity is present.
On the communication network connected to your device, the
static electricity mainly comes from the outside electrical fields, such
as outdoor high-voltage power cables and lightning, and from the
indoor environments, floor materials and the internal system such as
the equipment frame. To prevent damage, observe the following:
z Earth the device and floor well.
z Keep the equipment room as clean as possible.
z Maintain adequate temperature and humidity.
z Wear an ESD-preventive wrist strap and clothes when
handling the circuit board.
z Place the removed circuit board upward on the
ESD-preventive table, or into a static shielding bag.
z Hold the circuit board by its edge when observing or moving
it, avoiding direct contact with the elements on it.
2.1.4 Electromagnetic Environment
All interference sources, wherever they are from, impact the H3C
SecPath F100-C negatively in the conducted emission patterns of
Page 21
Installation Manual H3C SecPath F100-C Firewall
Chapter 2 Preparing for Installation
2-4
capacitance coupling, inductance coupling, electromagnetic wave
radiation, and common impedance (including the grounding system)
coupling. To resist the interference, make sure to:
z Take effective measures against the interference caused by
the power supply grid.
z Use a grounding system or lightning protection grounding
different from that for the power supply equipment and keep
them as far as possible.
z Keep the device far from the strong power radio launchers,
radar launchers, and high frequency and high-current
equipment.
z Use electromagnetic shielding when necessary.
2.1.5 Lightning Protection
Although the H3C SecPath F100-C takes necessary measures
against lightning, the device can get damaged when excessive
lightning is present. To protect device against lightning:
z Ensure the chassis is connected to the earth ground.
z Ensure the earth point of the power socket is well connected
to the earth ground.
z Add a lightning arrester to the front end of the power input to
better protect the power supply from lightning strikes.
z Add a special device to the input end of the signal cable
which lies in the open air for a better protection from the
lightning.
2.1.6 Checking the Installation Site
When installing the H3C SecPath F100-C, make sure that:
Page 22
Installation Manual H3C SecPath F100-C Firewall
Chapter 2 Preparing for Installation
2-5
z Enough space is left between the air inlet/exhaust vents.
z The workbench has a good ventilation system.
z The workbench is firm enough to support device and its
accessories.
z The workbench is well earthed.
2.2 Safety Precautions
Be sure that you observe all safety precautions when you install
your H3C SecPath F100-C and pay adequate attention to the
following icons:
Caution means care should be taken in these operations
during installation and use. Improper operations might cause bodily
injury to the operators or damage the device.
Follow these safety precautions when installing or using the H3C
SecPath F100-C:
z Keep the H3C SecPath F100-C away from moisture and
heat.
z The H3C SecPath F100-C is well earthed.
z Always wear an ESD-preventive wrist strap when installing
and maintaining the H3C SecPath F100-C, making sure the
strap has good skin-contact.
z Do not plug/unplug the cable when there is power supply.
z It is recommended to use uninterrupted power supply
(UPS).
Page 23
Installation Manual H3C SecPath F100-C Firewall
Chapter 2 Preparing for Installation
2-6
2.3 Tools, Meters, and Devices
I. Tools
z ESD-preventive wrist strap
II. Cables
z PGND wire, power cord and power supply unit (PSU)
z Console cable
z Optional cables, such as network cable, AUX cable, and
synchronous /asynchronous serial interface cable
III. Devices and meters
z HUB or LAN Switch
z Console terminal (can be a PC)
z Multimeter
Caution:
The installation tools, meters, and devices are not provided with the
H3C SecPath F100-C.
Page 24
Installation Manual H3C SecPath F100-C Firewall
Chapter 3 Installing the
3-1
Chapter 3 Installing the H3C SecPath
F100-C
3.1 Installation Procedure
Start
Install th e de vice to given positio n
Connect PGND wire
Connect power cord
Connect console terminal
Connection check before poweron
Power on the device
Normal
Power off the de vi ce
Connect the device to LAN
Connect the device to WAN
Verify installatoin
Power on the device
End
Yes
No
Troubleshooting
Figure 3-1 Installation procedure
Page 25
Installation Manual H3C SecPath F100-C Firewall
Chapter 3 Installing the
3-2
3.2 Installing the H3C SecPath F100-C
Install the H3C SecPath F100-C firewall in two ways:
z Placing it on a table
z Mounting it on a vertical surface
3.2.1 Placing the H3C SecPath F100-C on a Table
It is simple to place the H3C SecPath F100-C firewall on a clean
and flat table. When placing it, make sure:
z The table is steady
z 10 cm (3.9 in) space is left for heat dissipation around the
H3C SecPath F100-C.
z Do not place one H3C SecPath F100-C on another.
3.2.2 Mounting the H3C SecPath F100-C on a Vertical Surface
Mount the H3C SecPath F100-C firewall on a vertical surface with
four pan-head screws and the four brackets at the bottom of its
chassis.
Page 26
Installation Manual H3C SecPath F100-C Firewall
Chapter 3 Installing the
3-3
Caution:
z Make sure the screws are firm enough to hold the H3C SecPath
F100-C.
z Mount the H3C SecPath F100-C to such a height that you can
easily observe the LEDs status.
z Fix the external power cable of the H3C SecPath F100-C from
dropping down.
Follow these steps to mount the H3C SecPath F100-C on a
vertical surface:
Step 1: Install four pan-head screws on a wall or other flat vertical
surface and ensure that each screw comes 6 mm (0.2 in) out of the
wall.
Figure 3-2 Bottom of the H3C SecPath F100-C chassis
Step 2: Hang the H3C SecPath F100-C on the screws by the four
brackets.
Page 27
Installation Manual H3C SecPath F100-C Firewall
Chapter 3 Installing the
3-4
Pan-head
screw
Figure 3-3 Wall-mounting the H3C SecPath F100-C
3.3 Connecting PGND Wire
Caution:
Properly connect the PGND wire before connecting other cables and
use the cable as short as possible to protect the H3C SecPath F100-C
from possible lightning, which otherwise may damage the device.
At the AC-input end of the H3C SecPath F100-C firewall, there is
an AC-noise filter. Its center, connected to the chassis, is called
protection ground (PGND). The PGND should be well earthed to direct
the induction or leaking power to the earth ground and to protect the
whole device from electromagnetic interference. The PGND also
Page 28
Installation Manual H3C SecPath F100-C Firewall
Chapter 3 Installing the
3-5
directs to the earth ground the lightning current coming along the
external cable.
The grounding screw of the H3C SecPath F100-C is on its rear
panel. Connect this screw to the earth ground using a PGND wire. The
grounding resistance cannot be greater than 5-ohm.
3.4 Connecting the Power Cord
I. AC-input power supply
The electrical specifications of the external AC-input PSU of the
H3C SecPath F100-C firewall:
Rated input voltage range: 100 VAC to 240 VAC, 50 Hz or 60 Hz
Max input voltage range: 90 VAC to 264 VAC, 50 Hz or 60 Hz
Input current: 0.5 A to 1 A
Output voltage: 12 VDC
Output current: 4 A
Figure 3-4 illustrates the AC-input PSU:
Figure 3-4 AC-input PSU
Page 29
Installation Manual H3C SecPath F100-C Firewall
Chapter 3 Installing the
3-6
II. Recommended power socket
You are recommended to use a single-phase three-terminal
socket with an earth contact, which must be properly grounded. The
building ground system is often buried during the wiring engineering.
Make sure that the building ground system is normal before
connecting the AC power cord.
III. Connecting the AC power cord
Step 1: Check the power switch of the H3C SecPath F100-C is in
OFF position.
Step 2: Connect the output of the PSU to the input on the rear
panel of the H3C SecPath F100-C, and then insert the input connector
of the PSU into an AC power outlet.
Step 3: Push the power switch of the H3C SecPath F100-C in ON
position.
Step 4: Check that the PWR LED on the front panel of the H3C
SecPath F100-C is ON. If the LED is OFF, repeat steps 2 through 4.
Caution:
If the Power LED is still off after you repeat steps 2 through 4 several
times, refer to
Chapter 6 “Troubleshooting”.
Page 30
Installation Manual H3C SecPath F100-C Firewall
Chapter 3 Installing the
3-7
3.5 Connecting the H3C SecPath F100-C to a Console Terminal
I. Console port
The H3C SecPath F100-C firewall provides a RS232
asynchronous serial console port through which you can configure it.
For the attributes of the console port, refer to section
1.2.1 IV.
Interface attributes”.
II. Console cable
The console cable is an 8-core shielded cable with an RJ-45
connector at one end for the console port of H3C SecPath F100-C and
a DB9 (female) connector at the other end for the serial interface of the
terminal.
Figure 3-5 shows the console cable assembly:
A
A
X3
Figure 3-5 Console cable assembly
III. Connecting the console cable
Follow these steps to connect the H3C SecPath F100-C to a
console terminal:
Step 1: Select a console terminal.
Page 31
Installation Manual H3C SecPath F100-C Firewall
Chapter 3 Installing the
3-8
The console terminal can be either a standard ASCII terminal
with an RS232 serial interface, or, more commonly, a PC.
Step 2: Connect the console cable.
Power off the H3C SecPath F100-C and the console terminal,
and then connect the RS232 serial interface on the console terminal to
the console port on the H3C SecPath F100-C using the console cable.
Verify the connection and power on the H3C SecPath F100-C. In
normal cases, the startup information is displayed on the terminal
screen. For details, refer to section
4.1.3 “Startup Process”.
3.6 Connecting the H3C SecPath F100-C to LAN
I. Ethernet interface
The H3C SecPath F100-C provides a 10/100BASE-T FE
interface for connection to LAN. For more details, refer to section
1.2.1
IV. “
Interface attributes”.
Note:
The interfaces LAN0, LAN1, LAN2 and LAN3 on H3C SecPath
F100-C correspond to interface E1/0, and WAN interface corresponds
to interface E2/0 in the command line respectively.
II. Ethernet cable
A 10/100Base-TX Ethernet interface is usually connected to an
Ethernet using a category 5 twisted pair cable, as shown in
Figure 3-6:
Page 32
Installation Manual H3C SecPath F100-C Firewall
Chapter 3 Installing the
3-9
Figure 3-6 Ethernet cable assembly
Ethernet cables fit into two categories:
z Straight-through cable. At both ends, the twisted pairs are
crimped in the RJ-45 connectors in the same sequence. The
cable is used for connecting different types of devices, such
as connecting a terminal device (PC for example) or H3C
SecPath F100-C to a Hub or LAN Switch. The
straight-through cable is shipped in company with the H3C
SecPath F100-C.
z Crossover cable. At both ends, the twisted pairs are crimped
in the RJ-45 connectors in different sequence. The cable is
used for connecting devices of the same type, such as
connecting two PCs, two H3C SecPath F100-Cs or a PC to
a H3C SecPath F100-C. You can make the crossover cable
by yourself.
Caution:
In preparing network cables, shielded cables are preferred for its
electromagnetic compatibility.
Page 33
Installation Manual H3C SecPath F100-C Firewall
Chapter 3 Installing the
3-10
III. Connecting an Ethernet cable
Caution:
Read the mark above the interface carefully before making connection
to make sure it is the right interface.
Connect the Ethernet cable as follows:
The 10/100BASE-T interface on the H3C SecPath F100-C
firewall supports MDI/MDIX auto-sensing. Therefore, you can connect
your PC, security gateway, HUB, or LAN Switch to another device
using either straight-through cable or crossover cable without
considering whether the two devices are of the same type.
3.7 Connecting the H3C SecPath F100-C to WAN
The H3C SecPath F100-C firewall provides a 10 Mbps WAN
interface. For its connection, refer to section
3.6 “Connecting the H3C
SecPath F100-C to LAN”.
3.8 Verifying Installation
Every time you power on the device during the installation, verify
that:
z The device has enough space around it for heat dissipation
and the table is stable.
z The proper power supply is used.
Page 34
Installation Manual H3C SecPath F100-C Firewall
Chapter 3 Installing the
3-11
z The grounding wire is correctly connected.
z The device is correctly connected to other devices, such as
a console terminal.
Caution:
Installation verification is extremely important, because the operations
of the H3C SecPath F100-C depend on its stability, grounding, and
power supply.
Page 35
Installation Manual H3C SecPath F100-C Firewall
Chapter 4 Starting and Configuring
the H3C SecPath F100-C
4-1
Chapter 4 Starting and Configuring the
H3C SecPath F100-C
4.1 Starting the H3C SecPath F100-C
4.1.1 Setting Up a Configuration Environment
I. Connecting the H3C SecPath F100-C to a console terminal
Connect the RJ-45 connector of the console cable to the console
port on the H3C SecPath F100-C, and the DB9 connector to the serial
interface on a PC, as shown in
Figure 4-1.
To console port
PC
H3C SecPath F100-C
Console cable
To RS232 serial interface
Figure 4-1 Local configuration through the console port
II. Setting terminal parameters
Step 1: Start the Console terminal and make a new connection
When you perform the configuration on a PC, the terminal
emulations, such as the Windows3.1 Terminal, the HyperTerminal of
Windows95/Windows98/Windows NT, is needed for a connection.
Page 36
Installation Manual H3C SecPath F100-C Firewall
Chapter 4 Starting and Configuring
the H3C SecPath F100-C
4-2
Enter the name of the new connection and click <OK>. See Figure
4-2.
Figure 4-2 Create a new connection
Step 2: Setting the terminal parameter
Setting the HyperTerminal parameter of Windows98 as follows:
1) Select serial interface
Select the serial interface to be used from the Connect Using
drop-down list as shown in
Figure 4-3. The serial interface selected
here must be the one connected to the console cable.
Page 37
Installation Manual H3C SecPath F100-C Firewall
Chapter 4 Starting and Configuring
the H3C SecPath F100-C
4-3
Figure 4-3 Select serial interface
2) Set the serial interface
The [Settings] tab appears as shown in
Figure 4-4, and set the
serial interface parameters as follows:
z Bits per second = 9600
z Data bits = 8
z Parity = None
z Stop bits = 1
z Flow control = None
Click <OK> and the HyperTerminal dialog box appears.
Page 38
Installation Manual H3C SecPath F100-C Firewall
Chapter 4 Starting and Configuring
the H3C SecPath F100-C
4-4
Figure 4-4 Set communication parameter
3) Select emulation type
Choose [Properties/Settings] to enter the corresponding page
and select the emulation as VT100 or Auto detect. Click <OK> and
HyperTerminal window appears.
Page 39
Installation Manual H3C SecPath F100-C Firewall
Chapter 4 Starting and Configuring
the H3C SecPath F100-C
4-5
Figure 4-5 Select emulation type
4.1.2 Powering On the H3C SecPath F100-C
I. Connection check before power-on
Before powering on the H3C SecPath F100-C, check that:
z Both the power cord and the PGND wire are correctly
connected.
z Proper power supply is used.
z The console cable is correctly connected. The console
terminal or PC has been started and the related parameters
have been set on it.
Page 40
Installation Manual H3C SecPath F100-C Firewall
Chapter 4 Starting and Configuring
the H3C SecPath F100-C
4-6
Caution:
Locate the power switch of the power supply in the equipment room
before powering on the H3C SecPath F100-C. Then, if an accident
occurs, you can quickly shut off the power.
II. Powering on the H3C SecPath F100-C
Turn on the H3C SecPath F100-C.
III. Check after power-on
After powering on the H3C SecPath F100-C, check that:
z The LEDs on the front panel of the H3C SecPath F100-C are
in normal status.
Refer to section
1.2.1 III. “LEDs” for more information about the
LEDs status after power-on.
z The console terminal display is correct.
After powering on the H3C SecPath F100-C, you can see the
startup interface on the console terminal (see section
4.1.3 “Startup
Process”).
After the system passes power-on self-test (POST), press
<Enter> as prompted. When “<H3C>” is displayed, you can proceed
to configure the H3C SecPath F100-C.
4.1.3 Startup Process
********************************************
Page 41
Installation Manual H3C SecPath F100-C Firewall
Chapter 4 Starting and Configuring
the H3C SecPath F100-C
4-7
* *
* H3C Boot Rom, V7.60 *
* *
********************************************
Compiled at 14:45:38 , Nov 6 2004.
Testing memory...OK!
64M bytes SDRAM
8192k bytes flash memory
Hardware Version is MTR 3.0
CPLD Version is CPLD 1.0
Press Ctrl-B to enter Boot Menu
System is self-decompressing........................OK!
System is starting...
Starting at 0x10000...
User interface Con 0 is available.
Press ENTER to get started
Press <Enter>. The system displays (if login authentication is not
enabled):
<H3C>
This prompt indicates that the H3C SecPath F100-C enters user
view, and is ready for your configuration.
Page 42
Installation Manual H3C SecPath F100-C Firewall
Chapter 4 Starting and Configuring
the H3C SecPath F100-C
4-8
4.2 Configuration Fundamentals
4.2.1 Basic Configuration Procedure
Follow the steps below to configure the H3C SecPath F100-C:
Step 1: Figure out detailed networking requirements, including
networking objectives, the role of the H3C SecPath F100-C in the
network, the subnetting scheme, transmission medium, security policy,
and network reliability.
Step 2: Draw a network diagram based on the requirements.
Step 3: Configure the Ethernet interface on the H3C SecPath
F100-C. Set its physical communication parameter and protocol of the
interface based on the router information.
Step 4: Allocate the IP address and IPX network number to all the
interfaces of the H3C SecPath F100-C on a subnet division base.
Step 5: Configure routes, and if a dynamic routing protocol is
enabled, configure the parameters related to the protocol.
Step 6: Configure security settings as required.
Step 7: Configure reliability settings as required.
For more information about the protocols and function of H3C
SecPath F100-C, refer to Operation Manual and Command Manual of
this product.
Page 43
Installation Manual H3C SecPath F100-C Firewall
Chapter 4 Starting and Configuring
the H3C SecPath F100-C
4-9
4.2.2 Command Line Interface
I. Features of the CLI
The command line interface (CLI) of the H3C SecPath F100-C
firewall offers series of configuration commands for you to configure
and manage the H3C SecPath F100-C. The CLI allows you to:
z Configure the device through console port at the local.
z Telnet to access and manage the local and remote devices.
z Configure the H3C SecPath F100-C through a dumb
terminal by asynchronous serial interface and AUX port.
z Define hierarchical user authority so that only authorized
users can configure and manage the H3C SecPath F100-C.
z Get online help whenever you enter <?>.
z Test network connectivity quickly with network diagnostic
tools, such as tracert and ping.
z Have detailed debugging information for troubleshooting
your network.
z Enter a command by only entering the conflict-free keyword
portion, because the CLI interpreter supports fuzzy
matching of command keywords. For example, you simply
need to enter dis for the display command.
II. CLI
The CLI of H3C SecPath F100-C firewall offers you various
commands and allows you to adopt hierarchical user access to block
the unauthorized users. In system view, all the commands are put into
several groups for the convenience of management, each being
associated to a view. You can switch between the views by executing
the proper commands. Usually, you can only execute the commands
Page 44
Installation Manual H3C SecPath F100-C Firewall
Chapter 4 Starting and Configuring
the H3C SecPath F100-C
4-10
appropriate to the view that you access. However, you are allowed to
execute in any view some commands in common use, such as ping and display.
Page 45
Installation Manual H3C SecPath F100-C Firewall
Chapter 5 Maintaining the H3C
SecPath F100-C
5-1
Chapter 5 Maintaining the H3C SecPath
F100-C
The files on the H3C SecPath F100-C fall in to three categories:
z Boot ROM program file
z Application program file (host program)
z Configuration file
The software maintenance mainly involves
upgrading/downloading Boot ROM/application program files and
uploading/downloading configuration files.
Caution:
During Boot ROM and application program upgrade or Boot menu
parameters modification, an unexpected system power failure may
cause abnormalities such as loss of programs. If the system prompts
the loss of Boot ROM or application program, refer to related section in
this chapter describing the upgrade of Boot ROM extended segment
and application program for operation steps.
5.1 Boot Menu
Here is an introduction to Boot menu as you may use it in the
software maintenance.
Page 46
Installation Manual H3C SecPath F100-C Firewall
Chapter 5 Maintaining the H3C
SecPath F100-C
5-2
Set up the configuration environment as shown in Figure 4-1 and
boot the H3C SecPath F100-C. When the information “Press Ctrl-B to
enter Boot Menu” appears on the terminal screen, press <Ctrl+B>.
The system displays:
Please input Boot ROM password :
Caution:
To enter the Boot Menu, you must press <Ctrl+B> within three
seconds after the prompt “Press Ctrl-B to Enter Boot Menu...?”
appears. Otherwise, the system starts decompressing the program.
If you want to enter the Boot menu after the system starts
decompressing the program, you need to reboot the H3C SecPath
F100-C.
Input the correct password and press <Enter>. (If no Boot ROM
password is configured, just press <Enter>.) The system accesses the
Boot menu.
I. Boot menu of the H3C SecPath F100-C firewall
Boot Menu:
1: Download application program with XMODEM
2: Download application program with NET
3: Start up and ignore configuration
4: Enter debugging environment
5: Boot Rom Operation Menu
6: Do not check the version of the software
Page 47
Installation Manual H3C SecPath F100-C Firewall
Chapter 5 Maintaining the H3C
SecPath F100-C
5-3
7: Exit and reboot
Enter your choice(1-7):
Further description is given for the option 6:
If you fail to upgrade the software and the system prompts
“invalid version” although you use the correct software version, you
can select this option to ignore the version check during software
upgrade. Note that this option works only once when you select it. The
system resumes version check after you reboot the H3C SecPath
F100-C.
II. Boot ROM operation menu of the H3C SecPath F100-C firewall
You can select 5 in the Boot menu to enter the Boot ROM
operation menu as follows:
Boot ROM Operation Menu:
1: Download Boot ROM with XModem
2: Download Extended Segment of Boot ROM with XModem
3: Restore Extended Segment of Boot ROM from FLASH
4: Backup Extended Segment of Boot ROM to FLASH
5: Exit to Main Menu
Enter your choice(1-5):
The menu provides approaches to upgrade, back up, and restore
the Boot ROM program. See sections
5.3 “Backing up and Restoring
the Extended Segment of the Boot ROM Program”.
Page 48
Installation Manual H3C SecPath F100-C Firewall
Chapter 5 Maintaining the H3C
SecPath F100-C
5-4
Caution:
Upgrade the H3C SecPath F100-C software under the guide of
support technicians. When upgrading, make the Boot ROM software
match the application program.
5.2 Upgrading Application Programs and Boot ROM program Using XModem
You can use XModem to upgrade the software through the
console port even without setting up a configuration environment.
I. Upgrading application program
Step 1: Enter the Boot menu and select 1 to download an
application program using XModem. The following download speeds
are available for the H3C SecPath F100-C:
WARNING: The operation is to update the Boot ROM.
It may result in booting failure.
Please choose your download speed:
1: 9600 bps
2: 19200 bps
3: 38400 bps
4: 57600 bps
5: 115200 bps
6: Exit and reboot
Enter your choice(1-6):
Page 49
Installation Manual H3C SecPath F100-C Firewall
Chapter 5 Maintaining the H3C
SecPath F100-C
5-5
Step 2: Select an appropriate download speed, for example, 115200 bps by entering 5. The following message appears:
Download speed is 115200 bps. Change the terminal's speed
to 115200 bps, and select XModem protocol. Press ENTER key
when ready.
Step 3: Change your terminal’s baud rate to the same baud rate
for software downloading. After that, disconnect the terminal
([Dial-in/Disconnect]), reconnect it ([Dial-in/Dialing]), and press
<Enter> to start downloading. The system displays:
Waiting ...CCCCC
Note:
The new baud rate takes effect only after you reconnect the terminal
emulation program.
Step 4: Select [Transmit/Send file] in the terminal window. The
following dialog box pops up:
Page 50
Installation Manual H3C SecPath F100-C Firewall
Chapter 5 Maintaining the H3C
SecPath F100-C
5-6
Figure 5-1 Send File dialog box
Step 5: Click <Browse>. Select the application file to be
downloaded and set protocol to XModem. Click <Send>. The following
interface pops up:
Figure 5-2 Sending file interface
Page 51
Installation Manual H3C SecPath F100-C Firewall
Chapter 5 Maintaining the H3C
SecPath F100-C
5-7
Step 6: After completing downloading, the system begins writing
data to the Flash memory, and then displays the following information
in the terminal interface, indicating the completion of the downloading:
Download completed.
Writing to flash memory...
Please wait,it needs a long time .Please wait...
#######################################################
#
Writing FLASH Success.
Please use 9600 bps.Press <ENTER> key to reboot the
system.
Restore the speed of the console terminal to 9600 bps as
prompted, disconnect and reconnect the terminal. The system starts
up normally.
II. Upgrading the Boot ROM program
Step 1: Enter the Boot menu, and select 5 to enter the Boot ROM
operation menu.
Step 2: Select 1 in the Boot ROM operation menu to download
the Boot ROM program using XModem. The subsequent operation
steps are the same as those upgrading the application program.
Page 52
Installation Manual H3C SecPath F100-C Firewall
Chapter 5 Maintaining the H3C
SecPath F100-C
5-8
Caution:
If you fail to upgrade the entire Boot ROM program, you cannot restore
it on site. Therefore, you can only upgrade the entire Boot ROM
program under the direction of technical support engineers and when
it is urgently necessary.
III. Upgrading the extended segment of the Boot ROM program
Step 1: Enter the Boot menu, and select 5 to enter the Boot ROM
operation menu.
Step 2: Select 2 in the Boot ROM operation menu to download
the extended segment of Boot ROM with XModem. The subsequent
operation steps are the same as those for upgrading the application
program.
Caution:
This upgrade approach is only used to upgrade a portion of the Boot
ROM program, so you can make a second attempt once errors occur.
Page 53
Installation Manual H3C SecPath F100-C Firewall
Chapter 5 Maintaining the H3C
SecPath F100-C
5-9
5.3 Backing up and Restoring the Extended Segment of the Boot ROM Program
I. Backing up the extended segment to the Flash memory
Follow these steps to back up the extended segment of the Boot
ROM:
Step 1: Enter the Boot menu, and select 5 to enter the Boot ROM
operation menu.
Step 2: Select 4 in the Boot ROM operation menu to copy the
current extended segment of the Boot ROM program to the Flash
memory.
If the backup attempt is successful, the following message
appears:
Writing to FLASH.Please wait...####
Backuping Boot ROM program to FLASH successed!
Step 3: When the Boot ROM operation menu appears again, select 5 to exit and reboot the H3C SecPath F100-C.
II. Restoring the extended segment from the Flash memory
If faults occur to the extended segment of the Boot ROM program
or you upgrade it by mistake, you can restore the extended segment of
the Boot ROM program from the Flash memory to the Boot ROM
following these steps:
Step 1: Enter the Boot menu, and select 5 to enter the Boot ROM
operation menu.
Step 2: Select 3 in the Boot ROM operation menu to restore the
extended segment of the Boot ROM program from the Flash memory.
Page 54
Installation Manual H3C SecPath F100-C Firewall
Chapter 5 Maintaining the H3C
SecPath F100-C
5-10
If the operation is successful, the system displays:
Writing to Boot ROM.Please wait...######
Restoring Boot ROM program successed!
Step 3: When the Boot ROM operation menu appears again, select 5 to exit and reboot the H3C SecPath F100-C.
5.4 Upgrading the Application Programs Using TFTP
You can download the application program using TFTP through
the Ethernet interface. In this case, the H3C SecPath F100-C acts as
the client and must be connected to the TFTP server through one of its
fixed Ethernet interfaces. You can upgrade the application program in
these steps:
1) Start the TFTP server.
Start the TFTP server on the PC connected to the Ethernet
interface on the H3C SecPath F100-C and set the directory to the file
that is to be downloaded.
2) Configure the H3C SecPath F100-C.
Step 1: Enter the Boot menu and select 2 to enter the Net port
download menu as follows:
Net Port Download Menu:
1: Change Net Parameter
2: Download From Net
3: Exit to Main Menu
Enter your choice(1-3): 1
Step 2: Configure TFTP parameters.
Page 55
Installation Manual H3C SecPath F100-C Firewall
Chapter 5 Maintaining the H3C
SecPath F100-C
5-11
Select 1 in the Net port download menu to set parameters for the
Ethernet interface on the H3C SecPath F100-C (including the
interface in use, IP address of the interface) and parameters for the
TFTP server (including IP address of the Ethernet interface on the
TFTP server and the filename of the application program).
Change Download parameter
'.' = clear field; '-' = go to previous field; ^D = quit
boot device : LAN0
processor number : 0
host name : sec
file name : system
inet on ethernet (e) : 192.168.1.1
inet on backplane (b):
host inet (h) : 192.168.1.20
gateway inet (g) : 192.168.1.254
user (u) : user
ftp password (pw) (blank = use rsh): pass
flags (f) : 0x80
target name (tn) :
startup script (s) :
other (o) :
Page 56
Installation Manual H3C SecPath F100-C Firewall
Chapter 5 Maintaining the H3C
SecPath F100-C
5-12
Caution:
z The upgrade should be performed through interface LAN0 on the
firewall.
z The host inet (h): [192.168.1.10] field must be set to the IP address
of the TFTP server connected to the Ethernet interface on the
firewall.
z You are recommended to configure the IP addresses of the
network interface on TFTP server and that of the LAN0 on the
firewall to be on the same network segment.
Step 3: Confirm configuration parameters.
After you input the last parameter value and press <Enter>, the
system returns to the Net port download menu:
Saving config, please wait...OK!
Net Port Download Menu:
1: Change Net Parameter
2: Download From Net
3: Exit to Main Menu
Enter your choice(1-3): 2
3) Download the application programs.
Select 2 to download the application program using TFTP. The
system displays the following message:
Loading...
NET download completed...
read len = [06412447]
Page 57
Installation Manual H3C SecPath F100-C Firewall
Chapter 5 Maintaining the H3C
SecPath F100-C
5-13
The file to be written is flash:/system!Please wait for a
while!
Creating the file: flash:/system
Write data to flash...
Please wait, it may take a long time!
#######################################################
#########################
Writing Cmwsoftware File Succeeds!
Press <Enter> key to reboot the system .
It indicates the downloading is successful. Press <Enter> to
reboot the system.
5.5 Uploading/Downloading Application Programs/Files Using FTP
5.5.1 Upgrading Application Programs Using FTP in Boot ROM
You can download the application program using FTP through
the Ethernet interface. In this case, the H3C SecPath F100-C acts as
the client and must be connected to the FTP server through one of its
fixed Ethernet interfaces.
Caution:
The FTP server program is not shipped with the H3C SecPath F100-C
firewall. You need to purchase and install it by yourself.
Page 58
Installation Manual H3C SecPath F100-C Firewall
Chapter 5 Maintaining the H3C
SecPath F100-C
5-14
1) Start the FTP server.
Start the FTP server on the PC connected to the Ethernet
interface on the H3C SecPath F100-C and set the directory to the file
that is to be uploaded.
2) Configure the H3C SecPath F100-C.
Step 1: Enter the Boot menu and select 2 to enter the Net port
download menu as follows:
Net Port Download Menu:
1: Change Net Parameter
2: Download From Net
3: Exit to Main Menu
Enter your choice(1-3): 1
Step 2: Configure FTP parameters.
Select 1 in the Net port download menu to set parameters for the
Ethernet interface on the H3C SecPath F100-C (including the
interface in use, IP address of the interface) and parameters for the
FTP server (including IP address of the Ethernet interface on the
TFTP server and the filename of the application program).
Change Download parameter
'.' = clear field; '-' = go to previous field; ^D = quit
boot device : LAN0
processor number : 0
host name : sec
file name : App.arj
inet on ethernet (e) : 192.168.1.1
inet on backplane (b):
host inet (h) : 192.168.1.20
Page 59
Installation Manual H3C SecPath F100-C Firewall
Chapter 5 Maintaining the H3C
SecPath F100-C
5-15
gateway inet (g) : 192.168.1.254
user (u) : user
ftp password (pw) (blank = use rsh): pass
flags (f) : 0x0
target name (tn) :
startup script (s) :
other (o) :
Caution:
z The host inet (h): [192.168.1.10] field must be set to the IP address
of the FTP server connected to the Ethernet interface on the H3C
SecPath F100-C.
z You are recommended to configure the IP addresses of the
network interface on the FTP server and the LAN0 on the H3C
SecPath F100-C to be on the same network segment.
Step 3: Confirm configuration parameters.
After you input the last parameter value and press <Enter>, the
system returns to the Net port download menu:
Net Port Download Menu:
1: Change Net Parameter
2: Download From Net
3: Exit to Main Menu
Enter your choice(1-3): 2
3) Download the application programs.
Page 60
Installation Manual H3C SecPath F100-C Firewall
Chapter 5 Maintaining the H3C
SecPath F100-C
5-16
Select 2 to download the application program using FTP. The
system displays the following message:
Loading...
NET download completed...
read len = [06412447]
The file to be written is flash:/system!Please wait for a
while!
Creating the file: flash:/system
Write data to flash...
Please wait, it may take a long time!
#######################################################
#########################
Writing Cmwsoftware File Succeeds!
Press <Enter> key to reboot the system .
It indicates the downloading is successful. Press <Enter> to
reboot the system.
5.5.2 Upgrading Application Programs Using FTP in Host Software
The H3C SecPath F100-C firewall offers FTP server function,
which provides you another way of updating configuration files, and
upgrading application and Boot ROM program. You only need to
connect a FTP client, local or remote, to the H3C SecPath F100-C.
When you pass the authentication, you can upload and download
configuration files or applications.
Page 61
Installation Manual H3C SecPath F100-C Firewall
Chapter 5 Maintaining the H3C
SecPath F100-C
5-17
Note:
Upload: Transfer files from PCs running FTP client to H3C SecPath
F100-C, namely the put operation.
Download: Transfer files from H3C SecPath F100-C to PCs running
FTP client, namely the get operation.
I. Setting up an upload/download environment
z Set up a local upload/download environment using FTP
Ethernet interface
10.110.10.10/24
LAN
H3C SecPath F100-C
(FTP Server)PC
(FTP Client)
10.110.10.13/24
Ethernet interface
10.110.10.10/24
LAN
H3C SecPath F100-C
(FTP Server)PC
(FTP Client)
10.110.10.13/24
Ethernet interface
10.110.10.10/24
LAN
H3C SecPath F100-C
(FTP Server)PC
(FTP Client)
10.110.10.13/24
Figure 5-3 Set up a local upload/download environment using
FTP
Step 1: Connect the PC to the Ethernet interface of the H3C
SecPath F100-C.
Step 2: Assign an IP address, 10.110.10.10 for example, to the
Ethernet interface on the H3C SecPath F100-C.
Step 3: Assign an IP address, 10.110.10.13 for example, to the
Ethernet interface on the PC.
Page 62
Installation Manual H3C SecPath F100-C Firewall
Chapter 5 Maintaining the H3C
SecPath F100-C
5-18
Step 4: Copy the application program/Boot ROM
program/configuration file to a directory, “C:\ version” for example.
Caution:
The IP address assigned to the Ethernet interfaces of the PC and H3C
SecPath F100-C must be on the same network segment.
z Set up a remote upload/download environment using FTP
Ethernet interface
10.110.10.10/24
WAN
H3CSecPath F100-C
(FTP Server)
PC
(FTP Client)
10.110.10.13/24
Figure 5-4 Set up a remote upload/download environment using
FTP
Step 1: Connect the PC to an interface on the H3C SecPath
F100-C through WAN for remote upgrade. The PC and the H3C
SecPath F100-C can be on different network segments.
Step 2: Copy the application program/Boot ROM
program/configuration file to a directory, “C:\ version” for example.
Page 63
Installation Manual H3C SecPath F100-C Firewall
Chapter 5 Maintaining the H3C
SecPath F100-C
5-19
II. Enabling FTP sever
Follow these steps under the direction of service engineers:
Step 1: Configure an authentication method.
Note:
You can configure AAA authentication as needed. For more
information, refer to Operation Manual and Command Manual of this
product.
Step 2: Add the username.
[VPNGateway] local-user VPNGateway
VPNGateway is the user name.
Step 3: Add the password.
[VPNGateway-luser-vpngateway] password simple 123
Step 4: Add the service type and specify the FTP directory.
[VPNGateway-luser-vpngateway] service-type ftp
ftp-directory flash:
Step 5: Add authority level.
[VPNGateway-luser-vpngateway] level 3
Step 6: Enable the FTP server.
[VPNGateway] ftp-server enable
Page 64
Installation Manual H3C SecPath F100-C Firewall
Chapter 5 Maintaining the H3C
SecPath F100-C
5-20
After the FTP server is enabled and the user is added onto the
H3C SecPath F100-C, any FTP client program can use the username
and password to log onto the FTP server.
III. Uploading/downloading an application program/configuration file and uploading Boot ROM program
Step 1: In the DOS environment, access the directory containing
the application program/Boot ROM/configuration file. Execute the ftp
command to set up an FTP connection with the H3C SecPath F100-C,
for example:
C:\version\ftp 10.110.10.10
If the connection is set up, the following message appears (taking
Windows98 for example):
Connected to 10.110.10.10
220 FTP server ready on SecPath Gateway at
User(10.110.10.10:(none)):
Step 2: Log onto the FTP server using the username and
password set on the H3C SecPath F100-C.
User(10.110.10.10:(none)): SecPath Gateway
331 Password required for ftp
Password: .
230 User ftp logged in
ftp>
Appearance of the prompt “ftp>” indicates that you can begin
uploading/downloading the desired file.
Page 65
Installation Manual H3C SecPath F100-C Firewall
Chapter 5 Maintaining the H3C
SecPath F100-C
5-21
Step 3: Upload/Download the application program/Boot
ROM/configuration file.
Note:
On the H3C SecPath F100-C, the default name of the application
program is “system”; that of the configuration file is “config.cfg”; that of
the extended segment of the Boot ROM is “bootrom”; that of the entire
Boot ROM is “bootromfull”.
z Upload the application program/Boot ROM/configuration
file.
ftp> put
local file
remote file
Upon the completion of uploading, the prompt “ftp>” appears
again. Enter dir to view the name and size of the uploaded file on the
H3C SecPath F100-C. It has the same size as the original file on the
host if the uploading is successful.
Page 66
Installation Manual H3C SecPath F100-C Firewall
Chapter 5 Maintaining the H3C
SecPath F100-C
5-22
Caution:
z When using FTP to upgrade the application program, make sure
that the firewall has enough flash memory. If the memory is not
enough, you need to use the delete /unreserved command to
permanently delete old version files or other files to save the
memory space; otherwise, new files cannot be uploaded.
z The Boot ROM upgrade is not complete after the Boot ROM
program is uploaded using the put command. To complete the upgrade, use the upgrade bootrom [ full ] command to
decompress the bootrom/bootromfull program from the root
directory in the Flash and write it to the Boot ROM.
z After uploading the application program into the flash memory, you
need to rename the program file to “system” to make the program
take effect at next startup.
z After uploading configuration files into the flash memory, you need
to rename the file to “config.cfg” to make the files take effect at next
startup of the system, or use the st ar tup sav ed-confi guration
command to set the configuration files used for next startup.
z Download an application program/configuration file.
ftp> get
remote file
local file
Step 4: Quit the FTP client program after the
uploading/downloading.
ftp> quit
Page 67
Installation Manual H3C SecPath F100-C Firewall
Chapter 5 Maintaining the H3C
SecPath F100-C
5-23
IV. Detaching the Web file
When the downloading using FTP is completed, the Web file is
included in the application program. You need to detach it from the
application program using the detach command.
< VPNGateway > detach system
System file length 7856557 bytes, http file length
834724 bytes.
< VPNGateway > dir
Directory of flash:/
0 -rw- 8691281 Jun 16 2009 06:46:36 system
1 -rw- 1830 Jun 17 2009 07:47:16 config.cfg
2 -rw- 834724 Jun 18 2009 02:22:39 http.zip
If the Web file is not included, the system gives the corresponding
prompt; if the Web file name is not specified, the Web file name
defaults to http.zip.
5.6 Modifying Boot ROM Password
You can use the Boot menu of the firewall to change the Boot
ROM password.
Start the firewall. When “System starts booting” appears on the
configuration terminal, press <Ctrl+D>, and then the system prompts:
Please input Bootrom password:
Page 68
Installation Manual H3C SecPath F100-C Firewall
Chapter 5 Maintaining the H3C
SecPath F100-C
5-24
Caution:
z To enter the Boot menu, you must press <Ctrl+D> within three
seconds after the “System starts booting” prompt appears on the
configuration terminal; otherwise, the system starts decompressing
the program.
z You need to restart the firewall if you want to enter the Loader
menu after entering the Boot ROM extended segment.
After entering the correct password, press <Enter>to enter the
Boot menu (press <Enter> directly if the password is not set), and the
system displays the information as follows:
Boot Menu:
1: Download Boot ROM program
2: Modify Boot ROM password
3: System booting from Flash
4: Exit and reboot
Enter your choice(1-4):
Following is the description on the options of Boot menu:
z 1: Download Boot ROM program
z 2: Modify Boot ROM password
z 3: Boot the system from flash (This option requires backing
up the extended segment of Boot ROM in flash, refer to
5.3
for details.)
z 4: Exit from the Loader menu and restart the firewall.
Page 69
Installation Manual H3C SecPath F100-C Firewall
Chapter 5 Maintaining the H3C
SecPath F100-C
5-25
Select 2 in the Boot menu to change the Boot ROM password,
and the system prompts:
Please input new password:
Retype the new password:
Saving the password...OK
Note:
The password can contain up to 32 characters.
5.7 Resetting a Lost Password
Please contact support technicians if your Boot ROM password
or user password of the H3C SecPath F100-C is lost. Then you can
enter the H3C SecPath F100-C again with their assistance and set a
new password.
Page 70
Installation Manual H3C SecPath F100-C Firewall
Chapter 6 Troubleshooting
6-1
Chapter 6 Troubleshooting
6.1 Troubleshooting the Power System
1) Symptom:
Power LED is OFF.
2) Solution:
Check that
z The power switch of the H3C SecPath F100-C is turned on.
z The switch of the power source is turned on.
z The power cord of the H3C SecPath F100-C is properly
connected.
z The correct power source is used.
Caution:
Do not hot swap the power cord. If Power LED is still OFF after you
check against the items listed above, contact your agent.
6.2 Troubleshooting the Console Terminal
If the H3C SecPath F100-C is operating normally after it is
powered on, the console terminal displays the start-up information on
the screen. If the console terminal is faulty, it displays illegible
characters or nothing at all.
Page 71
Installation Manual H3C SecPath F100-C Firewall
Chapter 6 Troubleshooting
6-2
I. Troubles hooting no display on terminal screen
1) Symptom:
Nothing is displayed on the terminal screen after the H3C
SecPath F100-C is powered on.
2) Solution:
Step 1: Check that:
z The PSU is operating normally.
z The console cable is connected correctly.
Step 2: If no problem is found, examine the parameters
configured at the terminal (such as HyperTerminal), or check the
console cable.
II. Troubleshooting illegible characters on the terminal screen
1) Symptom:
Illegible characters are displayed on the console terminal after
the H3C SecPath F100-C is powered on.
2) Solution:
Make sure you have set on your terminal (HyperTerminal):
Bits per second = 9600
Data bits = 8
Parity = None
Stop bits = 1
Flow control = None
Emulation = VT100/auto-detect
Page 72
Installation Manual H3C SecPath F100-C Firewall
Chapter 6 Troubleshooting
6-3
Reconfigure the parameters if they are not set to these values.
Loading...
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use