McAfee SG720 Installation Manual

uf_SG720_qig_700-2240A00_en-us.fm Page 1 Monday, October 12, 2009 11:56 AM

McAfee UTM Firewall

Quick Installation Guide

Rack Mount Model SG720

uf_SG720_qig_700-2240A00_en-us.fm Page 2 Monday, October 12, 2009 11:56 AM

COPYRIGHT

Copyright © 2009 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a

retrieval system, or translated into any language in any form or by any means without
the written permission of McAfee, Inc., or its suppliers or affiliate companies.

TRADEMARK ATTRIBUTIONS

AVERT, EPO, EPOLICY ORCHESTRATOR, FLASHBOX, FOUNDSTONE, GROUPSHIELD,
HERCULES, INTRUSHIELD, INTRUSION INTELLIGENCE, LINUXSHIELD, MANAGED MAIL
PROTECTION, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, MCAFEE.COM,
NETSHIELD, PORTALSHIELD, PREVENTSYS, PROTECTION-IN-DEPTH STRATEGY,
PROTECTIONPILOT, SECURE MESSAGING SERVICE, SECURITYALLIANCE,
SITEADVISOR, THREATSCAN, TOTAL PROTECTION, VIREX, VIRUSSCAN, WEBSHIELD
are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US
and/or other countries. McAfee Red in connection with security is distinctive of McAfee
brand products. All other registered and unregistered trademarks herein are the sole
property of their respective owners.

LICENSE INFORMATION

License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT
CORRESPONDING TO THE LICENSE YOU PURCHASED,

GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF
YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT
THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS
THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED
SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD,
OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE
SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN
THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN

THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.
See

the SOFTWARE LICENSE AGREEMENT on page 25.

WHICH SETS FORTH THE

License Attributions

Some software programs that are licensed (or sublicensed) to the user under the GNU
General Public License (GPL) or other similar Free Software licenses which, among other
rights, permit the user to copy, modify and redistribute certain programs, or portions
thereof, and have access to the source code. The GPL requires that for any software
covered under the GPL which is distributed to someone in an executable binary format,
that the source code also be made available to those users. For any such software
covered under the GPL, the source code is available from the my.securecomputing.com
website. If any Free Software licenses require that McAfee provide rights to use, copy
or modify a software program that are broader than the rights granted in this
agreement, then such rights shall take precedence over the rights and restrictions
herein.

PRODUCT COMPLIANCE

For product compliance information, refer to Compliance.pdf on the UTM Firewall CD in
the /docs directory.

2

uf_SG720_qig_700-2240A00_en-us.fm Page 3 Monday, October 12, 2009 11:56 AM

Introduction

This Quick Installation Guide walks you through the installation of
your UTM Firewall device.

This guide is intended for anyone who needs to set up an SG720
McAfee UTM Firewall device.

You can find additional information at the following locations:

• Help – Help is built into the UTM Firewall Management Console.
Click the Help icon in the upper right corner.

• Support – Visit mysupport.mcafee.com to find product
documentation, announcements, and support.

• Firmware updates – Your device has been pre-programmed
with firmware current at the time of manufacture. Should you
want to upgrade the firmware, you can obtain the latest version
for your device from my.securecomputing.com.

Product specifications

• Power: 100–240 V, 50–60 Hz, 0.52–0.21 A

• Operating temperature: 0º C to 40º C

• Storage temperature: –20º C to 70º C

• Humidity: 0 to 95%, non-condensing

3

uf_SG720_qig_700-2240A00_en-us.fm Page 4 Monday, October 12, 2009 11:56 AM

Installation overview

Installing the UTM Firewall device into a well-planned network is
quick and easy; however, network planning is outside the scope of
this guide. Take some time to plan your network prior to installing
your UTM Firewall device. To add your UTM Firewall device to your
LAN (Local Area Network), follow these steps:

1 Unpack the UTM Firewall device (page 5)

2 Set up a single computer connection (page 6)

3 Set your password (page 8)

4 Set LAN connection settings (page 10)

5 Select a security level (page 16)

6 Connect to your LAN (page 18)

7 Set up computers on your LAN (page 19)

8 Set up the Internet connection (page 23)

9 Register your UTM Firewall device (page 24)

Before you begin this setup process, make sure you have a computer
running Microsoft Windows (2000 or later) with an Ethernet network
interface card installed. You should be logged in with administrator
privileges.

4

SG720

Secure Network Gateway

Erase

Online

H/B H/A

PWRFailover

A

B

C

DE

10/100/1000

10/100

Serial

uf_SG720_qig_700-2240A00_en-us.fm Page 5 Monday, October 12, 2009 11:56 AM

Unpack the UTM Firewall device

In addition to this document, check that you have the following
items included with your UTM Firewall device:

•Power cable

• UTM Firewall CD

•Network cable

The front panel of the UTM Firewall device has 2 10/100/1000 ports
(A and B), 3 10/100 ports (C, D, and E), a serial port, status LEDs,
and an Erase button (Appendix 1).

Figure 1 SG720 front panel

The status LEDs on the front panel provide information on the
operating status of the UTM Firewall device.

• The heart beat LED flashes when the UTM Firewall device is
running.

• Each of the network ports has two LEDs indicating link status and
activity.

• The four status LEDs flash when the device is in the factory
default state.

NOTE: If these LEDs do not behave in this manner before your UTM

Firewall device is attached to the network, perform a factory reset.

1 Press the erase button on rear panel twice within three seconds, 1

second apart to restore factory default settings.

2 If the LEDs are still not flashing after 30 seconds, contact customer

support.

5

uf_SG720_qig_700-2240A00_en-us.fm Page 6 Monday, October 12, 2009 11:56 AM

Set up a single computer connection

The UTM Firewall device ships with initial network settings of:

• LAN IP address – 192.168.0.1

• LAN subnet mask – 255.255.255.0

The UTM Firewall device needs an IP address suitable for your LAN
before it is connected. You can choose to use the UTM Firewall device
initial network settings as a basis for your LAN settings.

NOTE: Initial configuration is performed through port A. McAfee

strongly recommends you do not connect the UTM Firewall device to
your LAN until this guide instructs you to. If you attach port A directly
to a LAN with an existing DHCP server, or a computer running a DHCP
service, the UTM Firewall device automatically obtains an additional
address. The UTM Firewall device is still reachable at

192.168.0.1.

All other network ports are by default inactive; that is, they are not
running any network services such as DHCP, and they are not
configured with an IP address.

1 Connect the power cable to the power inlet on the rear panel of

the UTM Firewall device.

2 Turn on the rear panel power switch. The power light turns on.

3 Connect port A directly to your computer network interface card

(NIC) using the supplied network cable.

4 Modify your computer's network settings to enable

communication with the UTM Firewall device.

a Click Start | (Settings |) Control Panel and double-click

Network Connections.

b Right-click Local Area Connection, then select Properties.

NOTE: If there is more than one existing network connection, select

the connection corresponding to the NIC that the UTM Firewall
device is attached to.

5 Select Internet Protocol (TCP/IP), then click Properties. The

Internet Protocol (TCP/IP) Properties dialog box appears
(Figure 2).

6

uf_SG720_qig_700-2240A00_en-us.fm Page 7 Monday, October 12, 2009 11:56 AM

Figure 2 Internet Protocol (TCP/IP) Properties

6

Select Use the following IP address, and type:

• IP address – 192.168.0.100

• Subnet mask – 255.255.255.0

• Default gateway – 192.168.0.1

7 Select Use the following DNS server addresses.

8 In the Preferred DNS Server field, enter 192.168.0.1.

9 [Optional] If you want to retain your existing IP settings for this

network connection, click Advanced and add the secondary IP
address of 192.168.0.100, subnet mask 255.255.255.0.

7

uf_SG720_qig_700-2240A00_en-us.fm Page 8 Monday, October 12, 2009 11:56 AM

Set your password

1 Launch your Web browser. The UTM Firewall Management

Console window appears.

NOTE: If the UTM Firewall Management Console window does not

appear, navigate to 192.168.0.1. If you are unable to browse to
the UTM Firewall device at 192.168.0.1, or if the initial username
and password are not accepted:

a Press the erase button on the UTM Firewall device's rear panel

twice within 3 seconds, 1 second apart. This resets the UTM

Firewall device to its factory default settings.

b Wait 20–30 seconds, and then try browsing to 192.168.0.1

again.

2 A logon prompt appears. Enter the initial user name and

password:

•User name – root

• Password – default

3 Click OK. The Set Administrative Password window appears

(Figure 3).

Figure 3 Set Administrative Password window

.

8

uf_SG720_qig_700-2240A00_en-us.fm Page 9 Monday, October 12, 2009 11:56 AM

4

Enter and confirm a new password for your UTM Firewall device.

The new password takes effect immediately. You are prompted
to enter the new password when completing the next step.

NOTE: This is the password for the main administrative user (root)

account on the UTM Firewall device. It is important you choose a
password hard that is hard to guess, and keep it safe.

5 Click Submit. The Quick Setup Wizard Hostname window

appears (Figure 4).

Figure 4 Hostname window

9

uf_SG720_qig_700-2240A00_en-us.fm Page 10 Monday, October 12, 2009 11:56 AM

Set LAN connection settings

1 [Optional] The host name defaults to the model number. If you

want to use a different host name, type the new name in the

Hostname field. The name must begin with an alpha character.

2 Click Next. The LAN window appears (Figure 5).

Figure 5 LAN window

10