IBM GX4000, Proventia Network Getting Started

IBM Proventia Network Intrusion Prevention System Getting
Started for GX4000 Series Appliances

This document helps you do the following tasks:

v Connect the appliance

v Configure appliance settings

®

v Connect to Proventia

v Install the product license

v Update the appliance

After you finish these tasks:

v Use the applicable IBM

Installation Guide to install specific firmware versions

v Use the applicable IBM Proventia Network Intrusion Prevention System (IPS)

Appliance User Guide to

– Set up appliance management

– Configure your security policies, including specifying events and responses

– Create firewall rules to protect your network

– Track alerts

– Monitor important system information

Manager

®

Proventia Network Intrusion Prevention System (IPS)

Reference Key

v A: LCD Controller Module - used for initial network configuration, restarting or

shutting down the appliance, and obtaining IPS version information.

v B: USB Ports

v C: Serial Console Port - used for terminal-based setup and recovery.

v D: Protected Ports- used for either inline intrusion prevention (IPS mode) or

passive intrusion detection (IDS mode). Inline prevention uses a pair of ports per
segment. Passive detection uses a single port per segment.

Note: Your port configuration may look slightly different depending on the
number of ports.

v E: Management Ports

Management Port 1 is used to communicate with Proventia Manager and
SiteProtector Management

Management Port 2 is used exclusively for sending TCP Reset responses

© Copyright IBM Corp. 2003, 2010 1

Requirements

v Power cable

v Proventia serial console cable (blue)

v Ethernet crossover cable (red)

v For each inline segment:.

– A pair of Ethernet cables, straight-through or crossover, depending on your

network type

– A crossover adapter

Note: IBM provides one crossover adapter and two one-foot Ethernet cables
(green) per segment

v Additional Ethernet cables, as needed

v PC with Internet Explorer and Internet connection

Connect the appliance

Keep management and monitoring communication separate so that network traffic
can pass uninterrupted through the appliance's network interface card (NIC).

Cable the appliance

Procedure

1. Connect the power cable(s) to the appliance. If your appliance has two power

cords, you must connect both.

2. Connect Management port 1 to the network you will use to manage the

appliance.

Note: TCP Reset: Management port 2 is the RS Kill (TCP Reset) port. The
appliance does not send TCP Reset responses until you configure TCP Reset.

3. (SFP-capable appliance only) Populate the protected ports with SFP modules as

necessary. For each port pair, SFP modules must be the same media type; for
example, if port 1A is copper (TX), then port 1B must also be copper (TX).

4. Connect the network cables to the protected ports. To run the appliance in

passive mode, only connect the first protected port in the pair to the network.

5. Turn on the appliance.

Network information

Record the network information you need to configure the appliance.

Setting Your network information

IP address __________-__________-__________-__________

Subnet mask __________-__________-__________-__________

Default gateway __________-__________-__________-__________

Options for connecting to the network

Chose one of the options to connect the appliance to the network.

v “Connect to the network using the LCD panel” on page 3

v “Connect to the network using a serial console cable” on page 3

2 Proventia Network IPS Appliances: IBM Internet Security Systems

Connect to the network using the LCD panel

Procedure

1. Determine and record your IP address, subnet mask, and default gateway.

2. Press

(Enter) on the LCD panel. The LCD displays a message asking if

you want to set up the network.

3. Select OK, and then press

4. Press

(Enter) again on the LCD panel to display the IP address screen.

5. Press UP and DOWN to select a number, and then press

(Enter).

(Enter) to move

to the next field.

6. When you have completed all the fields, press

7. Select OK to move forward, and then press

(Enter).

(Enter) to confirm your

selection.

8. Complete these steps again to provide the subnet mask and default gateway.

9. After you enter all your network information, a final conformation screen

appears. Select OK to save all network information and enable the
Management port, or select Cancel to return to the IBM ISS Proventia screen
without saving any information.

10. After you confirm the settings, the appliance generates a temporary,

case-sensitive password. Record this password; you must use it when you log
on to the appliance.

11. Connect to the appliance using a secure network connection and the

appliance's IP address to complete the initial configuration.

What to do next

Go to the next procedure in the getting started process, “Configure appliance
settings” on page 4.

Connect to the network using a serial console cable

Procedure

1. Connect the serial console cable to the appliance and a computer to complete

the initial configuration.

2. Connect to the appliance using Hyperterminal or another terminal emulation

program. Follow the instructions listed in the documentation for the program
you choose.

3. Use the following settings to connect.

Option Description

Communication Port Typically COM1

Emulation VT100

Bits per second 9600

Data bits 8

Parity None

Stop bits 1

Flow control None

IBM Proventia Network Intrusion Prevention System Getting Started for GX4000 Series Appliances 3