Stormshield SN Series, SN210W, SN310, SN510, SN710 Product Presentation And Installation

...

Download

GUIDE

STORMSHIELD NETWORK SECURITY

PRODUCT PRESENTATION AND INSTALLATION 2019

Date: September 2019

Document version: 1.0

Reference: sns-en-SNrange_installation_guide-2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

Table of contents

FOREWORD 3

Recommendations on the operating environment 3 Regulations 5

INTRODUCTION 6

UPON RECEIVING YOUR FIREWALL 8

Integrity of the product 8 Contents of the packaging 9

SAFETY RULES 11

All models except SNi40 11 SNi40 model 13

INSTALLATION PRECAUTIONS 15

Conditions of use (all models except SNi40) 15 Conditions of use (SNi40 model) 16 Connecting to the mains 17 Connecting to a 24VDC power supply unit (SNi40) 18 Connecting to the network 18

INSTALLATION IN A 19" CABINET AND RACK 19

PRESENTATION OF SN MODELS 24

SN160 and SN160W models 24 SN210 and SN210W models 25 SN310 model 27 SN510 and SN710 models 28 SN910 model 29 SN2100 and SN3100 models 30 SN6100 model 32 SNi40 model 34

Starting 46 Shutting down 51

UPDATING THE LICENSE 53

Retrieving the license 53 Installing the license 53

DOCUMENTATION & ASSISTANCE 54

APPENDIX A: RESETTING THE FIREWALL 55

All models except SN6100 and SNi40 55 SN6100 and SNi40 models 56

APPENDIX B: LOG STORAGE 57

External storage option - storing logs externally on an SD card 57 Enable log storage 57 Log consultation 58

APPENDIX C: MANAGING SSDs 59

Detecting issues 59 Replacing an SSD 59 RAID option (SN2100) 60 Big Data option (SN2100, SN3100 and SN6100) 60

APPENDIX D: CHANGING A POWER SUPPLY MODULE (SN2100, SN3100 AND SN6100) 61

SN2100 and SN3100 61 SN6100 62

APPENDIX E: CONFIGURATION AND ADMINISTRATION VIA IPMI (SN6100) 64

SN6100 64

NETWORK CONNECTORS 35

RJ45 Ethernet connectors 35 Fiber Ethernet connectors 37 Extension modules (SN710 and upwards) 40 Recommended connectors for high availability (HA) links 43

INITIAL CONNECTION TO THE PRODUCT44

Requirements 44 Connections 45 Configuration 46

Page 2/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

FOREWORD

You are strongly advised to read this whole document before installing a Stormshield Network Firewall.

This installation guide presents the Stormshield Network range marketed by Stormshield. This guide explains how to conduct the physical installation needed for integrating an appliance into your network architecture. It also provides the necessary details for adding transceivers and network modules to SN710, SN910, SN2100, SN3100, SN6100 and SNi40 products.

The aim of this manual is to allow you to quickly integrate a Stormshield Network Firewall into your network but does not provide any information on how to configure the product. For help in configuration, there is a full User guide in the form of online help, which you can look up on the Stormshield Technical Documentation website, at:

https://documentation.stormshield.eu

The SNS user configuration manual, an exhaustive help file, can be downloaded from the section PDF download (refer to the section DOCUMENTATION & ASSISTANCE).

FOREWORD

Products concerned

SN160, SN160W, SN210, SN210W, SN310, SN510, SN710, SN2100, SN3100, SN6100 and SNi40.

NOTE For earlier products in the Stormshield Network range (SN150, SN200, SN300, SN500, SN700, SN900, SN2000, SN3000 and SN6000), please refer to the 2017 version of this Product presentation and installation guide.

Recommendations on the operating environment

DEFINITION

The common criteria evaluate (on an Evaluation Assurance Level or EAL scale of 1 to 7) a product’s capacity to provide security functions for which it had been designed, as wellas the quality of its life cycle (development, production, delivery, putting into service, updates).

Introduction

The installation of a Firewalloften comes within the scope of setting up a global security policy. To ensure optimal protection of your assets, resources or information, it is not only a matter of installing a Firewall between your network and the Internet. This is namely because the majority of attacks come from the inside (accidents, disgruntled employees, dismissed employee having retained internal access, etc.). And one would also agree that installing a steel security door defeats its purpose when the walls are made of paper.

Backed by the Common Criteria, Stormshield Network advises taking into consideration the recommendations of use for the Administration Suite and Firewallproduct stated below. These recommendations set out the usage requirements by which to abide in order to ensure that your Firewall operates within the context of the common criteria certification. For further information on Common Criteria compliance, please go to:

https://documentation.stormshield.eu/common-criteria.html

Page 3/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

Security watch

Please regularly check Stormshield security advisories published on

https://advisories.stomshield.eu.

Always update your firewall if it allows fixing a security flaw. Updates are available here:

https://mystormshield.eu.

Physical security measures

Stormshield Network Firewall-VPN appliances must be installed and stored in compliance with the state of the art regarding sensitive security devices: secured access to the premises, Shielded cables with twisted pairs, labeled cables, etc.

Organizational security measures

The default password of the “admin” user (super administrator) must be changed the very first time the product is used. In the web administration interface, this password can be changed in the Administrator module (System menu), under the Administrator account tab.

FOREWORD

The definition of this password must observe the best practices described in the User Guide, in the section Welcome, sub-section User awareness, paragraph User password management, availableat: https://documentation.stormshield.eu/

A particular administrative role– that of the super-administrator – has the following characteristics:

l Only the super-administrator is permitted to connect via the local console on firewall-VPN

appliances, and only when installing the Firewall or for maintenance operations, apart from actual use of the equipment.

l He is in charge of defining the profiles of other administrators, l All access to the premises where the appliances are stored has to be under his supervision,

regardless of whether the access is due to an intervention on the appliance or on other equipment. He is responsible for all interventions carried out on appliances.

IT security environment

Stormshield Network firewall-VPN appliances must be installed in accordance with the current network interconnection policy and are the only passageways between the different networks on which the controlpolicy for traffic has to be applied. They are scaled according to the capacities of the adjacent devices or these devices restrict the number of packets per second, positioned slightly below the maximum treatment capacities of each firewall-VPN appliance installed in the network architecture.

Page 4/66 sns-en-SNrange_installation_guide-2019 - 09/2019

Regulations

RoHS (Restriction of Hazardous Substances) directive For further information on RoHS compliance or on recycling program of Stormshield Network Firewalls (WEEE), please refer to:

https://www.stormshield.eu/about/recycling/

Certifications

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

FOREWORD

WEEE (Waste Electrical and Electronic Equipment) directive All Stormshield Network products that are subject to the WEEE directive will be marked with the mandated "crossed-out wheelie bin" symbol. This symbol means that the product meets the requirements laid down by the WEEE directive with regards to the destruction and reuse of waste electrical and electronic equipment.

Part 15 Subpart B

Page 5/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

INTRODUCTION

Thank you for choosing Stormshield Network. Designed to protect networks of all sizes, Stormshield Network - SN range appliances are pre-configured: no hardware or software installation is needed and no UNIX knowledge is necessary, just a user-friendly configuration via a graphical interface.

The Stormshield Network (SN) range consists of twelve products:

SN160, SN160W, SN210, SN210W, SN310, SN510, SN710, SN910, SN2100, SN3100, SN6100 and SNi40.

The architecture of the new-generation SN range was specifically designed to maximize the performance of the Stormshield Network protection engine. Complex application traffic is therefore inspected at high speed at the heart of the network and without discernible latency (less than 1 millisecond).

Hardware acceleration for data encryption also anticipates the multiplication of high-speed VPN access.

INTRODUCTION

The SN Firewall allows the definition of incoming or outgoing access control rules. Its concept is simple: any incoming or outgoing transmission passing through the Firewall is monitored, authorized or denied according to the rules, packet by packet.

The SN Firewall is based on a sophisticated packet filtering mechanism that provides a high level of security. All Firewalls integrate the ASQ (Active Security Qualification) technology developed by Stormshield Network Security. This technology allows detecting and blocking hacking attempts in realtime illegal packets, denial of service attempts, anomalies in a connection, port scans, buffer overflows, etc.

In the event of an intrusion attempt, depending on the instructions given in the security policy, the SN Firewall blocks the transmission, generates an alarmand stores the information linked to the packet which had set off the alarm. As such, you would be able to analyze the attack and trace its source.

The SN Firewall not only allows preventing, or restricting to just certain services, incoming connections on your network, but also allows monitoring the use of the Internet by your internal users (HTTP, FTP, SMTP, etc.). You may also monitor your users by authenticating them via an internal or external authentication database.

The SN Firewall also manages port and address translation mechanisms. These mechanisms provide security (by masking your internal address range) and flexibility (by enabling the use of any private internal addressing range) and reduce costs (by enabling the provision of several servers on the Internet with a single public IP address).

Page 6/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

Stormshield Network Vulnerability Manager, the risk management solution, is based on the detection of applications and the associated vulnerabilities. It allows you to quickly zero in on the most vulnerable hosts, identify affected applications and know which bug fixes to apply.

Lastly, the SN Firewall includes VPN gateway functions allowing you to establish encrypted tunnels with other VPN equipment. In this way, your communications between sites or with your mobile users may be secured even while using an insecure communication infrastructure like the Internet.

Administration tools

Thanks to the web administration interface, you can administer your Stormshield Network Firewall from the operating system of your choice. The new Firewallconfiguration interface, accessible froma web browser, benefits from the latest breakthroughs in user friendliness and simplicity of use.

INTRODUCTION

The dashboard gives an overview of information relating to the Firewall’s activity and its configuration.

Through SN Activity Reports, available from a dedicated portal, you can view how Internet access is used, the various attacks that your Firewallhas blocked and the vulnerable hosts in your network. Furthermore, numerous interactions allow you to directly take action on the configuration of your Firewall.

SN REAL-TIME MONITOR

SN REAL-TIME MONITOR is the application that analyzes security events in real time and allows you to view your Firewall’s activity simply. The dashboard in particular allows you to monitor all your SN Firewalls. This application is an excellent tool for the security of your network thanks to the wide array of information displayed.

Page 7/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

UPON RECEIVING YOUR FIREWALL

Several security mechanisms have been implemented to guarantee the integrity of the product that you receive. They also validate the fact that your product has not been tampered with. Check them carefully in order to avoid disputes later regarding the application of the warranty.

Any abnormality must be reported within 48 hours from receipt of the product, to your reseller if your product is not as per order.

Integrity of the product

Seals and labels on the packaging

Every Firewall is delivered in a cardboard box sealed by one or two warranty seals. On this packaging, there is a label indicating information identifying the product it contains and its version. Check that this information corresponds to your order.

Seals

Every Firewall is sold in a closed cardboard box to which a

"STORMSHIELD QUALITY SEAL" is affixed.

IMPORTANT If this seal is missing or has been tampered with, contact your distributor as soon as possible to find out why the packaging has been opened.

Identification labels

These labels indicate the information relating to the Firewall (product reference, part number, serial number, software version installed, etc). Check that this information corresponds to your order. You can also check whether the version installed has been certified.

Labels on the product

Figure 1: " Stormshield Quality seal"

label

Figure 2: Product labels on the cardboard bo x

Warranty label

A warranty label is pasted on all Firewalls. Once this label is torn, the warranty will be void.

Figure 3:

Warranty labe l

Page 8/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

UPON RECEIVING YOUR FIREWALL

Serialnumber label

This label displays your product's serial number and registration password. It is affixed:

l tothe underside of SN160, SN160W, SN210, SN210W, SN310, SN2100 and SN3100

models,

l tothe back of the firewall on SN510, SN710, SN910 and SN6100 models, l tothe side for the SNi40 appliance.

Figure 4: Serial numbe r label

IMPORTANT Take note of your registration password 1 and your serial number 2. You will be asked for these during the installation and registration of your product.

Product label

This label, found on the underside of your product, provides information relating to the Firewall, such as the part number and the product's electrical power characteristics.

Figure 5: Product label

Contents of the packaging

Keep the cardboard packaging in a safe place in case you need it later for transporting the Firewall. It has been designed to give your SN Firewall optimum protection (shock resistance, etc.).

Upon delivery, check that the following have been included in the packaging:

l Your Stormshield Network Firewall, l A power cord (two for SN2100, SN3100 and SN6100 appliances) l A power adapter (SN160, SN160W, SN210, SN210W and SN310), l A 6-pole screw connector (SNi40), l A Category-5e RJ45 crossover cable, l An “A to B” USB cable (SN160, SN160W, SN210, SN210W and SN310), or an RJ45 to DB9F

serial cable (SN510, SN710, SN910, SN2100, SN3100 and SN6100) or DB9F serialcable (SNi40).

l ThreeWi-Fi antennae to be screwed to the back of the appliance (SN160W and SN210W)

Page 9/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

UPON RECEIVING YOUR FIREWALL

For SN510, SN710 and SN910 models, the packaging should also contain four non-slip rubber feet.

For the purpose of installing the appliance in a rack, SN510, SN710, SN910 and SN6100 models have brackets mounted by default.

For SN2100 and SN3100 models, the packaging should also contain a set of brackets, rails and screws for mounting the Firewall in a rack.

For SN6100 models, the packaging should also contain a set of rails and screws for mounting the Firewall in a rack.

The SNi40 model is equipped with a fastener for a 35mm-wide DIN rail (EN50022 standard)

NOTE As SN510, SN710 and SN910 Firewalls can be installed on a desk or in a rack, their nonslip rubber feet are delivered separately. Only products that cannot be racked (SN160, SN160W, SN210, SN210W and SN310) are sold with the rubber feet already attached.

The documentation provided includes:

l General Conditions of Use and User License, l Safety Rules and Installation Precautions, l Quick Installation Guide, l Installation guide for the set of rails (SN2100, SN3100 and SN6100).

If any element is missing, contact your distributor immediately.

Page 10/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

SAFETY RULES

Before installing anything, carefully read and follow the safety instructions.

All models except SNi40

IMPORTANT

You must use the power adapter provided with the product.

Before plugging in any devices

l Ensure that neither your Stormshield product, the power cord nor power adapter is damaged. l Ensure that the power supply or power adapter of your Firewall is compatible with the voltage

of your power supply network.

l When the product’s power cord or power adapter has a ground pin, it must be plugged into a

properly grounded electrical outlet. Ensure that the connection is reliable and that the protective earth circuit of your installation complies with safety standards in force.

l To be able to disconnect the product, ensure that the connection to the power supply is

always easily accessible.

SAFETY RULES

Before connecting to a 48VDC power supply (SN2100, SN3100 and SN6100)

Special considerations for equipment connected to a DC mains supply:

l Please follow IEC, NEC, ANSI/NFPA 70 and CEC, Part I, C22.1 for all relevant field wiring

instructions and cautions. The equipement must be installed by a qualified electrician.

l Before using the equipment, the chassis must be permanently connected to earth using

yellow/green wire rated a minimum of:

1.5mm² (16 AWG) on SN2100 and SN3100

3.31mm² (12AWG) on SN6100

l The equipment shall be connected to the DC mains supply with an approved switch or

breaker.

l Only wires with the following minimum ratings shall be used to connect the equipment to the

DC mains supply:

1.5mm² (16 AWG) on SN2100 and SN3100

3.31mm² (12AWG) on SN6100

Warranty and safety rules

Under no circumstances should you take apart a Stormshield Network appliance on your own. Only Stormshield, which markets the Stormshield Network range, and its approved maintenance agents are authorized to do so. A seal label protects all Stormshield Network Firewalls from being opened.

Your warranty will be rendered null and void should you dismantlea Stormshield Network Firewall on your own.

Page 11/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

SAFETY RULES

IMPORTANT Never dismantle your Stormshield appliance, as doing so may cause hardware accidents and/or bodily harm.

IMPORTANT Do not insert objects into the appliance’s vents – this may hinder the rotation of an internal fan or damageit, causing the appliance to overheat. This may also cause a short-circuit that may lead to the breakdown of the appliance.

IMPORTANT Copper Ethernet cables connected to your Stormshield Network Firewall must not be connected to other appliances located in other buildings.

As per legal safety requirements, anyone performing any operation on a Stormshield Network SNrange product must know and follow the safety indications below:

To the attention of maintenance teams:

WARNING DANGER OF EXPLOSION IF BATTERY IS INCORRECTLY REPLACED. REPLACE ONLY WITH SAME OR EQUIVALENT TYPE RECOMMENDED BY THE MANUFACTURER. DISCARD USED BATTERIES ACCORDING TO THE MANUFACTURER’S INSTRUCTIONS.

Only qualified personnel from an approved maintenance center can performoperations on this component.

In the event of hardware problem with your Firewallor if one of the elements does not match its description, please contact your certified partner.

Installing an appliance outside a rack

Your product must be equipped with its non-slip rubber feet in order to reduce the possibility of your appliance slipping off the surface on which it has been installed.

These flexiblenon-slip rubber feet are to be attached to the underside of the chassis for SN510, SN710 and SN910 models. Please refer to the section INSTALLATION PRECAUTIONS for further information.

Assembly in a cabinet

For a racked installation, place heavier appliances in the lower section of the rack and lighter elements in the higher section.

Referto the section INSTALLATION IN A 19” CABINET for details on how to installan appliance in a racking bay.

Precautions

l Installation kit - for rack mounting the original installation kit for this device has to be used. l Elevated Operating Ambient Temperature - If installed in a closed or multi-unit rack assembly,

the operating ambient temperature of the rack environment may be greater than room ambient. Therefore, consideration should be given to installing the equipment in an environment compatible with the maximum ambient temperature (Tma) specified by the manufacturer.

l Reduced Air Flow - Installation of the equipment in a rack should be such that the amount of

air flow required for safe operation of the equipment is not compromised.

Page 12/66 sns-en-SNrange_installation_guide-2019 - 09/2019

l Mechanical Loading - Mounting of the equipment in the rack should be such that hazardous

conditions due to uneven mechanical loading are avoided.

l Circuit Overloading - Consideration should be given to the connection of the equipment to the

supply circuit and the effect that overloading of the circuits might have on overcurrent protection and supply wiring. Appropriate consideration of equipment nameplate ratings should be used when addressing this concern.

l Reliable Earthing - Reliable earthing of rack-mounted equipment should be maintained.

Particular attention should be given to supply connections other than direct connections to the branch circuit (e.g. use of power strips).

l Leakage current - considerations should be given to the summation of leakage currents when

installing the equipment in a closed or multi-unit rack assembly.

SNi40 model

Before plugging in any devices

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

SAFETY RULES

l Ensure that your Stormshield product and its accessories are not damaged. l Ensure that the electrical characteristics of your product indicated on the product label are

compatible with those of your power supply network.

l The chassis of your product must be connected to a protective earth circuit, using rated

minimum 16 AWG or 1 mm² wire. Ensure that the connection is permanent and reliable, and that the protective earth circuit of your installation complies with safety standards in force.

l Before installing or removing your product, ensure that it has been turned off, and that all

power supply connections have been removed.

l Equipment connected to a DC mains supply: please follow IEC, NEC, ANSI/NFPA 70 and CEC,

Part I, C22.1 for all relevant field wiring instructions and cautions. The equipement must be installed by a qualified electrician.

l The equipment shall be connected to the DC mains supply with an approved switch or

breaker and easily accessible.

l Only wires rated minimum 16AWG or 1mm² shall be used to connect the equipment to the DC

mains supply.

Warranty and safety rules

Your warranty will be rendered null and void should you dismantlea Stormshield Network Firewall on your own.

Page 13/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

SAFETY RULES

IMPORTANT Never dismantle your Stormshield appliance, as doing so may cause hardware accidents and/or bodily harm.

IMPORTANT Copper Ethernet cables connected to your Stormshield Network Firewall must not be connected to other appliances located in other buildings.

As per legal safety requirements, anyone performing any operation on a Stormshield Network SNrange product must know and follow the safety indications below:

To the attention of maintenance teams:

Only qualified personnel from an approved maintenance center can performoperations on this component.

In the event of hardware problem with your Firewallor if one of the elements does not match its description, please contact your certified partner.

Assembly in a cabinet

l Installation kit - Only use the installation kit supplied with the product. l Elevated Operating Ambient - If installed in a closed or multi-unit cabinet assembly, the

operating ambient temperature of the cabinet environment may be greater than room ambient. Therefore, consideration should be given to installing the equipment in an environment compatible with the maximum ambient temperature (Tma) specified by the manufacturer.

l Reduced Air Flow - Installation of the equipment in a cabinet should be such that the amount

of air flow required for safe operation of the equipment is not compromised.

l Mechanical Loading - Mounting of the equipment in the cabinet should be such that a

hazardous condition is not achieved due to uneven mechanical loading.

l Circuit Overloading - Consideration should be given to the connection of the equipment to the

l Reliable Earthing - Reliable earthing of cabinet-mounted equipment should be maintained.

Particular attention should be given to supply connections other than direct connections to the branch circuit (e.g. use of terminal blocks).

Page 14/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

INSTALLATION PRECAUTIONS

A Firewall is a central device in your network, thereforedo not neglect it – install it in the best way possible, under the best conditions.

NOTE Instructions on how to connect products are also given in the Poster Quick Installation Guide provided with the Firewall.

Conditions of use (all models except SNi40)

The Stormshield Network Firewall has been designed to run continuously, in an office or in a server room. If you wish to install your appliance in an office, choose a flat and uncluttered surface. Add the non-slip rubber feet to SN510, SN710 and SN910 models; stick a non-slip rubber foot to the underside of the appliance, close to each cornerabout 2 cm fromthe edges. This will ensure the stability of the Firewall and protect it from scratches.

WARNING The firewall has to be installed in compliance with the state of the art corresponding to the practical terms of secure installation, i.e., in a protected office or other premises with limited access. In order to guarantee the integrity of the product and to avoid compromising the security of your installation, all unauthorized access to the Firewall has to be avoided.

NOTE

Ensure that the cables do not obstruct passageways to prevent them frombeing pulled

out or the product from falling.

Do not install and/or operate your Stormshield Firewall in any place that flammable objects are stored or used in. Your Stormshield Firewall is intended for indoor use (office environment or other IT environment), away from areas that may receive rainfall, floods or excessive humidity. It must be installed away fromsources of shocks, vibrations, and dust, in an environment where the temperature conforms to the product's specifications.

The ideal ambient temperature is around 25°C. The tables below set out the operational temperature, storagetemperatureand humidity level for all models of SN range.

SN160, SN160W, SN210, SN210W, SN310, SN510, SN710, SN910, SN2100 and SN3100models:

Operating

temperature

+0° to +40°C

(+32° to +104°F)

Relative humidity

operating (%)

0% to 95% at +40°C (+104°F)

without condensation

Storage

temperature

-30° to +65°C

(-22° to +149°F)

Relative humidity

storage (%)

5% to 95% at +60°C (+140°F)

without condensation

SN6100 model

Operating

temperature

+0° to +40°C

(+32° to +104°F)

Relative humidity

operating (%)

0% to 90% at +40°C (+104°F)

without condensation

Storage

temperature

-20° to +70°C

(-4° to +158°F)

Relative humidity

storage (%)

5% to 95%

without condensation

Page 15/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

INSTALLATION PRECAUTIONS

IMPORTANT Avoid in particular direct exposure to sunlight. Always keep adequate distance around the appliance’s vents in order to guarantee a freeflow of air, thereby preventing the possibility of overheating.

IMPORTANT Do not place objects on your Stormshield Network appliance.

IMPORTANT

The Stormshield Network Firewall has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the Firewall is operated in a commercial environment. The Stormshield Network Firewall generates, uses and can radiateradio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this Firewall in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense.

The Stormshield Network Firewall complies with the requirements set out in the European standard EN55032, Class A. In a residential environment, a Class A product may cause radioelectric interference, for which the user may need to take appropriate measures.

Conditions of use (SNi40 model)

The SNi40 firewallhas been designed to run continuously in a server room.

WARNING The Firewallhas to be installed in compliance with the state of the art corresponding to the practical terms of secure installation, namely: in protected premises with limited access. In order to guarantee the integrity of the product and to avoid compromising the security of your installation, all unauthorized access to the Firewall has to be avoided.

NOTE

Ensure that the cables do not obstruct passageways to prevent them frombeing pulled

out or the product from falling.

Your Stormshield Firewallis intended for indoor use, industrialenvironment (referto product specifications), away from areas that may receive rainfall, floods or excessive humidity. It must be installed away fromsources of shocks, vibrations, and dust, in an environment where the temperature conforms to the product's specifications.

The ideal ambient temperature is around 25°C. The table below sets out the operational temperature, storagetemperatureand humidity level for the SNi40 model.

SNi40 model

Operating

temperature

-40° to +75°C

(-40° to +167°F)

Relative humidity

operating (%)

0% to 95%

without condensation

Storage

temperature

-40° to +85°C

(-40° to +185°F)

Relative humidity

storage (%)

5% to 95%

without condensation

The table below sets out the operational temperature, storage temperature and humidity levelfor the power adapter, which is sold separately.

Power adapter for SNi40 models (optional)

Operating

temperature

0° to +40°C

(+32° to +104°F)

Page 16/66 sns-en-SNrange_installation_guide-2019 - 09/2019

Relative humidity

operating (%)

10% to 90%

without condensation

Storage

temperature

-20° to +70°C

(-4° to +158°F)

Relative humidity

storage (%)

10% to 90%

without condensation

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

INSTALLATION PRECAUTIONS

IMPORTANT Avoid in particular direct exposure to sunlight. Always keep an adequate distance around the appliance in order to guarantee a freeflow of air, thereby preventing the possibility of overheating.

IMPORTANT Do not place objects on your Stormshield Network appliance.

IMPORTANT

Connecting to the mains

The supported voltage ranges from 100V to 240V.

NOTE You are strongly advised to connect all appliances to a UPS device. As SN3100 and SN6100 models are equipped with redundant power supplies (option offered on SN2100 models), plugging them into 2 separate mains circuits is recommended.

NOTE In the event of an accidental power outage, the product will automatically start up once it is powered up again.

NOTE For SN2100, SN3100 and SN6100 models, 48V DC power supply modules may be provided separately upon request.

For SN160, SN160W, SN210, SN210W and SN310 models, insert the connector of the power adapter into the power socket on the rear panel of the Firewall. Next, connect the adapter to an appropriate mains socket using the power cord provided.

For SN510, SN710, SN910 and SN2100 models, insert the plug of the power cord (provided with the product) into the power socket on the rear panel of the appliance. Next, plug the other end of the power cord into an appropriate mains socket.

For SN3100 and SN6100 models, insert the connector of both power cords provided into both power sockets located on the rear panel of the Firewall. Next, plug in the other ends of the power cords into appropriate mains sockets.

Page 17/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

Connecting to a 24VDC power supply unit (SNi40)

The supported voltage ranges from 12VDC to 36VDC.

REMINDER Equipment has to be installed by a qualified electrician.

NOTE You are strongly advised to connect all appliances to a "UPS" device. The SNi40 model is equipped with a redundant power supply unit, so you are advised to connect it to 2 independent sources of power.

NOTE In the event of an accidental power outage, the product will automatically start up once it is powered up again.

NOTE A power adapter may be ordered separately.

Connecting to the network

INSTALLATION PRECAUTIONS

All models are fitted with RJ45 Gigabit Ethernet ports by default.

The SN910 and SNi40 models offerby default, two SFP sockets, allowing the insertion of SFP transceivers, provided as an option.

The SN6100 model offers by default, two SFP+ sockets, allowing the insertion of SFP+ transceivers, provided as an option.

SN710, SN910, SN2100, SN3100 and SN6100 models also offer one or several slots for various types of extension modules, depending on the module reference ordered, that allow adding Ethernet ports:

l RJ45 copper, or module for SFP transceivers, l ormodule for SFP+ transceivers, l ormodule for QSFP+ transceivers,

A slot is available on SN710 and SN910 models, three on SN2100 and SN3100 appliances, and eight on the SN6100.

IMPORTANT Use only Stormshield Network-approved SFP (1Gbps), SFP+ (1Gbps /10Gbps) or QSFP+ (40Gbps) transceivers available in the catalogue.

For information on the type of network cable to choose according to the network port and the selected connectors, see the sections Extension modules (SN710 and upwards) and Fiber

Ethernet connectors.

For information on which connectors to use for high availability links, please referto

Recommended connectors for high availability (HA) links

Page 18/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

INSTALLATION IN A 19" CABINET AND RACK

All Stormshield Network appliances can be installed in 19-inch cabinets (except SNi40). A fastening system for placing the appliance in a rack, in the form of a rack mount shelf, can be included by special order for SN160, SN160W, SN210, SN210W and SN310 models. Two SN160, SN160W, SN210, SN210W or SN310 Firewalls can be installed on the same shelf.

On SN510, SN710, SN910, SN2100, SN3100 and SN6100 models, the brackets are mounted by default. SN2100, SN3100 and SN6100 appliances are sold with a set of rails.

REMINDER Ensure that the cabinet complies with temperature and humidity conditions indicated in the section Conditions of use.

NOTE

SN160 and SN160W models can also be installed vertically (screws and fasteners not

provided).

Installing SN160, SN160W, SN210, SN210W and SN310 models in a 19" rack mount shelf

In this non-standard installation, allow a height of more than 1U due to the thickness of the shelf, the presence of rubber feet below the appliance as well as antennae on Wi-Fi products. The procedure is as follows:

Using screws and caged nuts (not provided with the appliance), fasten the shelf to the vertical rails

located at the front of the cabinet.

Once the shelf has been installed, you can place one or two appliances on it (no additional fastening is

needed).

WARNING If you are installing two Firewalls on the same rack mount shelf, you willneed to leave enough space between the Firewalls to avoid obstructing the flow of air from the sides.

Page 19/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

INSTALLATION IN A 19" CABINET AND RACK

Installing SN210, SN210W and SN310 models in a 19" 1U rack mount shelf

The minimum vertical space needed for installing the shelf is 1U. In this configuration, the shelf makes it possible to install one or two products. There are indentations to ensure that products and power adapters are held securely in place.

WARNING Before any installation, ensure that you have removed the four non-slip rubber feet under each product.

NOTE Fasteners for two power adapters are provided with the shelf.

Place your firewall in front of its slot at the front of the shelf, then set it upright until it is firmly in place.

Install and fasten the power adapter on the shelf. Connect it to the firewall.

Using screws and caged nuts (not provided with the appliance), fasten the shelf to the vertical rails

located at the front of the cabinet.

Kit for USB and network interfaces on the front panel option

In this configuration, the shelf makes it possible to install one product. There are indentations to ensure that product and power adapter are held securely in place.

NOTE This kit must be ordered separately.

NOTE This kit allows you to connect the console, via a USB port, and network interfaces on the front panel of the shelf (cables provided).

Page 20/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

INSTALLATION IN A 19" CABINET AND RACK

Place your firewall in front of its slot at the front left of the shelf, then set it upright until it is firmly in

place.

Unscrew the right side of the front panel (two screws).

Position the kit, then fasten it to the front panel with both screws.

Install and fasten the power adapter on the shelf. Connect the power adapter to the firewall, as well as

the USB and network ports from the kit.

Using screws and caged nuts (not provided with the appliance), fasten the shelf to the vertical rails

located at the front of the cabinet.

Page 21/66 sns-en-SNrange_installation_guide-2019 - 09/2019

Fastening SN160 and SN160W models to a wall

SN160 and SN160W models can also be installed vertically using screws and fasteners (not provided). The screw heads must be narrower than 8mm in diameter and the diameter of the shank must not exceed 4mm.

The procedure is as follows:

Place against the wall the 2 screws aligned

horizontally, leaving a space of 12cm (center to center) between them and letting them protrude slightly to take into account the thickness of the nonslip rubber feet.

Once the screws have been drilled into the wall, you

can insert the screw heads into the indentations meant for this purpose, then gently bring the appliance downwards in order to insert the screws.

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

INSTALLATION IN A 19" CABINET AND RACK

Installing SN510, SN710 and SN910 models in a 19" cabinet

The minimum vertical space needed for installing an SN Firewall is 1U.

Once the brackets have been installed, you can fasten the Firewall to the vertical rails located at the front of your cabinet using screws and the caged nuts (not provided with the appliance).

Installing SN2100, SN3100 and SN6100 models in a 19" cabinet

The minimum vertical space needed for installing an SN2100 or SN3100 Firewall is 1U and for installing an SN6100, this space is 2U. The procedures for mounting lateral rails and installing appliances in racks are described in SN2100-SN3100_rack mounting and SN6100 _rack mounting. These documents are provided with SN2100, SN3100 and SN6100 products, and availableon the Stormshield Technical Documentation website, under the section PDF download, under Installation guides.

The rails that come with the product enable installation in a 19" rack – the depth between the vertical rails located in the front and back are:

l SN2100/SN3100: between 735 and 850mm l SN6100 : between 620 and 810mm

Page 22/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

INSTALLATION IN A 19" CABINET AND RACK

Installing an SNi40 model appliance on a DIN rail

To installthe appliance in a cabinet, the SNi40 model has a fastener on a 35mm-wide DIN rail (EN50022 standard).

REMINDER Ensure that the cabinet complies with temperature and humidity conditions indicated in the section Conditions of use. Equipment has to be installed by a qualified electrician.

NOTE The SNi40 model has to be installed vertically.

The procedure is as follows:

Hold the SNi40 facing the DIN rail, then insert the upper part of the rail into the notch in the fastener. Set the SNi40 upright.

Push the appliance against the DIN rail until you hear a click. Ensure that the position of the appliance has been locked.

Page 23/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

PRESENTATION OF SN MODELS

Stormshield Network SN range models rely on the most advanced technologies to provide high performance and optimum protection.

NOTE For more information on Ethernet interfaces, please referto the section Connecting to the

network under INSTALLATION PRECAUTIONS.

SN160 and SN160W models

SN160 and SN160W firewalls are fanless. The products come with an external power adapter.

LEDs Front panel:

This model has its LEDs on the front panel as shown below:

Connectors

1 Online LED (green) 2Status LED (green) 3 Power LED (yellow)

1 OUTinterface

2 INinterface 3 Wi-Fi interface

The connectors on SN160 and SN160W models are located on the front and rear panels.

1 This is the slot for the SD card*. 2 Plugging in the mains adapter automatically starts this product. 3 The USB port allows accessing the product in console mode**; it is possible to connect the

Firewall directly from a computer. The default baud rate on these models is 115 200 baud (8N1).

Page 24/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

PRESENTATION OF SN MODELS

4 The USB 3.0 port can be used for secure configurations or upgrades. You can also plug a USB

key or an approved USB modem into it.

5 The USB 2.0 port can be used for secure configurations or upgrades. You can also plug a USB

key or an approved USB modem into it.

SN160 and SN160W models hold 5 1GbE ports:

6 The first zone is the EXTERNAL (OUT) interface, in external mode by default. It makes up the

zone that is needed for connecting to the internet.

7 The second zone is identified by default in INTERNAL (IN) mode and is made up of 4 switched

ports.

8 This is the button for resetting the appliance to its factory settings (defaultconfig).

9 Sockets for Wi-Fi antennae.

* The recommended type of SD card isat least Class10 (C10) UHS Class1 (U1) or App Performance 1 (A1),SDHC standard. The memory card must be in a full-size physical SD format,in SDHC or SDXC standard. Onlyadapters provided with the card mustbe used. The maximummemory size supported is 2TB. Stormshield recommends the use of high-endurance/industrial cards or preferably, those that have a built-in MLC flash chip developed by major brands (e.g., SanDisk,Western Digital, Innodisk, Transcend, etc.) and with at least 32GB of memory.

** This connection in console mode requires the installation of a driver. Depending on your operating system, you can download a driver from: http://www.ftdichip.com/Drivers/VCP.htm

SN210 and SN210W models

SN210 and SN210W firewalls are fanless. The products come with an external power adapter.

LEDs Front panel:

This model has its LEDs on the front panel as shown below:

1 Online LED (green) 2Status LED (green) 3 Power LED (yellow)

1 OUT interface

2 IN interface 3 DMZ interface 4 Wi-Fi interface

Page 25/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

PRESENTATION OF SN MODELS

Connectors

The connectors on SN210 and SN210W models are located on the front and rear panels.

1 This is the slot for the SD card*. 2 Plugging in the mains adapter automatically starts this product. 3 The USB port allows accessing the product in console mode**; it is possible to connect the

Firewall directly from a computer. The default baud rate on these models is 115 200 baud (8N1).

4 The USB 3.0 port can be used for secure configurations or upgrades. You can also plug a USB

key or an approved USB modem into it.

5 The USB 2.0 port can be used for secure configurations or upgrades. You can also plug a USB

key or an approved USB modem into it.

SN210 and SN210W models hold 8 1GbE ports:

6 The first zone is the EXTERNAL (OUT) interface, in external mode by default. It makes up the

zone that is needed for connecting to the internet.

7 The second zone is identified by default in INTERNAL (IN) mode and is made up of 6 switched

ports.

8 The third zone is by default identified in INTERNAL (IN)mode.

9 This is the button for resetting the appliance to its factory settings (defaultconfig).

J Sockets for Wi-Fi antennae.

** This connection in console mode requires the installation of a driver. Depending on your operating system, you can download a driver from: http://www.ftdichip.com/Drivers/VCP.htm

Page 26/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

SN310 model

TheSN310firewallis fanless.The productcomeswithan externalpoweradapter.

LEDs Front panel:

This model has its LEDs on the front panel as shown below:

Connectors

PRESENTATION OF SN MODELS

1 Online LED (green) 2Status LED (green) 3 Power LED (yellow)

1 OUT Interface

2 INInterface

The connectors on the SN310 model are located on the front and rear panels.

1 This is the slot for the SD card*. 2 Plugging in the mains adapter automatically starts this product. 3 The USB port allows accessing the product in console mode**; it is possible to connect the

Firewall directly from a computer. The default baud rate on these models is 115 200 baud (8N1).

4 The USB 3.0 port can be used for secure configurations or upgrades. You can also plug a USB

key or an approved USB modem into it.

5 The USB 2.0 port can be used for secure configurations or upgrades. You can also plug a USB

key or an approved USB modem into it.

The SN310 model offers 8 1GbE ports:

6 The first zone is the EXTERNAL (OUT) interface, in external mode by default. It makes up the

zone that is needed for connecting to the internet.

7 The second zone is the INTERNAL (IN) interface.

8 This is the button for resetting the appliance to its factory settings (defaultconfig).

** This connection in console mode requires the installation of a driver. Depending on your operating system, you can download a driver from: http://www.ftdichip.com/Drivers/VCP.htm

Page 27/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

PRESENTATION OF SN MODELS

SN510 and SN710 models

Front panel: connectors and LEDs

1 Online LED (green) 2Status LED (green) 3 Power LED (yellow)

1 This is the button for resetting the appliance to its factory settings (defaultconfig). 2 The serial port allows accessing the product in console mode; it is possible to connect the

Firewall directly from a computer. The default baud rate on these models is 115 200 baud (8N1).

3 Two USB 2.0 ports that can be used for secure configurations or upgrades. You can also plug a

USB key or an approved USB modem into it.

4 The Power, Status and Online (from bottom to top) LEDs. 5 The Reset button: electrically resets the Firewall.

SN510 model

This model is fitted with a multi-core CPU, making it possible to increase processing power. This product has an internal power supply. The SN510 model holds twelve 1GbE ports.

SN710 model

This model is fitted with a multi-core CPU, making it possible to increase processing power.

This product is equipped with an internal power supply.

The SN710 model holds 8 1GbE ports. It allows the addition of one extension module with RJ45 (1GbE) or fiber (1GbE or 10GbE) connectors. Specifications on Stormshield Network-approved extension modules and transceivers are set out in the sections Extension modules (SN710 and upwards) and Fiber Ethernet connectors.

1 OUT Interface

2 INInterface

1 OUT Interface

2 INInterface

Rear panel: connectors

The socket for the power cord is located on the rear panel of the product. A switch makes it possible to turn the product on or off.

Page 28/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

PRESENTATION OF SN MODELS

SN910 model

Front panel: connectors and LEDs

1 Online LED

(green)

2 SSD Activity

LED (red)

1 This is the button for resetting the appliance to its factory settings (defaultconfig). 2 The serial port allows accessing the product in console mode; it is possible to connect the

Firewall directly from a computer. The default baud rate on these models is 9600 baud (8N1).

3 Two USB 3.0 ports that can be used for secure configurations or upgrades. You may also plug

in a USB key, USB keyboard or approved USB modem.

4 The Power and SSD activity LEDs (from top to bottom). 5 The Reset button: electrically resets the Firewall. 6 LCD screen: indicates the version of the firmware installed, the active partition, the serial

number of the product as well as the HA status if it has been enabled.

Description

This model is fitted with a multi-core CPU, making it possible to increase processing power.

This product has an internal power supply. The SN910 model holds 8 1GbE ports and 2 SFP sockets for adding 1GbE transceivers. It allows

the addition of one extension module with RJ45 (1GbE) or fiber (1GbE or 10GbE) connectors.

Specifications of Stormshield Network-approved extension modules and transceivers are set out in sections Extension modules (SN710 and upwards) and Fiber Ethernet connectors.

1 OUT Interface

2 INInterface

Rear panel: connectors

1 A mains socket. 2 The product’s on/off switch. 3 The USB 2.0 port can be used for secure configurations or upgrades. You may also plug in a

USB key, USB keyboard or approved USB modem.

4 The VGA port allows connecting a monitor.

Page 29/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

PRESENTATION OF SN MODELS

SN2100 and SN3100 models

Front panel: connectors and LEDs

1 Online LED (green) 1 Status LED (green) 2 Power LED (yellow)

1 This is the button for resetting the appliance to its factory settings (defaultconfig). 2 Two USB 3.0 ports that can be used for secure configurations or upgrades. You may also plug

in a USB key, USB keyboard or approved USB modem.

3 The serial port allows accessing the product in console mode; it is possible to connect the

Firewall directly from a computer. The default baud rate on these models is 115 200 baud (8N1).

4 SSD racks for log storage (1 SSD by default on SN2100 models, RAID available as an option, 2

in RAID 1 on SN3100 models).

5 The LEDs on SSD racks confirm whether the SSD has been accessed (blue LED on the right)

and installed (green LED on the left).

SN2100 model

This model is fitted with a multi-core CPU, making it possible to increase processing power.

This product has an internal removable power supply and is equipped with an SSD.

A second power supply module can be ordered separately for redundant power supply. You can also order a second SSD for a RAID installation.

The SN2100 model offers 2 1GbE ports and allows the addition of 3 extension modules with RJ45 (Gigabit or 10 Gigabit) or fiber (Gigabit, 10 Gigabit or 40 Gigabit) connectors.

NOTE

For this model, network extension modules are sold separately and need to be ordered.

Specifications of Stormshield Network-approved extension modules and transceivers are set out in sections Extension modules (SN710 and upwards) and Fiber Ethernet connectors.

1 OUT Interface

2 INInterface

Page 30/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SN3100 model

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

PRESENTATION OF SN MODELS

This model is fitted with a multi-core CPU, making it possible to increase processing power. This product has redundant internal power supplies. Two removable SSDs are installed in a RAID configuration.

The SN3100 model offers 2 1GbE ports and allows the addition of 3 extension modules with RJ45 (Gigabit or 10 Gigabit) or fiber (Gigabit, 10 Gigabit or 40 Gigabit) connectors.

NOTE

For this model, network extension modules are sold separately and need to be ordered.

Specifications of Stormshield Network-approved extension modules and transceivers are set out in sections Extension modules (SN710 and upwards) and Fiber Ethernet connectors.

Rear panel: connectors

1 OUT Interface

2 INInterface

1 The Power button allows switching the Firewall on or off. 2 Three independent hot-swappable fans in the event of a breakdown. 3 The Reset button: electrically resets the Firewall. 4Two ports dedicated to the management of the appliance (MGMT1 and MGMT2) 5 The HDMI port allows connecting a monitor. 6 A mains socket (SN2100) or two mains sockets (SN3100) for redundant power supplies. 7 The Alarm off button. The alarm rings when a power supply module is missing or when there is

a power failure on either module. Press this button to deactivate the alarm.

Page 31/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

PRESENTATION OF SN MODELS

SN6100 model

Front panel: connectors and LEDs

1Power LED (green) 2Run LED (green) 3SSD activity LED (yellow)

1 SSD racks for log storage (2 SSD in RAID 1). The LEDs on racks confirm that installation (green

LED at the top) and access (yellow LED at the bottom) have been successful.

2 The Reset button: electrically resets the Firewall. 3 Two USB 3.0 ports that can be used for secure configurations or upgrades. You may also plug

in a USB key, USB keyboard or approved USB modem.

4 MGMT1 and MGMT2: Two SFP+ sockets, allowing the insertion of SFP+ transceivers, provided

as an option. Both of these ports are dedicated to the management of the appliance or the configuration of high availability.

5 The IPMI network port dedicated to the administration of the appliance via IPMI. Please refer to

the appendix CONFIGURATION AND ADMINISTRATION VIA IPMI (SN6100).

6 The serial port allows accessing the product in console mode; it is possible to connect the

Firewall directly from a computer. The default baud rate on this model is 115 200 baud (8N1).

Description

This model is fitted with two multi-core CPUs, making it possible to increase processing power. This product has redundant internal power supplies. Two removable SSDs are installed in a RAID configuration.

The SN6100 model holds 8 1GbE ports by default and 2 SFP+ sockets for adding 1Gbps/10Gbps transceivers. It allows the addition of 8 extension modules with RJ45 (Gigabit or 10 Gigabit)or fiber (1GbE, 10GbE or 40 GbE) connectors.

Specifications of Stormshield Network-approved extension modules and transceivers are set out in sections Extension modules (SN710 and upwards) and Fiber Ethernet connectors.

1 OUT Interface

2 INInterface

Page 32/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

PRESENTATION OF SN MODELS

Rear panel: connectors

1 The USB 2.0 port can be used for secure configurations or upgrades. You may also plug in a

USB key, USB keyboard or approved USB modem.

2 Four independent hot-swappable fans in the event of a breakdown. 3 The VGA port allows connecting a monitor. 4 The Power button allows switching the Firewall on or off. 5 The Alarm off button. The alarm rings when a power supply module is missing or when there is

a power failure on either module. Press this button to deactivate the alarm.

6 Two mains sockets for redundant power supplies.

Page 33/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

PRESENTATION OF SN MODELS

SNi40 model

In order to ensure service continuity in an industrial setting, the SNi40 firewallis equipped with a hardware bypass function, which when enabled, allows network traffic to pass through in the event of a power outage of appliance failure.

This feature, available fromversion 3 onwards, is disabled by default.

Connectors and LEDs

1SSD Activity LED (yellow)

2Run LED (green) 3Power LED (green)

1 Two network ports dedicated to Ethernet Bypass 2 The USB 2.0 port can be used for secure configurations or

upgrades. You can also plug a USB key or an approved USB modem into it.

3 The USB 3.0 port can be used for secure configurations or

upgrades. You can also plug a USB key or an approved USB modem into it.

4 The serial port allows accessing the product in console mode;

it is possible to connect the Firewall directly froma computer. The default baud rateon this model is 115 200 baud (8N1).

5 The Reset button (underside):electrically resets the Firewall.

Description

1 OUT Interface

2 INInterface

The SNi40 multi-function Firewall is fanless.

This model is fitted with a multi-core CPU, making it possible to increase processing power.

This appliance is equipped with a 24VDC redundant power supply; the 6-pole screw terminal connector provided allows connecting to 2 independent sources of power.

The SNi40 model holds 5 1GbE ports and 2 SFP sockets for adding 1GbE transceivers.

Specifications of Stormshield Network-approved transceivers are set out in the sections Optional Ethernet

Transceivers and Fiber Ethernet connectors.

Page 34/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

NETWORK CONNECTORS

RJ45 Ethernet connectors

These interfaces have to be connected to other network appliances with an RJ45 Ethernetcable.

NOTE A crossovercable is delivered with the Stormshield Network Firewall. This is a Category 5e cable, for running in 10Mbps, 100Mbpsor 1Gbps. Check the compatibility of your devices.

Connectors

The Ethernet(Gigabit or 10 Gigabit) ports of the Stormshield Network SN range are configured in auto-sense mode, meaning that they adapt to the configuration of the Ethernet port on the appliance to which they are connected. These ports are therefore compatible with straight or crossover RJ45 Ethernet cables.

On SN710, SN910, SN2100, SN3100 and SN6100 models, Ethernet RJ45 ports can be added by inserting extension modules.

WARNING Keep data cables some distance away from any source of electromagnetic interference such as mains cables, radio transmitters, fluorescent tubes, etc.

IN / OUT definition

The OUT 1 or "External" network port is reserved for the modem or Internet router.

Access to this interface is blocked by default, you will therefore not be able to access the configuration interface from this port.

To access your Firewall froma client workstation, you will need to connect on the IN 2 or “Internal” port, or on another port (except port 1).

For further information regarding the startup procedure of your firewall, referto the section INITIAL

CONNECTION TO THE PRODUCT.

Page 35/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

LEDs of interfaces

LEDs associated with Ethernet interfaces provide indications on the status of the connection. following information on the connection:

SN160, SN160W, SN210, SN210W and SN310 models

Name Color Status Status

Front panel LED ACT/LINK

SN160W and SN210W models

Name Color Status Status

Front panel Wi-Fi LED ACT/LINK

Green On Link established between the Ethernet port and the connected appliance.

Off Ethernet port switched off or link not established with the connected

appliance.

Blinking The Ethernet port is sending or receiving data.

The blinkingspeed varies according to the volume of traffic.

Blue On

Off Wi-Fi interface off. Blinking The Wi-Fi interface sends or receives data.

Wi-Fi interface on.

The blinkingspeed varies according to the volume of traffic.

NETWORK CONNECTORS

SN510, SN710, SN910, SN2100 and SN3100 models

1 Gbps Ethernet ports

Name Color Status Status

Left LED ACT/LINK

Right LED SPEED

Green On Link established between the Ethernet port and the connected appliance.

Off Ethernet port switched off or link not established with the connected appliance. Blinking The Ethernet port is sending or receiving data.

The blinkingspeed varies according to the volume of traffic.

Yellow On Media speed negotiated at 1Gbps.

Green On Media speed negotiated at 100 Mbps.

Off Media speed negotiated at 10 Mbps.

10 Gbps Ethernet ports

Name Color Status Status

Left LED ACT/LINK

Right LED SPEED

Green On Link established between the Ethernet port and the connected appliance.

Off Ethernet port switched off or link not established with the connected appliance. Blinking The Ethernet port is sending or receiving data.

The blinkingspeed varies according to the volume of traffic.

Yellow On Media speed negotiated at 10Gbps.

Green On Media speed negotiated at 1Gbps.

Off Media speed negotiated at 100 Mbps.

SN6100 model

1 Gbps Ethernet ports (including IPMI)

Name Color Status Status

Left LED ACT/LINK

Right LED SPEED

Page 36/66 sns-en-SNrange_installation_guide-2019 - 09/2019

Yellow On Link established between the Ethernet port and the connected appliance.

Off Ethernet port switched off or link not established with the connected appliance. Blinking The Ethernet port is sending or receiving data.

The blinkingspeed varies according to the volume of traffic.

Yellow On Media speed negotiated at 1Gbps.

Green On Media speed negotiated at 100 Mbps.

Off Media speed negotiated at 10 Mbps.

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

10 Gbps Ethernet ports

Name Color Status Status

Left LED ACT/LINK

Green On Link established between the Ethernet port and the connected appliance.

Off Ethernet port switched off or link not established with the connected appliance. Blinking The Ethernet port is sending or receiving data.

The blinkingspeed varies according to the volume of traffic.

Right LED SPEED

Green On Media speed negotiated at 10Gbps.

Yellow On Media speed negotiated at 1Gbps

Off Media speed negotiated at 100 Mbps.

SNi40 model

Name Color Status Status

Upper LED ACT/LINK

Lower LED SPEED

Yellow On Link established between the Ethernet port and the connected appliance.

Off Ethernet port switched off or link not established with the connected appliance. Blinking The Ethernet port is sending or receiving data.

The blinkingspeed varies according to the volume of traffic.

Yellow On Media speed negotiated at 1Gbps.

Green On Media speed negotiated at 100 Mbps.

Off Media speed negotiated at 10 Mbps.

NETWORK CONNECTORS

Fiber Ethernet connectors

These Ethernet ports are available by default on the following models:

l SN910: ports 9 and 10 (via two sockets for SFP transceivers), l SNi40: ports 6 and 7 (via two sockets for SFP transceivers), l SN6100: ports MGMT1 and MGMT2 (via two sockets for SFP+ transceivers).

On SN710, SN910, SN2100, SN3100 and SN6100 models, fiber Ethernet connectors can be added by inserting extension modules.

In both cases it is necessary to install a transceiver. SFP transceivers are used for 1Gbps connections, SFP+ for 1Gbps/10Gbps connections or QSFP+ for 40Gbps connections (on SN2100, SN3100 and SN6100).

IMPORTANT

Use only Stormshield Network-approved transceivers available in the catalogue.

LEDs

The LEDs indicate the following information:

1 Gbps connectors with SFP transceivers

l Default ports on SN910 and SNi40 models: a green LED willlight up when the link is

established and blink depending on the volume of traffic.

l Extension modules for SN710, SN910, SN2100 and SN3100 models: a green LED will light up

when the link is established and blink depending on the volumeof traffic.

Page 37/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

NETWORK CONNECTORS

l Extension modules for SN6100:

Name Color Status Status

Left LED ACT/LINK

Yellow On Link established between the Ethernet port and the connected appliance.

Off Ethernet port switched off or link not established with the connected appliance. Blinking The Ethernet port is sending or receiving data.

The blinkingspeed varies according to the volume of traffic.

Right LED

Yellow On Media speed negotiated at 1Gbps.

SPEED

10 Gbps connectors with SFP+ transceivers

l Extension modules for SN710 and SN910:

Name Color/State Status

Left LED ACT/LINK Green/Blinking Link established between the Ethernet port and the connected appliance.

The blinkingspeed varies according to the volume of traffic.

Right LED SPEED Blue Media speed negotiated at 10Gbps.

Yellow Media speed negotiated at 1Gbps.

l Extension modules for SN2100 and SN3100:

Name Color/State Status

Left LED ACT/LINK Green/Blinking Link established between the Ethernet port and the connected appliance.

The blinkingspeed varies according to the volume of traffic.

Right LED SPEED Blue Media speed negotiated at 10Gbps.

Off Media speed negotiated at 1Gbps.

l Default ports and extension modules for SN6100:

Name Color Status Status

Left LED ACT/LINK

Green On Link established between the Ethernet port and the connected appliance.

Off Ethernet port switched off or link not established with the connected appliance. Blinking The Ethernet port is sending or receiving data.

The blinkingspeed varies according to the volume of traffic.

Right LED SPEED

Green On Media speed negotiated at 10Gbps.

Off Media speed negotiated at 1Gbps.

40 Gbps connectors with QSFP+ transceivers

l Extension modules for SN2100 and SN3100:

Name Color Status Status

Left LED ACT/LINK

Right LED SPEED

Green/Blinking On Link established between the Ethernet port and the connected appliance.

Blinking The blinking speed varies according to the volume of traffic.

Green On Media speed negotiated at 40Gbps.

l Extension modules for SN6100:

Name Color Status Status

Left LED ACT/LINK

Yellow On Link established between the Ethernet port and the connected appliance.

Off Ethernet port switched off or link not established with the connected appliance. Blinking The Ethernet port is sending or receiving data.

The blinkingspeed varies according to the volume of traffic.

Right LED

Yellow On Media speed negotiated at 40Gbps.

SPEED

Page 38/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

Optional Ethernet transceivers

Ethernet fiber transceivers (SN710 and upwards, and SNi40)

For 1 Gbps transmissions, two types of transceivers are available according to the length of the cable and the type of fiber used:

- SFP SX: short distance

- SFP LX: long distance. For 10 Gbps transmission, two types of transceivers are available according to the length of the cable and the type of fiber used:

- SFP+ SR: short distance

- SFP+ LR: long distance.

For 40 Gbps transmissions, two types of transceivers are available according to the length of the cable and the type of fiber used:

- QSFP+ LM4: short distance

- QSFP+ LR4: long distance

NOTE

Only LC fiber optic connectors are supported.

NETWORK CONNECTORS

Ethernet copper transceivers (SN710 and upwards, and SNi40)

For 1 Gbps transmissions, such RJ45 over SFP transceivers (1000/100/10Base-T) require copper EthernetRJ45 cables. These must be Category 5e cables, for running in 10 Mbps, 100 Mbpsor 1 Gbps. Check the compatibility of your devices.

Stormshield Network-approved Ethernet transceivers

SNi40 SN710 and

FIBER CONNECTOR

GIGA

SFP

10 GIGA

SFP+

SFP transceiver, 1000Base-SX (black extraction lever) Requires a multi-mode fiber (the connector is usually orange). Wavelength: 850nm Typical maximum distance supported: 550m

SFP transceiver, 1000Base-LX (blue extraction lever) Ethernet 1000Base-LX, requires a single-mode fiber (the connector is usually yellow). Wavelength: 1310nm. Typical maximum distance supported: 10km

SFP+ Transceiver, 10GBASE-SR/1000Base-SX, (beige extraction lever): Ethernet 10GBASE-SR/1000Base-SX, requires a single-mode fiber (the connector is usually yellow). Wavelength: 850nm Typical maximum distance supported: 300m on 10Gbps, 550m on 1Gbps.

SFP+ transceiver, 10GBASE-LR/1000Base-LX (blue extraction lever) Ethernet 10GBASE-LR/1000Base-LX, requires a single-mode fiber (the connector is usually yellow). Wavelength: 1310nm Typical maximum distance supported: 10 km

supported supported supported

not

supported

not

supported

supported supported

SN910

SN2100,

SN3100

and SN6100

Page 39/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

NETWORK CONNECTORS

40 GIGA

QSFP+

GIGA

SFP

QSFP+ transceiver, 40GBASE-LM4 (light blue extraction lever) Ethernet 40GBASE-LM4, requires a multi-mode fiber (the connector is usually orange) or a single-mode fiber (the connector is usually yellow). Wavelength: 1310nm Typical maximum distance supported: 160m with a multi-mode fiber, 1km with a single-mode fiber

SFP+ transceivers, 40GBASE--LR4 (blue extraction lever) Ethernet 40GBASE-LR4, requires a single-mode fiber (the connector is usually yellow). Wavelength: 1310nm Typical maximum distance supported: 10km with a single-mode fiber

RJ45 over SFP transceiver, 1000/100/10Base-T Requires a Category 5e RJ45 Ethernet cable. Typical maximum distance supported: 100m

*On condition of optimum quality

Installation

Proceed as follows to install your transceiver:

If the socket in which you would like to install the transceiver has a protective cover, remove it.

Insert the transceiver, then plug in the cable corresponding to this transceiver.

IMPORTANT The fiber transceiver and the optic fiber are equipped with a connector plug. When you plug this optic fiber into the transceiver, remove the connector plugs and keep them away from dust for later use.

IMPORTANT Do not exceed the bending radius indicated in your optic fiber specifications.

COPPER CONNECTOR

not

supported

not

supported

supported supported supported

not

supported

not

supported

Extension modules (SN710 and upwards)

The procedure for removing or inserting an extension module on SN710, SN910, SN2100, SN3100 or SN6100 Firewalls takes place in three main steps:

Step 1 Shut down firewall.

Step 2 Remove or insert the module.

Step 3 Shut down firewall.

SFP/SFP+/QSFP+ transceivers for fiber extension modules have to be ordered separately.

SFP/SFP+/QSFP+ transceivers are hot-swappable (they can be inserted and removed while the appliance is powered on).

Page 40/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

NETWORK CONNECTORS

Description of extension modules for SN710 models and upwards

SN710, SN910, SN2100, SN3100 and SN6100 models accept the following extension modules:

l 8-port 1 GbE copper module

RJ45 connectors

1000/100/10Base-T

l 4-port 10 GbE copper module (SN2100, SN3100 and SN6100)

RJ45 connectors

10G/1000/100Base-T

l 4-port 1GbE fiber module (not available on SN2100, SN3100 and SN6100 models)

4 SFP sockets, supporting the following transceivers:

SFP fiber transceiver, 1000Base-SX (1Gbps Ethernet, short distance).

SFP fiber transceiver, 1000Base-LX (1Gbps Ethernet, long distance).

RJ45 over SFP copper transceiver, 1000/100/10Base-T

l 8-port 1 GbE fiber module

8 SFP sockets, supporting the following transceivers:

SFP fiber transceiver, 1000Base-SX (1Gbps Ethernet, short distance).

SFP fiber transceiver, 1000Base-LX (1Gbps Ethernet, long distance).

RJ45 over SFP copper transceiver, 1000/100/10Base-T

l 2-port 10GbE fiber module (not available on SN2100, SN3100 and SN6100 models)

2 SFP+ sockets, supporting the following transceivers:

SFP+ fiber transceiver, 10GBase-SR (10Gbps Ethernet, short distance) / 1000BASE-SX (1Gbps Ethernet, short distance).

SFP+ fiber transceiver, 10GBase-LR (10Gbps Ethernet, long distance) / 1000BASE-LX (1Gbps Ethernet, long distance).

l 4-port 10 GbE fiber module

4 SFP sockets, supporting the following transceivers:

SFP+ fiber transceiver, 10GBase-SR (10Gbps Ethernet, short distance) / 1000BASE-SX (1Gbps Ethernet, short distance).

SFP+ fiber transceiver, 10GBase-LR (10Gbps Ethernet, long distance) / 1000BASE-LX (1Gbps Ethernet, long distance).

l 2-port 40 GbE fiber module (only on SN2100, SN3100 and SN6100 appliances)

2 QSFP+ sockets, supporting the following transceivers:

QSFP+ fiber transceiver,40GBASE-LM4 (40Gbps Ethernet, short distance).

QSFP+ fiber transceiver,40GBASE-LR4 (40Gbps Ethernet, long distance).

Sequencing of modules

When extension modules are added or removed, ports will be reordered according to the order shown below.

SN710 Model:

SN910 Model:

Page 41/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

SN2100 and SN3100Models:

SN6100 model:

Procedure for inserting or removing extension modules

No specific licenses are required for adding extension modules.

IMPORTANT Extension modules must only be removed or inserted on appliances that have fully shut down and which are necessarily unplugged from any electrical power supply.

NETWORK CONNECTORS

On SN6100 models, spreading out network modules between both areas is recommended in order to enhance your product's performance. This makes it possible to balance the loads of both CPUs. The first set of modules and the 2 network ports located on the front of the appliance are managed as a priority by the first CPU and the second set by the second CPU.

IMPORTANT The theoretical bandwidth availablefor each network slot is:

- SN710 Model: 30Gbps, full-duplex

- SN2100 and SN3100 models: 30Gbps, full-duplex on slot 1

- SN2100 and SN3100 models: 60Gbps, full-duplex on slots 2 and 3

- SN910 models and higher: 60Gbps, full-duplex

REMINDER In cases where modules are added subsequently in row 1, the interfaces of the modules in row 2 will be automatically re-ordered.

Inserting an extension module on SN710, SN910, SN2100, SN3100 or SN6100 models

l Using the Power button on the front panel (rear panel for SN6100 appliances), or fromthe

administration interface, proceed to shut down the Firewall,

l Once it has fully shut down, ensure that you unplug it fromany electrical power supply, l Remove the filler panel by unscrewing the 2 knurled screws and extract it by pulling on both

screws,

l Present the module to be inserted, push it all the way in (push harder towards the end), then

screw in the 2 knurled screws,

l Reconnect the Firewallto the power supply, l Using the Power button on the front panel, start the Firewall.

Page 42/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

NETWORK CONNECTORS

Removing an extension module on SN710, SN910, SN2100, SN3100 or SN6100 models

l Using the Power button on the front panel (rear panel for SN6100 appliances), or fromthe

administration interface, proceed to shut down the Firewall,

l Once it has fully shut down, ensure that you unplug it fromany electrical power supply, l Unscrew the 2 knurled screws and extract the extension module by pulling on both screws, l Put back the fillerpanel by screwing in the 2 knurled screws, l Reconnect the Firewallto the power supply, l Using the Power button on the front panel, start the Firewall.

Recommended connectors for high availability (HA) links

On SN510, SN710, SN910, SN2100 and SN3100 models, specific ports or extension module slots are recommended for HA communication links in clusters and firewallgroups. The recommended slots for HA links are indicated in the diagrams below.

IMPORTANT As a general rule, you are strongly advised against using the ports on the rear panel for HA links.

On SN310 and SN6100 models, all ports have been optimized for HA communication links.

SN510

SN710

SN910

SN2100

SN3100

Page 43/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

INITIAL CONNECTION TO THE PRODUCT

By default, the product is administered through its INTERNAL interface. On all models, this interface is identified by the number 2 (IN).

To obtain the description of the interfaces, referto the section PRESENTATION OF THE SN RANGE.

Requirements

Minimum configuration for administering a Stormshield Network Firewall

Lowest version of the OS (firmware)

For the following models, the lowest firmware versions required are:

l SN160, SN160W, SN210, SN210W, and SN310: V3.1.1 l SN510 and SN710: V1.4.1 in version 1 and V2.2.0 in version 2 l SN910: V1.2.3 l SN2100 and SN6100: V3.7.0 l SN3100: V3.7.5 l SNi40: V2.3.4

Web administration interface

The configuration interface on Stormshield Network Firewalls can be accessed via a web browser and benefits from the latest breakthroughs in user friendliness and simplicity of use. It is compatible with the following browsers:

l Internet Explorer 7 and + l Firefox 3.6 and +

Stormshield Network administration suite

Stormshield Network supports the execution of the Stormshield Network Administration Suite software in the following environments:

l MicrosoftWindows 7 and 8, l MicrosoftWindows Server 2008 and 2012.

Preparing the Internet access

Before installing the SN Firewall, ensure that the devices that connect to the Internet (if the Firewall has to be connected to the Internet) have been appropriately installed and configured.

Page 44/66 sns-en-SNrange_installation_guide-2019 - 09/2019

Connections

Connect the network ports as follows:

l INTERNAL interface 2 (IN): Workstation l EXTERNAL interface 1 (OUT): Internet access device

The client workstation can either be linked directly to the Firewall’s internal interface or connected to the local network, which is itself connected to the Firewall’s internal interface. For a direct connection of the workstation to the Firewall, use the crossover Ethernet cable provided with the product.

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

INITIAL CONNECTION TO THE PRODUCT

SN510 and SN710 models SN160, SN160W, SN210, S N210W and SN310 models

SN910 model

SNi40 model SN2100, SN 3100 and SN6100 models

Page 45/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

INITIAL CONNECTION TO THE PRODUCT

Configuration

When you first receive your Firewall, it will run in transparent (bridge) mode and will have the IP address 10.0.0.254 with a subnetwork mask 255.0.0.0. These parameters might not match your network configuration, but they are however necessary for the pre-configuration phase.

To connect to the Firewall, you will need to use a workstation on which DHCP has been enabled, or its IP address has to be in the same address range as your Firewall (10.0.0.0/8). DHCP is enabled by default on Windows platforms If this is not the case, refer to the section Network configuration of your client workstation. If you do not know what these parameters mean, we strongly advise you to read up on TCP/IP as it would be very difficult for you to configure your Stormshield Network Firewall without at least this knowledge.

NOTE For a manual configuration, we suggest that you use the IP address 10.0.0.1 and the subnet mask 255.0.0.0.

Network configuration of your client workstation

If DHCP has not been enabled on your client workstation, or for manual configurations, modify the Network connection parameters of your operating system.

In Windows, you generally need to select “Internet Protocol (TCP/IP)” from the list, then “Properties”, and select the option Obtain an IP address automatically.

To manually configure this network, enter the necessary address information. During the initial connection, the IP address of this workstation willneed to belong to the same address range as the Firewall, 10.0.0.0/8 by default.

Starting

WARNING You must not unplug the product when it is starting, shutting down or being upgraded.

Except for SN910 appliances, these phases are indicated when the following LEDs are lit:

l Power 3 and Status 2 LEDs for SN160, SN160W, SN210, SN210W, SN310, SN510,

SN710, SN2100 and SN3100 models

l Power 3 LEDs for SN6100 and SNi40 models.

For SN160, SN160W, SN210, SN210W, SN310, SN510, SN710, SN2100 and SN3100 models, upon startup, the LEDs light up in the following order:

Power 3 + Status 2 => Online 1

The Power and Status LEDs will light up first.

After a few minutes, the Online LED willlight up, followed by a beep (on SN510, SN710, SN2100 and SN3100 models) once your product is up and running.

For SNi40 and SN6100 models, upon startup, the LEDs light up in the following order:

Power => Run 1

The Power LED lights up first. After a few minutes, the Online LED will light up, followed by a beep on SN6100 models once your product is up and running.

Page 46/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

INITIAL CONNECTION TO THE PRODUCT

Starting up SN160, SN160W, SN210, SN210W and SN310 models

Plug your firewallinto its power supply; it willstartautomatically. Wait a few minutes for all 3 LEDs – Online, Status and Power to light up.

NOTE If necessary during startup, you can insert a USB key containing a configuration. Consolemode will display the following message: “Please insert your USB token to continue”.

The lit Online LED will indicate the end of the product’s startup phase.

Starting up SN510 and SN710 models

Plug your SN Firewall into the mains power supply, it will automatically start up. Ensure that the power supply switch is "ON". Your firewall will then automatically start running. Wait a few minutes for all 3 LEDs – Online, Status and Power to light up.

NOTE When you hear 8 consecutive beeps, you will be able to insert a USB key containing a configuration if necessary. Console mode will display the following message: “Please insert your USB token to continue”.

Two consecutive beeps and the lighted up Online LED indicate the end of the product’s startup sequence.

Page 47/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

INITIAL CONNECTION TO THE PRODUCT

Starting up SN910 models

Plug your SN Firewallinto the mains power supply, it will automatically startup. Ensure that the power supply switch is "ON". Your Firewallwill then start running automatically, the Power LED will light up. Then wait several minutes.

NOTE When you hear 8 consecutive beeps, you willbe able to insert a USB key containing a configuration if necessary. Console mode will display the following message: “Please insert your USB token to continue”.

Two consecutive beeps indicate the end of the product’s startup sequence.

Starting up SN2100 and SN3100 models

As soon as the appliance is powered up, press once on the Power button (rear panel). Wait a few minutes for all 3 LEDs – Online, Status and Power to light up.

Two consecutive beeps and the lighted up Online LED indicate the end of the product’s startup sequence.

Starting up SN6100 models

As soon as the appliance is powered up, press once on the Power button (rear panel). Wait a few minutes for both LEDs – Power and Run to light up.

Two consecutive beeps indicate the end of the product’s startup sequence.

Page 48/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

INITIAL CONNECTION TO THE PRODUCT

Starting up SNi40 models

Once your Firewallhas been powered up, it will automatically start up. Wait a few minutes for both LEDs – Power and Run to light up.

NOTE If necessary during startup, you can insert a USB key containing a configuration. Consolemode will display the following message: “Please insert your USB token to continue”.

The lit Run LED will indicate the end of the product’s startup phase.

Initial connection to the appliance

A security procedure must be followed if the initial connection to the appliance takes place through an untrusted network. This operation is not necessary if the administration workstation is plugged in directly to the product.

Access to the administration portal is secured through the SSL/TLS protocol. This protection allows authenticating the portalvia a certificate, thereby assuring the administrator that he is indeed logged in to the desired appliance. This certificatecan either be the appliance’s default certificate or the certificate entered during the configuration of the appliance (Authentication > Captive portal). Depending on the model, it is signed by default by the authority with the name:

l NETASQ: CN=serialnumber of the appliance, O=Secure Internet Connectivity, OU=NETASQ

Firewall Certification Authority.

l Stormshield: CN=Stormshield Products Root CA, O=Stormshield, OU=Cloud Services, C=FR,

L=Issy-Les-Moulineaux.

To confirma secure access, the browser must trust the certificate authority that signed the certificate used, which must belong to the browser’s list of trusted certificate authorities. Therefore to confirm the integrity of an appliance, the certificate authority must be added to the browser’s list of trusted certificate authorities before the initial connection. Depending on the model, the corresponding authority is available on these links:

http://pki.stormshieldcs.eu/netasq/root.crt

http://pki.stormshieldcs.eu/products/root.crt

If a certificate signed by another authority has been configured on the appliance, this authority will need to be added instead of the default authority.

As a result, the initial connection to the appliance will no longer raise an alertin the browser regarding the trusted authority. However, a message will continue to warn the user that the certificate is not valid. This is because the certificate defines the Firewall by its serialnumber instead of its IP address. To stop this warning from appearing, you will need to indicate to the DNS server that the serial number is associated with the IP address of the Firewall.

Page 49/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

Administration graphical interface

From your client workstation, type the following address in your browser:

https://10.0.0.254/admin

Enter "admin" as the login and password.

IMPORTANT If you have connected your client workstation on port 1, you will no longer be able to access the web administration interface You will need to connect your computer to port 2 (oron another port), and rebootyour Firewall.

NOTE The default password of the “admin” user (super administrator) must be changed the very first time the product is used. In the web administration interface, this password can be changed in the Administrator module (System menu), under the Administrator account tab.

INITIAL CONNECTION TO THE PRODUCT

This password must never be saved in the browser.

For further information on downloading and installing your license, referto the section UPDATING

THE LICENSE.

Stormshield Network administration suite

The Stormshield Network Administration Suite, which contains the SN REALTIME MONITOR program, can be downloaded from your Secure area.

Log on to the following address to access or obtain the access codes to your Secure area: https://mystormshield.eu/

You can also obtain this suite at: http://gui.stormshield.eu/last-version

Page 50/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

INITIAL CONNECTION TO THE PRODUCT

Shutting down

SN160, SN160W, SN210, SN210W, and SN310

Log on to the configuration interface. Go to the Maintenance module (System menu) and click on “Shut down the Firewall”. Then wait for several minutes until the Online and Status LEDs go out. For this model, the LEDs shut off in the following order:

Online 1 => Status 2

The Power LED will stay lit if the product is powered up.

SN510 and SN710

Log on to the configuration interface. Go to the Maintenance module (System menu) and click on “Shut down the Firewall”. Wait a few minutes for all 3 LEDs – Online, Status and Power to go off.

For these models, upon shutdown, the LEDs shut off in the following order:

Online 1+ Status 2 => Power 3

A beep will indicate that the appliance is in the process of shutting down.

SN910

Log on to the configuration interface. Go to the Maintenance module (System menu) and click on “Shut down the Firewall”.

A beep will indicate that the appliance is in the process of shutting down. Wait for several minutes until the Power LED goes out.

SN2100 and SN3100

To shut down your Firewall, press once on the Power button located on the rearpanel. Wait a few minutes for all 3 LEDs – Online, Status and Power to go off.

For these models, upon shutdown, the LEDs shut off in the following order:

Online 1+Status 2 => Power 3

A beep will indicate that the appliance is in the process of shutting down.

SN6100

To shut down your Firewall, press once on the Power button located on the rearpanel. Wait a few minutes for the 2 LEDs (Run and Power)to go off. For this model, the LEDs shut off in the following order:

Run 1 => Power 2

A beep will indicate that the appliance is in the process of shutting down.

SNi40

Log on to the configuration interface. Go to the Maintenance module (System menu) and click on “Shut down the Firewall”. Wait a few minutes for the 2 LEDs (Run and Power)to go off. For this model, the LEDs shut off in the following order:

Run 1 => Power 2

Page 51/66 sns-en-SNrange_installation_guide-2019 - 09/2019

General remarks

l The Status LED 2 (Run for SN6100 and SNi40 models) will blink in red (green for SN510 and

SN710 models) in the event of a major failure on the product (hardware anomaly, faulty network interface, etc.). Contact your reseller in this case.

l During startup, shutdown or upgrading, only the LEDs Status2 and Power3 will light up. l In High Availability mode, when the Firewall is in passive mode, the Online 1 or Run LED for

the SN6100 and SNi40 will blink (about 2 seconds off for every 1 second it is on).

l During the resetphase (defaultconfig), the Online and Status LEDs willblink (Run for SN6100

and SNi40).

l To reboot an SN160, SN160W, SN210, SN210W or SN310 appliance that is still powered up

(only the Power LED is on), you will need to unplug and plug the Firewall back into the mains socket. It is also possible to reboot in console mode by pressing on any key as suggested.

l To reboot an SNi40 appliance that has been shut down (Power and RunLEDs off), proceed as

follows: unplug it, wait for thirty seconds, then plug the firewall back into its power supply source.

l To reboot an SN510, SN710 or SN910 appliance that is still powered up (Power LED is off),

proceed as follows: unplug it, wait for thirty seconds, then plug the Firewall back into the mains socket.

l You may also shut down your firewall by logging on in console mode and by typing the

following command: halt

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

INITIAL CONNECTION TO THE PRODUCT

Page 52/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

UPDATING THE LICENSE

Your appliance is sold with a temporary license. You will therefore need to update this license.

If you have acquired an additional option, you will need to update your product with the license that willallow you to use this option.

WARNING Options that require the firewallto be rebooted are listed in the User Manual, under the

License section, at: https://documentation.stormshield.eu

Please refer to the procedure below to find out how to update your product license:

Retrieving the license

Go to your Secure Area at https://mystormshield.eu/

NOTE The registration stage allows you to obtain the password to access your Secure area.

UPDATING THE LICENSE

Enter your login and password then confirm or registerin order to receive them. The client

secure area homepage will appear.

Click on "Product management". You will then see a list of all the Stormshield Network

products registered in this area.

Select the product for which you wish to retrieve the license, by clicking on the product’s

serial number. Details of the license will be displayed.

NOTE Before you download the license, you will need to know your product’s version. If you do not know it, it is indicated on a label affixed to the product’s cardboard packaging. If you no longer have the packaging, or if you have since updated your product, connect to your product via the web administration interface. The product’s version will be indicated in the dashboard of the web application.

Installing the license

If you have never installed a license on the product, the details of the license will be of the temporary license. To install the license that had been downloaded from the client secure area, proceed as follows:

Via the web administration interface, go to the General tab of the License module.

l To manually install a license, insert the downloaded file in the relevant field. It is however

possible to configure an automatic search and installation of the license.

l The full procedure is set out in the User Manual, under the License section, at:

http://documentation.stormshield.eu.

Page 53/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

DOCUMENTATION & ASSISTANCE

DOCUMENTATION

The documentation for SN Multi-function Firewalls is available online at:

https://documentation.stormshield.eu

This website allows you to look up or download various technical documents (user guides, technical notes, etc.).

SECURE AREA

The registration stage allows you to obtain the password to access your Secure area, in which you will be able to:

l Activate licenses, softwareoptions or download the latest updates, l Manage your licenses, l Subscribe to technical and commercial mailing lists, l Access the knowledge base.

Log on to the following address to access or obtain the access codes to your Secure area:

https://mystormshield.eu/

KNOWLEDGE BASE

The technical support department’s knowledge base centralizes various technical entries relating to the use of Stormshield Network products. It aims to improve a better understanding of how they work. Go to the Knowledge base in your Secure area.

ASSISTANCE

In the event of a hardware issue on your Firewall or if one of the elements does not match its description, please contact your certified partner.

For Stormshield Network products, there are different product return procedures called RMAs (return merchandise authorization). The various types of RMA are as follows:

1. RMA WITH STANDARDEXCHANGE: If the appliance has a valid Standard maintenance package

2. RMA WITH EXPRESS EXCHANGE: If the appliance has a valid Express exchange maintenance package

3. RMA WITH DOA EXCHANGE: If the product was registered less than 30 days before the RMA was activated.

Documents relating to these procedures and their implementation are available in the Document Base (Operational folder) in your Secure area.

In order to comply with the hypotheses of the common criteria evaluation, clients have to subscribe to the Secure Exchange option and follow the procedure for this type of exchange. This option ensures the confidentiality of the configuration elements imported into the Stormshield Network product before it is sent for repairs.

Page 54/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

APPENDIX A: RESETTING THE FIREWALL

It is possible to restore the default factory settings of a Stormshield Network Firewall. This operation will bring the product back to its initial configuration. This reinitialization does not modify the firmware version and only affects the active partition.

WARNING Resetting a Firewall will completely remove the configuration made on the product. This operation is irreversible, so do not apply this procedure unless absolutely needed. You are therefore advised to make a prior backup.

WARNING You must not unplug the product while is it reinitializing.

After a few minutes the initial settings will be recovered and the Firewallwill reboot. This reset operation may take up to 10 minutes, so do wait until the end of the reboot procedure before reconnecting to the Firewall.

NOTE The Online and Status (Run on SN6100 and SNi40) LEDs willblink throughout the entire initialization phase. 2 consecutive beeps (except on SN160, SN160W, SN210, SN210W, SN310 and SNi40 models) and the lighted up Online (Run on SN6100 and SNi40) LED indicate the end of the product’s startup sequence.

WARNING This operation will also reinitialize the administrator’s password. The login and password are “admin” by default.

All models except SN6100 and SNi40

In order to reset your Firewall, take a pointed object. A small pushbutton is accessible through a hole located in the following places:

l on SN160, SN160W, SN210, SN210W and SN310 models, on the rearpanel of the product, to

the right of the Ethernet interfaces.

l on SN510 models, on the front panel of the product, to the left of the Ethernet interfaces. l on SN710 and SN910 models, on the front panel of the product, between the extension

module slot and the Ethernetinterfaces.

l on SN2100 and SN3100 models, on the front panel of the product, between the LEDs and

USB ports.

SN160 and SN160W models

Page 55/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SN210 and SN210W models

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

APPENDIX A: RESETTING THE FIREWALL

SN310 model

SN910 model

SN2100 and SN3100 mode ls

SN510 and SN710 models

Hold down the button for about 5 seconds, until you see the Online and Status LEDs blink and/or until you hear an audible signal. The reset procedure will automatically be launched. After a few minutes, the initial settings will be recovered and the Firewallwill reboot.

SN6100 and SNi40 models

The factory configuration of SN6100 and SNi40 appliances can only be restored by connecting in console mode. Type the following command: defaultconfig -f -r –p

The reset procedure will automatically be launched. After a few minutes, the initial settings willbe recovered and the Firewall willreboot.

Page 56/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

APPENDIX B: LOG STORAGE

For models equipped with a hard disk or SSD, the log storage service is enabled by default, except on SNi4O models. To enable it, please refer to the section Enable log storage below.

On SN160, SN160W, SN210, SN210W and SN310 models, you can subscribe to the External storage option allowing you to store logs externally on an SD card.

External storage option - storing logs externally on an SD card

NOTE Storing logs on an external medium can only be done on an SD card. This service is not compatible with other media such as a USB key or an external hard disk.

The recommended type of SD card is at least Class 10 (C10) UHS Class 1 (U1) or App Performance 1 (A1),SDHC standard. The memory card must be in a full-size physical SD format, in SDHC or SDXC standard. Only adapters provided with the card must be used. The maximum memory size supported is 2 TB.

Stormshield recommends the use of high-endurance/industrial cards or preferably, those that have a built-in MLC flash chip developed by major brands (e.g., SanDisk, Western Digital, Innodisk, Transcend, etc.) and with at least 32 GB of memory.

Insert the SD card, as described in the diagram to the right, with the connector facing downwards.

When you insert the SD card for the first time, the Hardware component (widget) on the Dashboard will display the following information:

You willthen need to enable and format the SD card - please referto the following section.

Enable log storage

To enable the service, go to the Notifications menu, then to the Logs – Syslog module. In the

Local storage tab, select the Enable log storage option.

Page 57/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

APPENDIX B: LOG STORAGE

If you wish to save logs on an SD card, hard disk or SSD, select Enable log storage, then select your medium from the list of storage media. A message willprompt you to format it.

After this operation, your SD card, hard disk or SSD will be ready to receive all logs.

Loading the SD card

IMPORTANT Before ejecting the SD card fromthe drive (to change media, for example), you must first shut down the service by unselecting the option to enable log storage, in the Logs - Syslog module.

To eject the SD card, press lightly and horizontally on it, then let go.

Log consultation

These logs can be read in the SN Activity Reports web interface in the form of reports.

In SN Activity Reports, 5 reports are enabled by default. The number of reports enabled can be increased on models that are equipped with hard disks or an SSD or with the help of an SD card with the “External storage” option.

Referto the User Manual, under the Reports section, at: https://documentation.stormshield.eu

Page 58/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

APPENDIX C: MANAGING SSDS

APPENDIX C: MANAGING SSDs

An SSD is installed by default on the SN2100 model. A second SSD can be added to it by subscribing to the RAID option (RAID1).

By default on SN3100 and SN6100 models, both SSDs are installed in RAID (RAID 1). Both of these SSDs are also hot-swappable.

NOTE On SN2100 models without the RAID option, the replacement of the SSD would cause logs and static reports saved on the log partition to be lost, as well as data memorized using the HTTP Cache option if it has been enabled.

Detecting issues

The SMART (Self-Monitoring, Analysis and Reporting Technology system)status of SSDs may be monitored. SMART technology monitors and informs about the status of certain reliability indicators such as the temperature, number of sectors allocated, errors while locating sectors, etc. It therefore helps to anticipate failures.

On SN910, SN2100 and SNi40 models without the RAID option, the SMART status of the SSD is availablein the Hardware section of the Hardware widget.

On SN2100, SN3100 and SN6100 models with the RAID option, the RAID section in the Hardware widget informs you about the SMART status of the SSDs, as well as the RAID status.

You may also log on to the appliance in console mode or via an SSH connection and obtain the information with the following commands:

l SMART status of the SSDs: smartinfo l If SSDs are installed in RAID: nraid -s

If an issue arises with the log partition, report it using the Properties widget either in console mode or via an SSH connection, using the command: logdisk –c, the partition can be rebuilt using the following command: logdisk –f

IMPORTANT This command permanently erases data saved earlier on the log partition.

If the SMART status of an SSD shows errors, or if rebuilding your log partition fails, you can contact your certified partner to replace your SSD.

Replacing an SSD

Depending on the model, the respective procedures are as follows:

l SN2100, without RAID option:

This procedure is to be carried out on an appliance that has been powered off. To remove the SSD, unlock the rack with the lever, then pull out the canister with the defective SSD. Insert the new canister with the replacement SSD obtained from your partner, until you hear a click. Once you have inserted the new SSD, it will be detected the next timeyou start the appliance.

l SN2100 with RAID option, SN3100 and SN6100 (SSD in RAID 1):

This procedure is to be carried out on an appliance that is running. To remove the SSD, unlock the rack with the lever, then pull out the canisterwith the defective SSD. Insert the new canister with

Page 59/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

APPENDIX C: MANAGING SSDS

the replacement SSD obtained from your partner, until you hear a click. Once you have inserted the new SSD, type the following command to scan this new SSD: nraid –z.

Next, type the command to rebuild the RAID: nraid -r

RAID option (SN2100)

On the SN2100 model, the RAID option can be subscribed in order to add a second SSD and build a RAID1 on it.

This procedure is to be carried out on an appliance that is running:

l In console mode, type the following command to build the RAID: nraid -c l Unlock the rack with the lever, then pull out the empty canister (lower canister, LEDs off).

Insert the new canister with the optional SSD obtained fromyour partner, until you hear a click.

l Once you have inserted the new SSD, type the following command to scan this new SSD:

nraid –z

l Then type the following command in order to replicate the data on the RAID: nraid -r

Big Data option (SN2100, SN3100 and SN6100)

If you have subscribed the Big Data option(available on SN2100, SN3100 and SN61000 models), the originalSSDs will be replaced with SSDs of greater capacity.

After you have shut down the appliance, you will be able to extract the SSDs. Unlock the rack with the levers, then pull out both SSD canisters. Insert the new canisters with the replacement SSDs obtained from your partner, until you hear a click. They will be detected the next timeyou start the appliance.

Page 60/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

APPENDIX D: CHANGING A POWER SUPPLY MODULE (SN2100, SN3100 AND SN6100)

REMINDER Before plugging any equipment into a 48VDC power supply module, please read the

SAFETY RULES carefully and follow them.

SN2100 and SN3100

NOTE On SN2100 models, a second AC mains supply or 48VDC module can be ordered separately for redundant power supply.

Page 61/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

APPENDIX D: CHANGING A POWER SUPPLY MODULE (SN2100, SN3100 AND SN6100)

1. Disconnect the module from the electrical supply:

l AC mains supply: disconnect the mains cable. l 48VDC supply: first, disconnect the power cord from the 48VDC source. Next, on the

module, remove the protective cover 1, then use a screwdriver to disconnect the three supply wires.

2. Remove the module: push the release lever sideways toward the extraction handle, and use the handle to pull the module. Take hold of the case of the module and remove it completely.

3. Insert the new module with the product label facing upwards. When the module is fully inserted, push until you hear a “click” that indicates that the module is locked in place. Verify that the module is locked in place by pulling gently on the extraction handle: the module must not move.

4. Attach the new module to the electrical supply:

l AC mains supply: plug in the mains cable. l 48VDCsupply: with the power cord disconnected from the 48VDC supply, use a

screwdriver to attach the three wires of the power cord to the module 1 then reattach the protective cover. The wires must be connected to the 48VDC module as shown above. Next, connect the power cord to the 48VDC source.

Each PSU module is equipped with a light showing its state (two colors: green/red for the AC mains module, blue/red for the 48VDC module):

• Module working correctly

l module connected to a power source but not installed in a firewall: green (AC mains)/blue

(48VDC).

- SN2100 and SN3100 (halted):

l module installed but not connected to a power source, and the other module is installed

and connected: green (AC mains)/blue (48VDC), blinking.

l module installed and connected to a power source: green (AC mains)/blue (48VDC),

blinking.

- SN2100 and SN3100 running:

l module installed and connected to a power source: green (AC mains)/blue (48VDC), not

blinking.

l module installed and not connected to a power source: red, blinking (+ buzzer).

• Module not functioning correctly

l module connected to a power source: red, not blinking.

SN6100

Page 62/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

APPENDIX D: CHANGING A POWER SUPPLY MODULE (SN2100, SN3100 AND SN6100)

1. Disconnect the module from the electrical supply:

l AC mains supply: disconnect the mains cable. l 48VDC supply: unscrew the knurled screw, then unplug the power cord on the module

side.

2. Remove the module: push the release lever sideways toward the extraction handle, and pull the handle. Take hold of the case of the module and remove it completely.

CAUTION: the module's metalcase serves as a heat sink and its temperature can reach

+60°C at full power. It is therefore advisable to use a glove to hold the case.

4. Attach the new module to the electrical supply:

l AC mains supply: plug in the mains cable. l 48VDC supply: plug in the power cord's connector 1 Screw in the knurled screw.

Each PSU module is equipped with a light showing its state (two colors: green/red):

• Module working correctly

l module connected to a power source but not installed in a firewall: green, blinking.

- SN6100 (halted):

l module installed but not connected to a power source, and the other module is installed

and connected: red, not blinking.

l module installed and connected to a power source: green, blinking.

- SN6100 (running):

l module installed and connected to a power source: green, not blinking. l module installed and not connected to a power source: red, not blinking (+ buzzer).

• Module not functioning correctly

l module connected to a power source: red, not blinking.

Page 63/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

APPENDIX E: CONFIGURATION AND ADMINISTRATION VIA IPMI (SN6100)

IPMI (Intelligent Platform Management Interface) is a network protocol and allows obtaining hardware information remotely, monitoring certain components and controlling appliances (control, reboot, interruption, etc.).

SN6100

Configuration

When starting the product, once the Stormshield logo appears, press <del> to access the BIOS. Next, go to the section "BMC network configuration" in the ServerMgmt menu in order to configure the network interface dedicated to IPMI, then save and quit.

Connection

Plug the network cable into the dedicated network interface on the front of the appliance.

Launch your browser and log on to the dedicated interface by entering the address:

https://<ip_if_ipmi>

If this has not been configured, the default IP address of the IPMI interface willbe

192.168.0.100/24

The login and password are “admin” by default.

Page 64/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

APPENDIX E: CONFIGURATION AND ADMINISTRATION VIA IPMI (SN6100)

The dashboard of the web interface will look like this:

IMPORTANT Change the “admin” administration password immediately. The web interface will make you change it during the initial connection. You are further advised to place the IPMI interface on a dedicated administration network.

Page 65/66 sns-en-SNrange_installation_guide-2019 - 09/2019

SNS - PRODUCT PRESENTATION AND INSTALLATION 2019

documentation@stormshield.eu

All images in this document are for representational purposes only, actual products may differ.

Page 66/66 sns-en-SNrange_installation_guide-2019 - 09/2019

Stormshield SN Series, SN210W, SN310, SN510, SN710 Product Presentation And Installation

Specifications and Main Features

Frequently Asked Questions

User Manual

FOREWORD

Recommendations on the operating environment

Regulations

INTRODUCTION

UPON RECEIVING YOUR FIREWALL

Integrity of the product

Contents of the packaging

SAFETY RULES

All models except SNi40

SNi40 model

INSTALLATION PRECAUTIONS

Conditions of use (all models except SNi40)

Conditions of use (SNi40 model)

Connecting to the mains

Connecting to a 24VDC power supply unit (SNi40)

Connecting to the network

PRESENTATION OF SN MODELS

SN160 and SN160W models

SN210 and SN210W models

SN310 model

SN510 and SN710 models

SN910 model

SN2100 and SN3100 models

SN6100 model

SNi40 model

NETWORK CONNECTORS

RJ45 Ethernet connectors

Fiber Ethernet connectors

Extension modules (SN710 and upwards)

Recommended connectors for high availability (HA) links

INITIAL CONNECTION TO THE PRODUCT

Requirements

Connections

Configuration

Starting

Shutting down

UPDATING THE LICENSE

Retrieving the license

Installing the license

DOCUMENTATION & ASSISTANCE

APPENDIX A: RESETTING THE FIREWALL

All models except SN6100 and SNi40

SN6100 and SNi40 models

APPENDIX B: LOG STORAGE

External storage option - storing logs externally on an SD card

Enable log storage

Log consultation

APPENDIX C: MANAGING SSDS

Detecting issues

Replacing an SSD

RAID option (SN2100)

Big Data option (SN2100, SN3100 and SN6100)

APPENDIX D: CHANGING A POWER SUPPLY MODULE (SN2100, SN3100 AND SN6100)

SN2100 and SN3100

SN6100

APPENDIX E: CONFIGURATION AND ADMINISTRATION VIA IPMI (SN6100)

SN6100