Any technical documentation that is made available by Symantec Corporation is the copyrighted work
of Symantec Corporation and is owned by Symantec Corporation.
NO WARRANTY. The technical documentation is being delivered to you AS-IS, and Symantec
Corporation makes no warranty as to its accuracy or use. Any use of the technical documentation or the
information contained therein is at the risk of the user. Documentation may include technical or other
inaccuracies or typographical errors. Symantec reserves the right to make changes without prior
notice.
No part of this publication may be copied without the express written permission of Symantec
Corporation, 20330 Stevens Creek Blvd., Cupertino, CA 95014.
Trademarks. Symantec, the Symantec logo, LiveUpdate, Network Security, Symantec Decoy Server,
and Norton AntiVirus are U.S. registered trademarks of Symantec Corporation. Symantec AntiVirus,
Symantec Enterprise Security Architecture, and Symantec Security Response are trademarks of
Symantec Corporation.
Other brands and product names mentioned in this manual may be trademarks or registered
trademarks of their respective companies and are hereby acknowledged.
Windows is a registered trademark, and 95, 98, NT and 2002 are trademarks of Microsoft Corporation.
Pentium is a registered trademark of Intel Corporation. Sun is a registered trademark, and Java, Solaris,
Ultra, Enterprise, and SPARC are trademarks of Sun Microsystems. UNIX is a registered trademark of
UNIX System Laboratories, Inc. Cisco and Catalyst are registered trademarks of Cisco Systems, Inc.
Foundry is a registered trademark of Foundry Networks. Juniper is a registered trademark of Juniper
Networks, Inc. iButton is a trademark of Dallas Semiconductor Corp. Dell is a registered trademark of
Dell Computer Corporation. Check Point and OPSEC are trademarks and FireWall-1 is a registered
trademark of Check Point Software Technologies, Ltd. Tripwire is a registered trademark of Tripwire,
Inc.
Symantec Network Security software contains/includes the following Third Party Software from
external sources:
Printed in the United States of America. 10 9 8 7 6 5 4 3 2 1
Technical support
As part of Symantec Security Response, the Symantec global Technical Support
group maintains support centers throughout the world. The Technical Support
group’s primary role is to respond to specific questions on product feature/
function, installation, and configuration, as well as to author content for our
Web-accessible Knowledge Base. The Technical Support group works
collaboratively with the other functional areas within Symantec to answer your
questions in a timely fashion. For example, the Technical Support group works
with Product Engineering as well as Symantec Security Response to provide
Alerting Services and Virus Definition Updates for virus outbreaks and security
alerts.
Symantec technical support offerings include:
■A range of support options that give you the flexibility to select the right
amount of service for any size organization
■Telephone and Web support components that provide rapid response and
up-to-the-minute information
3
■Upgrade insurance that delivers automatic software upgrade protection
■Content Updates for virus definitions and security signatures that ensure
the highest level of protection
■Global support from Symantec Security Response experts, which is
available 24 hours a day, 7 days a week worldwide in a variety of languages
■Advanced features, such as the Symantec Alerting Service and Technical
Account Manager role, offer enhanced response and proactive security
support
Please visit our Web site for current information on Support Programs. The
specific features available may vary based on the level of support purchased and
the specific product that you are using.
Licensing and registration
If the product that you are implementing requires registration and/or a license
key, the fastest and easiest way to register your service is to access the
Symantec licensing and registration site at www.symantec.com/certificate.
Alternatively, you may go to www.symantec.com/techsupp/ent/enterprise.html,
select the product that you wish to register, and from the Product Home Page,
select the Licensing and Registration link.
Contacting Technical Support
Customers with a current support agreement may contact the Technical
Support group via phone or online at www.symantec.com/techsupp.
Customers with Platinum support agreements may contact Platinum Technical
Support via the Platinum Web site at www-secure.symantec.com/platinum/.
4
Customer Service
When contacting the Technical Support group, please have the following:
■Product release level
■Hardware information
■Available memory, disk space, NIC information
■Operating system
■Version and patch level
■Network topology
■Router, gateway, and IP address information
■Problem description
■Error messages/log files
■Troubleshooting performed prior to contacting Symantec
To contact Enterprise Customer Service online, go to www.symantec.com, select
the appropriate Global Site for your country, then choose Service and Support.
Customer Service is available to assist with the following types of issues:
■Questions regarding product licensing or serialization
■Product registration updates such as address or name changes
■General product information (features, language availability, local dealers)
■Latest information on product updates and upgrades
■Information on upgrade insurance and maintenance contracts
■Information on Symantec Value License Program
■Advice on Symantec's technical support options
■Nontechnical pre-sales questions
■Missing or defective CD-ROMs or manuals
SYMANTEC NETWORK SECURITY APPLIANCE (7100 SERIES)
LICENSE AND WARRANTY AGREEMENT
SYMANTEC CORPORATION AND/OR ITS SUBSIDIARIES
(“SYMANTEC”) IS WILLING TO LICENSE THE SOFTWARE
INCLUDED WITH THE APPLIANCE YOU HAVE PURCHASED
TO YOU AS AN INDIVIDUAL, THE COMPANY, OR THE LEGAL
ENTITY THAT WILL BE UTILIZING THE SOFTWARE
(REFERENCED BELOW AS “YOU OR YOUR”) AND TO
PROVIDE WARRANTIES ON THE APPLIANCE ONLY ON THE
CONDITION THAT YOU ACCEPT ALL OF THE TERMS OF THIS
LICENSE AND WARRANTY AGREEMENT. READ THE TERMS
AND CONDITIONS OF THIS LICENSE AND WARRANTY
AGREEMENT CAREFULLY BEFORE USING THE APPLIANCE.
THIS IS A LEGAL AND ENFORCEABLE CONTRACT BETWEEN
YOU AND SYMANTEC. BY OPENING THIS PACKAGE,
BREAKING THE SEAL, CLICKING ON THE “AGREE” OR “YES”
BUTTON OR OTHERWISE INDICATING ASSENT
ELECTRONICALLY, REQUESTING A LICENSE KEY OR USING
THE SOFTWARE AND THE APPLIANCE, YOU AGREE TO THE
TERMS AND CONDITIONS OF THIS AGREEMENT. IF YOU DO
NOT AGREE TO THESE TERMS AND CONDITIONS, CLICK ON
THE “I DO NOT AGREE” OR “NO” BUTTON IF APPLICABLE
AND DO NOT USE THE SOFTWARE AND THE APPLIANCE.
1. Software License:
Except for the software, if any, described in the Excluded
Software section at the end of this agreement (the “Excluded
Software”), the software (the “Software”) which accompanies
the appliance You have purchased (the “Appliance”) is the
property of Symantec or its licensors and is protected by
copyright law. Except for the Excluded Software, You agree
and acknowledge that You must purchase a separate license for
each Software functionality which You intend to use in
connection with the Appliance, and activate such Software
functionalities as designated by Symantec, prior to using the
Appliance. While Symantec continues to own the Software,
You will have certain rights to use the Software after Your
acceptance of this license. This license governs any releases,
revisions, or enhancements to the Software that the Licensor
may furnish to You as well as the copy of the Software
provided to You on a CD-ROM or other media in connection
with the Appliance (the “Recovery Software”). Except as may
be modified by a Symantec license certificate, license coupon,
or license key (each a “License Module”) which accompanies,
precedes, or follows this license, and as may be further defined
in the user documentation accompanying the Appliance and/or
the Software, Your rights and obligations with respect to the
use of this Software are as follows:
You may:
A. use the Software solely as part of the Appliance for no more
than the number of users as have been licensed to You by
Symantec under a License Module;
B. use the Recovery Software solely to restore the Appliance to
its original factory functionality in the event the Software
preloaded on the Appliance is corrupted or becomes unusable;
C. make copies of the printed documentation which
accompanies the Appliance as necessary to support Your
authorized use of the Appliance; and
D. after written notice to Symantec and in connection with a
transfer of the Appliance, transfer the Software on a
permanent basis to another person or entity, provided that You
retain no copies of the Software, Symantec consents to the
transfer and the transferee agrees in writing to the terms and
conditions of this agreement.
You may not:
A. sublicense, rent or lease any portion of the Software; reverse
engineer, decompile, disassemble, modify, translate, make any
attempt to discover the source code of the Software, or create
derivative works from the Software;
B. use the Recovery Software for any purpose other than to
restore the Appliance to the original factory functionality;
C. use, if You received the Software distributed on an Appliance
containing multiple Symantec products, any Symantec
software on the Appliance for which You have not received a
permission in a License Module; or
D. use the Software in any manner not authorized by this
license.
2. Content Updates:
Certain Symantec software products utilize content that is
updated from time to time (e.g., antivirus products utilize
updated virus definitions; content filtering products utilize
updated URL lists; some firewall products utilize updated
firewall rules; vulnerability assessment products utilize
updated vulnerability data, etc.; collectively, these are referred
to as “Content Updates”). You may obtain Content Updates for
each Software functionality which You have purchased and
activated for use with the Appliance for any period for which
You have (i) purchased a subscription for Content Updates for
such Software functionality; (ii) entered into a support
agreement that includes Content Updates for such Software
functionality; or (iii) otherwise separately acquired the right to
obtain Content Updates for such Software functionality. This
license does not otherwise permit You to obtain and use
Content Updates.
3. Limited Warranty:
Symantec warrants that the media on which the Recovery
Software is distributed will be free from defects for a period of
thirty (30) days from the date of original purchase of the
Appliance. Your sole remedy in the event of a breach of this
warranty will be that Symantec will, at its option, replace any
defective media returned to Symantec within the warranty
period or refund the money You paid for the Recovery
Software.
Symantec warrants that the Software will perform on the
Appliance in substantial compliance with the written
documentation accompanying the Appliance for a period of
thirty (30) days from the date of original purchase of the
Appliance. Your sole remedy in the event of a breach of this
warranty will be that Symantec will, at its option, repair or
replace any defective Software returned to Symantec within
the warranty period or refund the money You paid for the
Appliance.
Symantec warrants that the hardware component of the
Appliance (the “Hardware”) shall be free from defects in
material and workmanship under normal use and service and
substantially conform to the written documentation
accompanying the Appliance for a period of three hundred
sixty-five (365) days from the date of original( purchase of the
Appliance. Your sole remedy in the event of a breach of this
warranty will be that Symantec will, at its option, repair or
replace any defective Hardware returned to Symantec within
the warranty period or refund the money You paid for the
Appliance.
The warranties contained in this agreement will not apply to
any Software or Hardware which:
A. has been altered, supplemented, upgraded or modified in
any way; or
B. has been repaired except by Symantec or its designee.
Additionally, the warranties contained in this agreement do
not apply to repair or replacement caused or necessitated by:
6
(i) events occurring after risk of loss passes to You such as loss or damage during shipment; (ii) acts of God including without
limitation natural acts such as fire, flood, wind earthquake, lightning or similar disaster; (iii) improper use, environment,
installation or electrical supply, improper maintenance, or any other misuse, abuse or mishandling; (iv) governmental actions or
inactions; (v) strikes or work stoppages; (vi) Your failure to follow applicable use or operations instructions or manuals; (vii) Your
failure to implement, or to allow Symantec or its designee to implement, any corrections or modifications to the Appliance made
available to You by Symantec; or (viii) such other events outside Symantec’s reasonable control.
Upon discovery of any failure of the Hardware, or component thereof, to conform to the applicable warranty during the applicable
warranty period, You are required to contact us within ten (10) days after such failure and seek a return material authorization
(“RMA”) number. Symantec will promptly issue the requested RMA as long as we determine that You meet the conditions for
warranty service. The allegedly defective Appliance, or component thereof, shall be returned to Symantec, securely and properly
packaged, freight and insurance prepaid, with the RMA number prominently displayed on the exterior of the shipment packaging
and with the Appliance. Symantec will have no obligation to accept any Appliance which is returned without an RMA number.
Upon completion of repair or if Symantec decides, in accordance with the warranty, to replace a defective Appliance, Symantec will
return such repaired or replacement Appliance to You, freight and insurance prepaid. In the event that Symantec, in its sole
discretion, determines that it is unable to replace or repair the Hardware, Symantec will refund to You the F.O.B. price paid by You
for the defective Appliance. Defective Appliances returned to Symantec will become the property of Symantec.
Symantec does not warrant that the Appliance will meet Your requirements or that operation of the Appliance will be uninterrupted
or that the Appliance will be error-free.
In order to exercise any of the warranty rights contained in this Agreement, You must have available an original sales receipt or bill
of sale demonstrating proof of purchase with Your warranty claim.
THE ABOVE WARRANTIES ARE EXCLUSIVE AND IN LIEU OF ALL OTHER WARRANTIES, WHETHER EXPRESS OR IMPLIED,
INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS. THIS WARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS. YOU MAY
HAVE OTHER RIGHTS, WHICH VARY FROM STATE TO STATE.
4. Disclaimer of Damages:
SOME STATES AND COUNTRIES, INCLUDING MEMBER COUNTRIES OF THE EUROPEAN ECONOMIC AREA, DO NOT ALLOW THE
LIMITATION OR EXCLUSION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES SO THE BELOW LIMITATION OR
EXCLUSION MAY NOT APPLY TO YOU.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW AND REGARDLESS OF WHETHER ANY REMEDY SET FORTH
HEREIN FAILS OF ITS ESSENTIAL PURPOSE, IN NO EVENT WILL SYMANTEC OR ITS LICENSORS BE LIABLE TO YOU FOR ANY
SPECIAL, CONSEQUENTIAL, INDIRECT OR SIMILAR DAMAGES, INCLUDING ANY LOST PROFITS OR LOST DATA ARISING OUT
OF THE USE OR INABILITY TO USE THE SOFTWARE EVEN IF SYMANTEC HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
DAMAGES.
IN NO CASE SHALL SYMANTEC'S OR ITS LICENSORS’ LIABILITY EXCEED THE PURCHASE PRICE FOR THE APPLIANCE. The
disclaimers and limitations set forth above will apply regardless of whether You accept the Software or the Appliance.
5. U.S. Government Restricted Rights:
RESTRICTED RIGHTS LEGEND. All Symantec products and documentation are commercial in nature. The software and software
documentation are “Commercial Items”, as that term is defined in 48 C.F.R. section 2.101, consisting of “Commercial Computer
Software” and “Commercial Computer Software Documentation”, as such terms are defined in 48 C.F.R. section 252.227-7014(a)(5)
and 48 C.F.R. section 252.227-7014(a)(1), and used in 48 C.F.R. section 12.212 and 48 C.F.R. section 227.7202, as applicable.
Consistent with 48 C.F.R. section 12.212, 48 C.F.R. section 252.227-7015, 48 C.F.R. section 227.7202 through 227.7202-4, 48 C.F.R.
section 52.227-14, and other relevant sections of the Code of Federal Regulations, as applicable, Symantec's computer software and
computer software documentation are licensed to United States Government end users with only those rights as granted to all other
end users, according to the terms and conditions contained in this license agreement. Manufacturer is Symantec Corporation,
20330 Stevens Creek Blvd., Cupertino, CA 95014.
6. Export Regulation:
You agree to comply strictly with all applicable export control laws, including the US Export Administration Act and its associated
regulations and acknowledge Your responsibility to obtain licenses as required to export, re-export or import the Appliance. Export
or re-export of the Appliance to Cuba, North Korea, Iran, Iraq, Libya, Syria or Sudan is prohibited.
7. General:
If You are located in North America or Latin America, this Agreement will be governed by the laws of the State of California, United
States of America. Otherwise, this Agreement will be governed by the laws of England. This Agreement and any related License
Module is the entire agreement between You and Symantec relating to the Appliance and: (i) supersedes all prior or
contemporaneous oral or written communications, proposals and representations with respect to its subject matter; and (ii) prevails
over any conflicting or additional terms of any quote, order, acknowledgment or similar communications between the parties. This
Agreement may only be modified by a License Module or by a written document which has been signed by both You and Symantec.
This Agreement shall terminate upon Your breach of any term contained herein and You shall cease use of and destroy all copies of
the Software and shall return the Appliance to Symantec. The disclaimers of warranties and damages and limitations on liability
shall survive termination. Should You have any questions concerning this Agreement, or if You desire to contact Symantec for any
reason, please write: (i) Symantec Customer Service, 555 International Way, Springfield, OR 97477, USA, or (ii) Symantec Customer
Service Center, PO BOX 5689, Dublin 15, Ireland.
8. Excluded Software:
The Excluded Software consists of the open source code software known as Linux included with the Appliance. All Excluded
Software is licensed under the GNU General Public License, Version 2, June 1991, a copy of which is included with the user
documentation for the Appliance. The license entitles You to receive a copy of the source code for Linux only upon request at a
nominal charge. If You are interested in obtaining a copy of such source code, please contact Symantec Customer Service at one of
the above addresses for further information.
7
8
Chapter 1Introduction
About the Symantec Network Security 7100 Series ......................................... 9
About the core software ..............................................................................10
About the detection architecture ..............................................................10
About the management system ................................................................. 10
About the 7100 Series models ....................................................................11
About this guide ...................................................................................................11
About the documentation set ............................................................................13
About the Web sites .............................................................................................14
Verifying the materials .......................................................................................14
Contents
Chapter 2Introducing the 7100 Series components
About the 7100 Series components ..................................................................17
About 7100 Series models ..................................................................................17
Model 7120 ....................................................................................................18
Model 7160 ....................................................................................................19
Model 7161 ....................................................................................................20
About core components ...................................................................................... 21
About the removable hard drive ......................................................................191
Removing the hard drive ..................................................................................192
Index
7Contents
8 Contents
Introduction
This chapter includes the following topics:
■About the Symantec Network Security 7100 Series
■About this guide
■About the documentation set
Chapter
1
■About the Web sites
■Verifying the materials
About the Symantec Network Security 7100 Series
Symantec Network Security 7100 Series appliances provide real-time network
intrusion prevention and detection to protect critical enterprise assets from the
threat of known, unknown (zero-day), and denial of service (DoS) attacks.
Designed to monitor multiple network segments at multi-gigabit speeds, the
7100 Series combines superior detection and prevention capabilities with
flexible deployment options and ease of installation.
Network Security 7100 Series are highly scalable, purpose built appliances that
meet a range of needs for aggregate network bandwidth from 50 Mbps to 2 Gbps
across as many as eight network segments. They provide zero-day protection
against the latest threats and automated real-time blocking of malicious
activity. With intrusion prevention and detection built into a single network
security appliance, users can easily switch between deployment modes based on
their security policy.
Network Security 7100 Series appliances reduce the total cost of implementing a
complete network security solution through:
■Simplified and rapid deployment
■Centralized management
10 Introduction
About the Symantec Network Security 7100 Series
■Cohesive, streamlined security content, service, and support
About the core software
The 7100 Series appliances run Symantec Network Security 4.0 software, which
provides detection, analysis, management, storage, and response functionality.
The standard software and the appliance version utilize the core functionality in
the same way, and most procedures apply to both. In addition to the full
software functionality at its core, the appliance provides unique features, such
as in-line mode and interface grouping.
About the detection architecture
The 7100 Series appliances employ the new and innovative network threat
mitigation architecture that combines anomaly, signature, statistical, and
vulnerability detection techniques into an Intrusion Mitigation Unified Network
Engine (IMUNE). IMUNE proactively prevents and provides immunity against
malicious attacks, including:
■Denial of service attempts
■Intrusions and malicious code
■Network infrastructure attacks
■Application exploits
■Scans and reconnaissance activities
■Backdoors
■Buffer overflow attempts
■Blended threats like MS Blaster and SQL Slammer
About the management system
Symantec Network Security 7100 Series appliances are centrally managed via
the Symantec Network Security 4.0 Management Console, a powerful and
scalable security management system. The management console supports large,
distributed enterprise deployments and provides:
■Comprehensive configuration
■Policy management
■Real-time threat analysis
■Enterprise reporting
■Flexible visualization
The Network Security Management System automates the process of delivering
security and product updates to the 7100 Series appliances using Symantec Live
Update to provide real-time protection against the latest threats.
In addition, the Network Security Management System can be used to expand
the intrusion protection umbrella using the Symantec Network Security Smart
Agents to provide enterprise-wide, multi-source intrusion management by
aggregating, correlating, and responding to events from multiple Symantec and
third-party host and network security products.
About the 7100 Series models
The Symantec Network Security 7100 Series is available in three models that
provide both intrusion prevention and intrusion detection in a single appliance:
■The 7120:
■Monitors up to four 10/100 Base-T network segments
11Introduction
About this guide
■Provides a maximum bandwidth license of 200 Mbps
■The 7160:
■Monitors up to eight 10/100/1000 Base-T network segments
■Provides a maximum bandwidth license of 2 Gbps
■Provides in-line mode maximum bandwidth of 1 Gbps
■The 7161:
■Monitors up to four 1000 Base-SX fiber optic network segments
■Monitors up to four 10/100/1000 Base-T network segments
■Provides a maximum bandwidth license of 2 Gbps
■Provides in-line mode maximum bandwidth of 1 Gbps
About this guide
This manual is intended for system managers or administrators responsible for
administering the Symantec Network Security 7100 Series, and is organized as
follows:
Table 1-1Implementation Guide structure
ChapterTitleContent
Chapter 2Introducing the 7100 Series
components
Describes the externally visible hardware
components in each model of the
Symantec Network Security 7100 Series.
12 Introduction
About this guide
Table 1-1Implementation Guide structure
ChapterTitleContent
Chapter 3Deploying the 7100 SeriesDiscusses what to consider when deciding
how best to deploy the 7100 Series.
Chapter 4Installing the 7100 SeriesDescribes how to physically install the
appliance, including rack-mounting,
cabling, and connecting to an In-line
Bypass unit for fail-open.
Chapter 5Initializing Symantec Network
Security
Chapter 6Starting the Network Security
console
Chapter 7LicensingDescribes licensing options and how to
Chapter 8Configuring nodes and
interfaces
Chapter 9Configuring detection and
response
Chapter 10Monitoring and reporting
events and status
Describes the initial configuration
procedures using LCD, serial console, and
compact flash.
Describes how to install and launch the
Symantec Network Security console.
install a license, check license status, and
renew or add bandwidth to a license.
Describes how to add and edit 7100 Series
nodes and interfaces, including in-line
pairs and interface groups.
Describes how to start sensors by
configuring and applying protection
policies. Also describes how to add and
edit response rules.
Describes how to view incidents and
events, and how to generate reports.
Describes several methods of monitoring
status.
Chapter 11Maintaining and administering
Chapter 12Re-imaging and unconfiguring Describes how to unconfigure Symantec
the 7100 Series
Describes maintenance and
administration tasks, including backup
and restore, restarting software and
hardware, using the LCD run menu, and
using the serial console. Includes a
section on setting up SESA.
Network Security and how to re-image the
appliance. Discusses upgrading the
Network Security console. Discusses
migration from an existing Symantec
supported IDS platform to the Symantec
Network Security 7100 Series.
Table 1-1Implementation Guide structure
ChapterTitleContent
Appendix A TroubleshootingDescribes how to access the online
Appendix B Specifications and safetyLists product specifications and provides
Appendix C Service ManualDescribes the removable hard drive in the
IndexIndexLists topics covered in this guide, using
About the documentation set
13Introduction
About the documentation set
knowledge base for troubleshooting
information.
safety instructions and certifications.
7160 and 7161.
index format.
The documentation set for the Symantec Network Security 7100 Series includes:
■Symantec Network Security 7100 Series Implementation Guide (printed and
PDF). This guide explains how to install, configure, and perform key tasks on
the Symantec Network Security 7100 Series.
■Symantec Network Security Administration Guide (printed and PDF). This
guide provides the main reference material, including detailed descriptions
of the Symantec Network Security features, infrastructure, and how to
configure and manage effectively.
■Depending on your appliance model, one of the following:
■Symantec Network Security 7100 Series: Model 7120 Getting Started
Card
■Symantec Network Security 7100 Series: Models 7160 and 7161 Getting
Started Card
This card provides the minimum procedures necessary for installing,
configuring, and starting to operate the Symantec Network Security
7100 Series appliance (printed and PDF).
■Symantec Network Security 716x Service Manual (printed and PDF). This
document provides instructions for removing the hard drive on the 7160
and 7161.
■Symantec Network Security 7100 Series Product Specifications and Safety
Information (printed and PDF). This document provides specifications for all
7100 Series models as well as safety warnings and certification information.
14 Introduction
About the Web sites
■Symantec Network Security User Guide (PDF). This guide provides basic
introductory information about Symantec Network Security software.
■Symantec Network Security 7100 Series Readme (on CD). This document
provides a feature summary, support and licensing information, key task
tips, and provides a link to late-breaking information about the Symantec
Network Security 7100 Series, including limitations, workarounds, and
troubleshooting tips.
About the Web sites
You can view the entire documentation set on the Symantec Network Security
Web site. You can get up to date information from the Knowledge Base and
patch sites:
■To view the documentation set, open http://www.symantec.com/techsupp/
enterprise/select_product_manuals.html, and click Intrusion Detection >
Symantec Network Security 4.0.
■The Knowledge Base provides a constantly updated reference of FAQs and
troubleshooting tips as they are developed.
To view the Knowledge Base, open http://www.symantec.com/techsupp/
enterprise/products/select_product_kb.html, and click Intrusion Detection
> Symantec Network Security 4.0.
■The patch site provides downloadable patches as they are released.
To access the patch site, open http://www.symantec.com/techsupp/
enterprise/select_product_updates.html, and click Intrusion Detection >
Symantec Network Security 4.0.
Verifying the materials
Once you have unpacked your Symantec Network Security 7100 Series
appliance, verify that you have received the following materials:
Table 1-2Materials list
PartDescription
ApplianceA single device that is one of three models:
■7120
■7160
■7161
Verifying the materials
Table 1-2Materials list
PartDescription
Management Console CDContains:
■Symantec Network Security management
console software for Windows and Linux
platforms
■SESA SIPI software for the appliance
■Product documentation in PDF format
Recovery Software CDContains software for re-imaging the appliance to the
original manufacturing settings.
15Introduction
Cables
■Power cord for the country of operation (two
power cords for 7160 and 7161)
■Null modem serial console cable
■Ethernet crossover cable for imaging and
diagnostics
Rack mounting hardware
■2 metal L-brackets
■8 screws for attaching the brackets to the
appliance
4 rubber feetFor use when installing the appliance on a shelf or
other flat surface
Printed documentation
■Symantec Network Security Version 4.0
Administration Guide
■Symantec Network Security 7100 Series
Implementation Guide
■Symantec Network Security 7100 Series Getting
Started Card
■Symantec Network Security 7100 Series Product
Specifications and Safety Information
Printed documentation only for
■Symantec Network Security 716x Service Manual
7160 and 7161
16 Introduction
Verifying the materials
Chapter
Introducing the 7100
Series components
This chapter includes the following topics:
■About the 7100 Series components
■About 7100 Series models
2
■About core components
■About additional components
About the 7100 Series components
The Symantec Network Security 7100 Series combines high speed networking
interfaces, multi-gigahertz CPUs, and plenty of memory with a number of
convenience features into a fast, simple, and reliable appliance. Additionally,
the LCD subsystem, compact flash, removable hard drive, and serial port make
administration tasks easy and efficient.
About 7100 Series models
The Symantec Network Security 7100 Series appliance is available in three
models. The specific hardware configuration for each model is described in the
following sections:
■Model 7120
■Model 7160
■Model 7161
18 Introducing the 7100 Series components
About 7100 Series models
Model 7120
The 7120 is the Fast Ethernet model of the Symantec Network Security 7100
Series. It has six 10/100Base-T monitoring interfaces, and comes in a 1U
configuration for a 19” rack.
Figure 2-1 shows the 7120 back panel components described in Table 2-1.
Figure 2-17120 back panel
Table 2-1 describes the components on the 7120 back panel.
Table 2-17120 back panel components
Diagram
location
1Power supplyConnection for the AC power cord; standard power supply
2Master power
3DB9 serial port Connection for the serial console cable
4USB portsEither port can be connected to the USB port of a bypass
5eth0Monitoring interface; also the Imaging Server connection
6eth1Monitoring interface; 10/100Base-T
7eth2Monitoring interface; 10/100Base-T
8eth3Monitoring interface; 10/100Base-T
9eth4Reset interface for sending TCP resets to malicious or
10eth5Management interface; 10/100Base-T
Component
name
switch
Description
Switch that turns the appliance on or off
unit for fail-open capability
for re-imaging the appliance; 10/100Base-T
unwanted flows; 10/100Base-T
11Compact flash
12Power reset
adapter
switch
Read/write drive for compact flash cards of up to 1 GB
capacity
Switch for cycling power on appliance
Model 7160
19Introducing the 7100 Series components
About 7100 Series models
The 7160 is the all gigabit copper Symantec Network Security 7100 Series
model. It provides eight 10/100/1000Base-T monitoring interfaces, and comes
in a 2U configuration for a 19” rack.
Figure 2-2 shows the back panel components described in Table 2-2:
Figure 2-27160 back panel
Table 2-2 describes the components on the 7160 back panel.
Table 2-27160 back panel components
Diagram
location
1Dual
2Power switchSwitch that turns the appliance on or off
3USB portsEither port can be connected to the USB port of a bypass
4DB9 serial port Connection for the serial console cable
5Compact flash
6re1000g0Monitoring interface; also the Imaging Server connection
7re1000g1Monitoring interface; 10/100/1000Base-T
Component
name
redundant
power supplies
adapter
Description
Connections for the AC power cords; two redundant power
supplies including four fans for cooling the appliance
interior
unit for fail-open capability
Read/write drive for compact flash cards of up to 1 GB
capacity
for re-imaging the appliance; 10/100/1000Base-T
8re1000g2Monitoring interface; 10/100/1000Base-T
9re1000g3Monitoring interface; 10/100/1000Base-T
10re1000g4Monitoring interface; 10/100/1000Base-T
20 Introducing the 7100 Series components
About 7100 Series models
Table 2-27160 back panel components
Model 7161
Diagram
location
11re1000g5Monitoring interface; 10/100/1000Base-T
12re1000g6Monitoring interface; 10/100/1000Base-T
13re1000g7Monitoring interface; 10/100/1000Base-T
14eth8RST0 reset interface for sending TCP resets to malicious or
15eth9RST1 reset interface for sending TCP resets to malicious or
16eth10RST2 reset interface for sending TCP resets to malicious or
17eth11Management interface; 10/100/1000Base-T
Component
name
Description
unwanted flows; 10/100/1000Base-T
unwanted flows; 10/100/1000Base-T
unwanted flows; 10/100/1000Base-T
The 7161 is very similar to the 7160, except that it provides four gigabit fiber
ports and four gigabit copper ports rather than all copper ports.
Figure 2-3 shows the back panel components described in Table 2-3:
Figure 2-37161 back panel
Table 2-3 describes the components on the 7161 back panel.
Table 2-37161 back panel components
21Introducing the 7100 Series components
About core components
Diagram
location
1Dual
2Power switchSwitch that turns the appliance on or off
3USB portsStandard USB ports
4DB9 serial port Connection for the serial console cable
5Compact flash
6re1000g0Monitoring interface; also the Imaging Server connection
Connections for the AC power cords; two redundant power
supplies including four fans for cooling the appliance
interior
Read/write drive for compact flash cards of up to 1 GB
capacity
for re-imaging the appliance; 1000Base-SX (fiber)
11re1000g5Monitoring interface; 10/100/1000Base-T
12re1000g6Monitoring interface; 10/100/1000Base-T
13re1000g7Monitoring interface; 10/100/1000Base-T
14eth8RST0 reset interface for sending TCP resets to malicious or
15eth9RST1 reset interface for sending TCP resets to malicious or
16eth10RST2 reset interface for sending TCP resets to malicious or
17eth11Management interface; 10/100/1000Base-T
About core components
In addition to the processors, memory, and networking interfaces, which vary in
specifics between appliance models, certain core components are standard.
unwanted flows; 10/100/1000Base-T
unwanted flows; 10/100/1000Base-T
unwanted flows; 10/100/1000Base-T
22 Introducing the 7100 Series components
About core components
See the following sections for more information:
■LCD panel
■LED lights
■Serial port
■USB ports
■Compact flash adapter
Figure 2-4 shows these components on the front and back panels of a 7160.
Figure 2-47160 core components
LCD panel
LCD PanelLED Lights
Compact Flash adapter
USB PortsSerial Port
The LCD panel includes the LCD screen and six push buttons. These components
are located on the front bezel of the Symantec Network Security 7100 Series
About core components
appliance. There is no significant difference between the models in the
arrangement of the LCD panel components.
Table 2-4 describes the LCD panel components.
Table 2-4LCD panel components
23Introducing the 7100 Series components
Diagram
location
1LCD screenProvides a backlit, 2 line by 16 character display.
2Left arrow
3Up arrow
4Down arrow
5Right arrow
6s (start)
7e (enter)
Component
name
button
button
button
button
button
button
Description
Scrolls through menu choices and moves the cursor
backward when entering input.
Scrolls up through characters and numbers when answering
initial configuration questions or entering the password.
Scrolls down through characters and numbers when
answering initial configuration questions or entering the
password.
Scrolls through menu choices and moves the cursor forward
when entering input.
Starts over when entering input. Also starts a network boot
during re-imaging or upgrading.
Enters the selected choice. Also, enters the line of input after
using the arrow buttons to edit it.
The LCD serves multiple purposes. When a new appliance is first booted, use the
LCD and buttons to select the method for initial configuration and continue, if
you like, through the entire configuration process. Otherwise, you can use the
serial console or the compact flash for initial configuration.
See “LCD panel initial configuration” on page 68.
See “Serial console initial configuration” on page 76.
24 Introducing the 7100 Series components
About core components
See “Compact flash initial configuration” on page 83.
After you configure the appliance and install Symantec Network Security, the
LCD panel goes into status mode, in which it cycles through various system
statistics. See “Monitoring appliance status” on page 130.
You can use the LCD panel to perform certain administrative tasks, such as
starting and stopping Symantec Network Security, rebooting or shutting down
the appliance, changing the appliance IP address, or rolling back Symantec
Network Security to the unconfigured state.
See “Using the LCD run menu” on page 154.
See “Restarting, rebooting, and powering off” on page 148.
See “Unconfiguring Symantec Network Security” on page 168.
Using the Network Security console, you can lock the LCD panel to prevent
unauthorized access. You can unlock it from the console or by entering the
administrator account password with the LCD panel buttons.
LED lights
See “Unlocking the LCD panel” on page 155.
The front panel of every Symantec Network Security 7100 Series appliance
contains five LED lights.
Table 2-5 describes the function of each LED light.
Table 2-5LED lights
Diagram
location
1PowerGlows when the appliance is powered on.
2Disk activityBlinks when the hard drive is accessed.
Component
name
Description
3Network
activity (Rx)
Blinks when network traffic is arriving on the eth1
interface on the 7120. This LED is disabled for the 7160
and 7161.
Table 2-5LED lights
25Introducing the 7100 Series components
About core components
Serial port
Diagram
location
4Network
5TemperatureBlinks to indicate temperature status, blinking slowly for
The serial port is a standard male DB9 port that provides direct access from the
Symantec Network Security 7100 Series to a serial console.
You can connect a null modem RS232 cable from the appliance to any laptop, PC
or other serial-enabled device, and log in to the appliance using a serial terminal
application with VT100 emulation. You can use the serial console during initial
configuration, for administrative tasks, and when troubleshooting.
Using a serial console for the initial configuration, rather than the LCD panel,
allows you to view the configuration questions on a monitor rather than on the
16 character LCD screen. See “Serial console initial configuration” on page 76.
Component
name
activity (Tx)
Description
Blinks when there is network traffic on the eth0 interface
on the 7120. This LED is disabled on the 7160 and 7161.
temperature warnings and quickly for temperature
failures. If the Symantec Network Security 7100 Series is
in danger of overheating, a log message is sent to the
appliance log file.
You can use the serial console to create a bootable compact flash card, which is
required to initiate the network boot process used during re-imaging or
upgrading the appliance. See “Preparing for re-imaging” on page 170.
Use the serial console to access the appliance operating system or Symantec
Network Security software for troubleshooting. See “Using the serial console”
on page 158.
USB ports
There are two USB ports on the back of every Symantec Network Security 7100
Series appliance. Either port can be used for the keep-alive connection to the
optional In-line Bypass unit. The bypass unit provides fail-open capability when
you configure the appliance for in-line mode. See “Fail-open” on page 35.
Compact flash adapter
The compact flash (CF) adapter is a device which reads from and writes to
compact flash cards of up to 1 GB capacity. Each Symantec Network Security
26 Introducing the 7100 Series components
About core components
7100 Series appliance is equipped with a compact flash adapter, located on the
back panel. A compact flash card must be purchased separately. The CF adapter
has a button for ejecting the card.
Compact flash cards are removable storage media that you can use for several
purposes, including:
Eject button
■Saving initial configuration information for a new slave appliance
■Loading initial configuration information onto a new slave appliance
■Backing up node logs, databases, and configuration information
■Restoring node logs, databases, and configuration information
■Upgrading to a major new version of Symantec Network Security
■Upgrading to a major new version of the operating system
■Booting from compact flash during appliance re-imaging or upgrading
You can use the Network Security console to access the compact flash adapter.
The compact flash card is treated as an internal device, so you must insert the
CF card into the adapter before booting the appliance. When the CF card is
present at boot time, it is automatically mounted as a filesystem.
See “Compact flash initial configuration” on page 83.
See “Preparing for re-imaging” on page 170.
See “Creating a bootable compact flash” on page 171.
See “Making a non-bootable compact flash card” on page 143.
See “Using the compact flash for backup and restore” on page 144.
About additional components
The high-end models of the Symantec Network Security 7100 Series include
additional features that the 7120 does not. These include a removable hard drive
and dual redundant power supplies.
Removable disk drive
The 7160 and 7161 have a hard drive that you can easily remove by means of a
pullout panel on the bottom of the appliance.
27Introducing the 7100 Series components
About additional components
If you should ever need to ship your appliance to Symantec for support, this
provides a convenient method of extracting the drive before shipping the
appliance. This allows you to protect proprietary or sensitive data contained on
the drive.
The pullout panel is held in place by four captive screws which can be turned by
hand orwith a Phillips (cross) headscrewdriver.
Warning: Turn off the power and unplug the appliance before attempting to
open the panel and remove the disk drive. The drive is not hot-swappable.
See “Service Manual” on page 191.
28 Introducing the 7100 Series components
About additional components
Dual redundant power supplies
The 7160 and 7161 have dual redundant power supplies. The dual power
supplies ideally connect to separate power sources.
Dual redundant power supplies
Each of the redundant power supplies has two internal power-main connections.
In the event of a failure of one power-main, the other one continues to provide
uninterrupted power.
In case of failure or when only one power supply is connected to a power source,
the power supply emits a high-pitched alarm.
Chapter
Deploying the 7100 Series
This chapter includes the following topics:
■About deploying the 7100 Series
■Deployment options
■Network Security console accessibility
■SESA server accessibility
3
■Symantec LiveUpdate accessibility
About deploying the 7100 Series
When deciding how best to deploy your Symantec Network Security 7100 Series
appliance, consider both the capabilities of the product and the specifics of your
network. You can deploy the appliance in a variety of modes depending on your
needs. These choices include passive mode, in-line mode (with or without
blocking), interface grouping, fail-open, clustering, high availability, and in
combination with third-party IDS products.
The Symantec Network Security 7100 Series provides the flexibility to meet the
needs of complex enterprise networks. It supports multiple external network
connections, asymmetric routing, servers containing sensitive and important
information, multiple VLANs, and more.
Deployment options
You can deploy the Symantec Network Security 7100 Series appliance in
different modes, including passive and in-line. If your network exhibits
asymmetric traffic patterns, you may want to configure interface grouping. If
you deploy the appliance in-line, you can add fail-open capabilities. You can
combine it in a cluster with other Symantec Network Security nodes, which may
30 Deploying the 7100 Series
Deployment options
be appliances or software versions on other platforms. You can integrate the
appliance with third party intrusion detection products as well.
See the following sections for more information:
■Bandwidth licensing options
■Passive mode
■In-line mode
■Interface grouping
■Fail-open
■Clustering
■External IDS products
Bandwidth licensing options
Passive mode
The Symantec Network Security 7100 Series offers extremely flexible
bandwidth deployment licensing. You can choose from three bandwidth levels
for the 7120, and four levels for a 7160 or 7161. If your network traffic increases
beyond your licensed rate, you can add to your license in 50 Mbps increments
for the 7120, and in 250 Mbps increments for the 7160 and 7161. For more
information about licensing, see “Licensing” on page 91.
Passive mode is the default method of monitoring traffic on network segments.
It provides intrusion detection with logging, alerting, and response capabilities.
Passive mode also provides maximum performance. Symantec Network Security
4.0 software provides the same functionality on other platforms as passive mode
on the 7100 Series.
When configuring monitoring interfaces to monitor network segments:
■The 7120 can monitor four different network segments with a total
bandwidth up to 200 Mbps of network traffic.
■The 7160 and 7161 models can each monitor up to eight network segments,
with a total bandwidth up to 2 Gbps.
In passive mode, Network Security detects attacks as they enter the monitored
network. You can configure response rules to provide alerts, send TCP resets,
execute scripts, or take other actions. See the Symantec Network Security Administration Guide for more information on response rules.
In-line mode
31Deploying the 7100 Series
Deployment options
Note: Passive mode does not provide the ability to block malicious traffic from
reaching its destination. The attack is detected on its way to the target. Blocking
is only available using in-line mode. See “In-line mode” on page 31 and “About
protection policies” on page 116.
In-line mode is a powerful mode of deployment that is available only on the
Symantec Network Security 7100 Series.
This section provides the following information:
■Blocking and alerting
■In-line pairs
■Deployment using in-line mode
■Comparing in-line mode to passive mode
Blocking and alerting
You can configure in-line mode on your appliance to operate in either of two
modes:
■Alerting: Sends configurable alerts using email, pagers, SNMP, and console
pop-ups. Provides configurable responses such as sending TCP resets,
executing scripts or programs, traffic recording, and more.
■Blocking: Prevents malicious traffic from entering your network. Also
provides the same configurable alerts and responses offered in alerting
mode.
Both operating modes provide logging of suspicious or malicious events,
including the display of events and incidents on the Network Security console.
In-line alerting mode provides the same capabilities as passive mode provides
(see “Passive mode” on page 30). The advantage of in-line alerting mode over
passive mode is that you can quickly switch from alerting to blocking mode in
the Network Security console.
In-line blocking mode is an important tool for securing your network, because it
allows you to stop attacks at the point of detection. Blocking mode on the 7100
Series utilizes Symantec Network Security’s powerful analysis software to
identify both zero-day attacks and those with known signatures. You can find
more information about Network Security’s analysis and detection capabilities
in the Symantec Network Security Administration Guide.
32 Deploying the 7100 Series
Deployment options
In-line pairs
In-line mode requires two interfaces configured as an in-line pair. The
interfaces in each in-line pair are pre-determined, and the Network Security
console enforces the pairing.
Figure 3-1 shows the interfaces designated for in-line pair 0 and pair 1 on the
The 7100 Series node receives incoming network traffic on one interface of the
in-line pair, then the Network Security detection software analyzes the traffic
for malicious content. Once the analysis is complete, Network Security sends the
traffic out on the other interface.
You can select alerting or blocking mode for each in-line pair by customizing
and applying a protection policy to the in-line pair. A protection policy is a
collection of attack types combined with configurable responses. Some
protection policies support blocking, and others do not. You can only enable
blocking for in-line pairs. For more information about protection policies, see
“About protection policies” on page 116, and the Symantec Network Security
Administration Guide.
Deployment using in-line mode
The initial setup for in-line mode requires an interruption to network traffic
while you make the necessary cabling changes. The appliance must be
physically connected as part of the network path to block malicious traffic from
reaching its target inside your network. See “Cabling” on page 49.
33Deploying the 7100 Series
Comparing in-line mode to passive mode
Table 3-1 illustrates the differences and similarities between in-line mode and
passive mode on the Symantec Network Security 7100 Series.
Table 3-1In-line mode compared to passive mode
Feature or characteristicIn-line mode Passive mode
AlertingYesYes
BlockingYesNo
Interrupts traffic during setupYesNo
Number of interfaces used21
Interface grouping
You can use interface grouping when asymmetric traffic patterns appear in your
network. Asymmetric routing occurs when network traffic to and from a given
IP address does not follow the same path. Interface grouping is the solution to
this problem.
34 Deploying the 7100 Series
Deployment options
Figure 3-3Asymmetric traffic pattern
RouterRouter
Inflow of
sessions
Multilayered
switch
Outflow of
sessions
Outflow of
sessions
Inflow of
sessions
Multilayered
switch
You can configure up to four monitoring interfaces into one interface group.
Symantec Network Security starts a single sensor for the group, with the result
that all network traffic seen on any interface within the group is analyzed in the
group context, as if the traffic were being seen on a single interface. Any policy
you create for an interface group applies to all interfaces in the group.
Interfaces that are part of a group cannot be configured individually.
An interface group can only include passive mode interfaces. Interface grouping
of in-line pairs is not supported.
You can only create an interface group using interfaces from the same node.
Interfaces groups spanning multiple nodes in a cluster are not supported.
ServersServers
Fail-open
35Deploying the 7100 Series
Deployment options
Fail-open refers to a configuration that allows network traffic to continue even
if the Symantec Network Security 7100 Series appliance has a hardware or
software failure that affects one or more of its in-line interface pairs. For in-line
interface pairs on the appliance, fail-open is an option that requires the
purchase and installation of another device called the Symantec Network
Security In-line Bypass unit.
See the following sections for more information:
■About the In-line Bypass unit
■The 2 In-line Bypass unit
■The 4 In-line Bypass unit
■Port groups and the management port on the bypass unit
■Online and bypass modes
■Link parameters on bypass unit interfaces
■Front panel LEDs on the bypass unit
■Rear panel LEDs on the bypass unit
About the In-line Bypass unit
Since in-line mode by definition places the appliance into the network path, a
hardware or software failure affecting the interface pair will interrupt network
traffic, or fail closed. To avoid this you can install the In-line Bypass unit. The
bypass unit monitors the 7100 Series status, and if it senses a failure, the bypass
unit provides direct network connectivity.
There are two bypass unit models, called the 2 In-line Bypass unit and the 4
In-line Bypass unit. The two models are designed to accommodate 7100 Series
appliances with either four or eight copper monitoring interface ports. The
following table summarizes the features of the bypass unit models:
Table 3-2Bypass unit features
Feature2 In-line Bypass
unit
4 In-line Bypass
unit
Supported appliance model71207160
Supported number of in-line interface
pairs (equals number of port groups on
bypass unit)
10/100/1000 Base-TX (MDIX) interfaces24
24
36 Deploying the 7100 Series
Deployment options
Table 3-2Bypass unit features
Feature2 In-line Bypass
unit
10/100/1000 Base-T (MDI) interfaces612
USB ports11
4 In-line Bypass
unit
Both the 2 In-line Bypass unit and the 4 In-line Bypass unit are equipped with
gigabit (10/100/1000) copper interfaces. The interfaces can accommodate both
Fast Ethernet and Gigabit Ethernet connections.
Because the bypass unit is only available for copper interfaces, fail-open cannot
be provided at this time for the optical fiber in-line interface pairs on the
appliance model 7161.
Both bypass unit models operate at wire speeds and have no impact on
performance.
The 2 In-line Bypass unit
You can deploy the 2 In-line Bypass unit with a 7120.
Figure 3-4 shows the rear panel of the 2 In-line Bypass unit.
Figure 3-4 2 In-line Bypass unit
1 - Serial port
2 - Mgmt USB
3 - Power Supply 1
4 - Power Supply 2
5 - NetA
6 - AppA
7 - AppB
8 - NetB
9 - Port group 1
10 - Port group 0
The 4 In-line Bypass unit
You can deploy the 4 In-line Bypass unit with a 7160.
Figure 3-5 shows the rear panel of the 4 In-line Bypass unit.
Figure 3-54 In-line Bypass unit
37Deploying the 7100 Series
Deployment options
1 - Serial port
2 - Mgmt USB
3 - Power Supply 1
4 - Power Supply 2
5 - Port group 0
6 - Port group 1
7 - Port group 2
8 - Port group 3
Port groups and the management port on the bypass unit
Each bypass unit contains groups of ports called port groups. Each port group
contains four ports that connect to the network and to the in-line pair ports on
the appliance.
Each bypass unit also has a USB port for communication with the appliance.
The Net A port of each port group on the bypass unit is implemented as
10/100/1000Base-TX. It is a Medium Dependent Interface, crossed (MDIX). You
may need a crossover cable to connect Net A to some devices. The Net B port of
each port group is implemented as 10/100/1000Base-T (MDI). Consult the
documentation for your network devices to determine whether they require
crossover connections.
You must supply at least four connections to each port group in use on the
bypass unit, plus one USB connection per bypass unit. Table 3-3 describes these
connections.
Table 3-3Connections needed for deploying bypass unit
ConnectionBypass port Description
The appliance USB
port
One side of the
network
Mgmt USBConnects to either USB port on the appliance. The
two devices communicate over the USB
connection.
Net AConnects to one side of the network that you are
protecting. Net A is the Base-TX port (MDIX).
38 Deploying the 7100 Series
Deployment options
Table 3-3Connections needed for deploying bypass unit
ConnectionBypass port Description
The even-numbered
interface on the
appliance
The odd-numbered
interface on the
appliance
The other side of the
network
App AConnects to the interface in the in-line pair that is
associated with one side of the network. App A
always connects to the even-numbered interface
(for example, re1000g0 or eth2).
App BConnects to the interface in the in-line pair that is
associated with the other side of the network. App
B always connects to the odd-numbered interface
(for example, re1000g1 or eth3).
Net BConnects to the other side of the network.
Online and bypass modes
The bypass units can operate in two modes:
■Online mode: Network traffic passes from the bypass unit to the 7100 Series
for analysis, then goes back to the bypass unit and out through the other
network interface. Also called online state.
■Bypass mode: Network traffic entering the bypass unit passes directly from
one side of the network to the other. Also called bypass state.
After connecting the bypass unit to the 7100 Series and powering on, all port
groups are initially in bypass mode. In bypass mode, network traffic does not
pass through the appliance for event detection. To change the port group to
online mode, you must start a sensor on the in-line pair that is connected to that
port group. Event detection can only occur when the bypass unit is in online
mode.
See “Starting a sensor on an appliance interface” on page 115.
While the appliance is running, the bypass unit stays in online mode. If the
appliance has a hardware or software failure, fail-open is activated when the
bypass unit senses the failure via the USB connection and switches to bypass
mode.
Link parameters on bypass unit interfaces
The interface link parameters, including speed and duplex mode, should be
auto-negotiated between Net A and App A, and Net B and App B. You should not
force the link speed or duplex mode to a specific setting on network devices that
connect to Net A or Net B. Forcing the link parameters to a certain value may
Deployment options
result in link speed or duplex mismatches which could cause degraded
performance or possible loss of connectivity.
After connecting the bypass unit to a 7100 Series appliance, you should verify
the link speed and duplex parameters for all interfaces in the port group. To
verify the link parameters for Net A and Net B, log on to the connected network
devices and display the status for the connected interfaces. Ensure that the
connected interfaces are configured for auto-negotiation of link parameters.
To verify the link parameters for App A and App B, use the Network Security
console. After starting a sensor on the corresponding in-line pair, you can view
the link parameters by clicking each interface object in the in-line pair.
See “Interface status parameters” on page 133.
The parameter values for all interfaces in the port group should be the same
when the bypass unit is in online mode. For a 2 In-line Bypass unit connected to
a 7120, all interfaces should auto-negotiate to 100 Mbps in online mode.
However, when Net A and Net B on a 2 In-line Bypass unit are connected to
gigabit interfaces on both network devices, the bypass unit can run at up to 1000
Mbps in bypass mode.
39Deploying the 7100 Series
Front panel LEDs on the bypass unit
Both In-line Bypass units share a common front panel that contains a number of
status LEDs.
Figure 3-6 shows the bypass unit front panel LED configuration.
Figure 3-6Bypass unit front panel LEDs
45
012367
Table 3-4 describes the LEDs shown in the diagram.
Table 3-4Bypass unit front panel LED descriptions
Diagram
location
LED label LED nameDescription
ONLINE
40 Deploying the 7100 Series
Deployment options
Table 3-4Bypass unit front panel LED descriptions
Diagram
LED label LED nameDescription
location
0P0Port group 0The P0 LED glows when port group 0 is
operating in online mode.
1P1Port group 1The P1 LED glows when port group 1 is
operating in online mode.
2P2Port group 2The P2 LED glows when port group 2 is
operating in online mode.
3P3Port group 3The P3 LED glows when port group 3 is
operating in online mode.
MGMT
4TXTransmit dataThe TX LED blinks when the bypass unit is
transmitting data on the USB connection.
5RXReceive dataThe RX LED blinks when the bypass unit is
receiving data on the USB connection.
PWR
6PS1Power supply 1The PS1 LED glows when power supply 1 is
connected to a power source.
7PS2Power supply 2The PS2 LED glows when power supply 2 is
connected to a power source.
Rear panel LEDs on the bypass unit
The rear panel status LEDs are located in the top left and top right corners of
each port in the port groups. On the bypass unit, the LEDs are labeled only for
the top ports, but the labels apply to the ports in the lower port group as well.
Figure 3-7 shows the bypass unit rear panel LED configuration.
Deployment options
Figure 3-7Bypass unit rear panel LEDs
Table 3-5 describes the LEDs shown in the diagram.
Table 3-5Bypass unit rear panel LED descriptions
LED labelLED nameDescription
LTLink testThe LT LED glows green to indicate an active link signal on
the port.
41Deploying the 7100 Series
Clustering
ALMAlarmThe ALM LED in the top right corner of the Net A port glows
red for an alarm condition such as lack of a link signal on one
or more ports in the port group.
BYPBypassThe BYP LED in the top right corner of the App A port glows
yellow when the port group is operating in bypass mode.
ONOnlineThe ON LED in the top right corner of the App B port glows
green when the port group is operating in online mode.
GIGGigabitThe GIG LED in the top right corner of the Net B port glows
green when the port group is operating in gigabit mode
(1000Mbps). It is off when the port group is operating at 100
Mbps or 10 Mbps).
You can combine the Symantec Network Security 7100 Series appliance with
other nodes and appliances into a cluster. One node within the cluster functions
as the master node, and the others act as slaves. You can access and configure all
nodes in the cluster from the same Network Security console. You can configure
cluster parameters on the master node, which then propagate to the slave nodes.
This is discussed in more detail in the Symantec Network Security Administration Guide.
42 Deploying the 7100 Series
Network Security console accessibility
When you deploy your appliance as part of a cluster, it has certain compatibility
requirements. Whether an appliance is a master or a slave node, it can only be
combined in a cluster with other nodes that are either:
■Symantec Network Security 7100 Series appliances
■Symantec Network Security 4.0 nodes
External IDS products
The Symantec Network Security 7100 Series appliance can be deployed in
conjunction with certain intrusion detection products made by other vendors.
The appliance can receive event data from these products if you purchase and
install the corresponding Symantec Network Security Smart Agent software.
Once the event data is received, the appliance analyzes it in the same way that it
handles data from its own sensors. For more information, see the Symantec Network Security Administration Guide.
Network Security console accessibility
The Network Security console is a Java application that runs on a separate
computer. You can deploy the console on any computer that can access the 7100
Series management network.
See “Installing the console” on page 86.
You should locate the console in a secure area to prevent unauthorized access.
Symantec Network Security controls console application access with user names
and passphrases. You can create users with different access permissions. For
more information, see the Symantec Network Security Administration Guide.
SESA server accessibility
Symantec Network Security can export event data to Symantec Enterprise
Security Administrator (SESA) via the management interface. Configuring your
appliance for integration with SESA provides an opportunity to share the event
data with other Symantec products. Symantec Network Security and SESA
communicate over the management network.
See “Installing the SESA bridge” on page 161.
See the Symantec Network Security Administration Guide for more information
about using SESA.
Symantec LiveUpdate accessibility
Symantec Network Security provides product updates and enhancements in the
form of Security Updates, Engine Updates, and patches, using LiveUpdate. Not
to be confused with upgrading, LiveUpdate enables you to check for new
updates, apply updates to single nodes or node clusters, schedule automatic
updates, view current and applied versions, and keep your systems updated to
the latest levels.
You can configure the 7100 Series for automatic updates, or you can set up a
separate system to receive the updates for later disbursement to Symantec
Network Security nodes. Your choice affects whether the 7100 Series node needs
access to the Symantec Web site or only to a local server.
For more information about LiveUpdate, see the Symantec Network Security Administration Guide.
43Deploying the 7100 Series
Symantec LiveUpdate accessibility
44 Deploying the 7100 Series
Symantec LiveUpdate accessibility
Chapter
Installing the 7100 Series
This chapter includes the following topics:
■About installing the 7100 Series
■Rack mounting
■Cabling
4
About installing the 7100 Series
To install the Symantec Network Security 7100 Series you need to:
■Mount it on the rack or shelf
■Cable it to other network devices
The Symantec Network Security 7100 Series is designed to be installed in a data
center with other networking devices and servers. Its dimensions are suitable
for a 19” rack. You must position it within cabling distance of any switches or
other devices that access the network segments that you want to protect.
The appliance can be mounted facing either direction in your rack, so consider
which side will have access to the ports and compact flash, and which will have
access to the LCD panel and LED lights.
You may need port access during installation and to reconfigure between
passive mode and in-line mode monitoring.
You may need access to the compact flash adapter for backing up and restoring,
log archiving, re-imaging, upgrading, or initial configuration of slave
appliances.
You may need to use the LCD panel during initial configuration. System
statistics are displayed on the LCD screen during normal operation. You can also
perform certain administrative functions from the LCD panel, such as stopping
and starting Symantec Network Security, and rebooting the appliance.
46 Installing the 7100 Series
Rack mounting
Rack mounting
Access to the LED lights allows you to see indicators for power, disk usage,
network traffic in and out, and appliance temperature.
The Symantec Network Security 7100 Series comes with two metal L-brackets
and eight screws for attaching the brackets to the appliance. Using the brackets,
you can mount the appliance to a standard 19” two-post or four-post rack. This
procedure is the same for all models.
Note: Due to the distribution of weight in models 7160 and 7161, you may wish
to mount the brackets at the rear of the appliance. Alternatively, you can use
other mounting hardware to attach the appliance to your rack, such as sliding
rails or a shelf.
Warning: Installing the appliance into a rack may require two people or a lifting
device, especially for the 2U models. The 7160 and 7161 weigh approximately
16.33 kg (36 lbs).
Mounting the appliance to a two-post rack
This section describes the procedure for mounting the appliance onto a two-post
rack.
To mount the appliance to a two-post rack
1Place the long side of an L-bracket against one side of the appliance near
either the front or the back of the appliance. Turn the bracket to position the
short side of the bracket closer to the midpoint of the appliance.
Rack mounting
2Attach the bracket by inserting four of the providedscrews through the slots
in the bracket into the holes in the appliance casing. Tighten the screws
completely.
3Attach the other L-bracket in the same way to the opposite side of the
appliance.
4With assistance, lift the appliance into place so that the short flanges of the
L-brackets are pressed against the rack posts.
5Using the screws supplied with your rack, attach the L-brackets to the posts
on both sides of the appliance.
47Installing the 7100 Series
Mounting the appliance to a four-post rack
This section describes the procedure for mounting the appliance onto a
four-post rack.
48 Installing the 7100 Series
Rack mounting
To mount the appliance to a four-post rack
1Place the long side of an L-bracket against one side of the appliance near
either the front or the back of the appliance. Position the bracket so that its
short flange is lined up with the front or back of the appliance.
2Attach the bracket by inserting four of the providedscrews through the slots
in the bracket into the holes in the appliance casing. Tighten the screws
completely.
3Attach the other L-bracket in the same way to the opposite side of the
appliance.
4With assistance, lift the appliance into place so that the short flanges of the
L-brackets are pressed against the rack posts on both sides.
5Using the screws supplied with your rack, attach the L-brackets to the posts
on both sides of the appliance.
Cabling
Most of the cabling on the appliance has to do with network connections. There
are no keyboard, mouse, or video interfaces to connect. You need to connect
cables to the monitoring ports, management port, reset ports, and power supply.
Optionally, you may wish to cable the serial port and, if you have a Symantec
Network Security In-line Bypass unit, a USB port.
Cabling for model 7120
This section describes cabling for model 7120. If you have a different model,
refer to the appropriate section.
See “Cabling for model 7160” on page 54.
See “Cabling for model 7161” on page 62.
The following topics are covered here:
49Installing the 7100 Series
Cabling
■Connecting the management, reset, and serial ports
■Cabling for passive mode monitoring
■Cabling for in-line mode monitoring
■Cabling a bypass unit for fail-open
■Powering the 7120 on or off
Warning: To prevent a possible electric shock, do not connect the power until all
other cabling is done.
Figure 4-1 shows the back panel of the 7120.
Figure 4-17120 back panel
1 - Power supply
2 - Master power switch
3 - Serial port
4 - USB ports
5 - Monitoring port 0
6 - Monitoring port 1
7 - Monitoring port 2
8 - Monitoring port 3
9 - Reset port
10 - Management port
11 - Compact flash adapter
12 - Reset power switch
50 Installing the 7100 Series
Cabling
Connecting the management, reset, and serial ports
You need two Ethernet cables of an appropriate length to connect the
management and reset ports to your network.
Use the provided serial console cable to connect the serial port to your serial
device.
To connect the management port
◆Connect the management port on the appliance to your management
network.
To connect the reset port
◆Connect the reset port on the appliance to the monitored network where you
want to send TCP resets.
To connect the serial port
◆Connect the serial port on the appliance to a laptop, PC, or other serial
device.
Cabling for passive mode monitoring
The 7120 appliance can monitor up to four separate network segments. Note
that ports 0 through 2 use a faster bus than port 3, which may be a consideration
depending on how busy your network segments are. All ports are 10/100 Base-T
Ethernet ports.
To cable the 7120 for passive mode monitoring
◆Connect ports 0, 1, 2, and 3 of the appliance to the network segments that
you want to monitor.
Cabling for in-line mode monitoring
The 7120 appliance can provide in-line mode monitoring for up to two network
segments. In-line mode requires an interface pair for each monitored network
segment. The interface pair can be ports 0 and 1, or ports 2 and 3. Other port
combinations are not supported.
Within each interface pair, each port is connected to the network, splitting it
into two sides.
To use in-line mode for monitoring a single network segment, you may choose
either interface pair (ports 0/1, or ports 2/3). You can use the remaining ports
for monitoring other network segments in passive mode.
Figure 4-2 depicts a 7120 using in-line mode to monitor two network segments.
Figure 4-27120 using in-line mode
To cable the 7120 for in-line mode monitoring
1Connect port 0 of the appliance to one side of network 1.
51Installing the 7100 Series
Cabling
2Connect port 1 of the appliance to the other side of network 1.
3Connect port 2 of the appliance to one side of network 2.
4Connect port 3 of the appliance to the other side of network 2.
Cabling a bypass unit for fail-open
This section describes how to install a Symantec Network Security In-line
Bypass unit to provide fail-open capability. The 2 In-line Bypass unit is
recommended for operation with the 7120 appliance.
Note: Only the 2 In-line Bypass unit is supported for use with model 7120.
Figure 4-3 shows the 2 In-line Bypass unit.
Figure 4-3Use the 2 In-line Bypass unit with the 7120
Port Group 0
Port Group 1
The 2 In-line Bypass unit contains two port groups, each with four ports. The
Net A and App A ports in the port group, along with the even-numbered port of
the 7120 in-line pair, handle traffic on one side of the network connection. The
other two ports in the port group, Net B and App B, are associated with the other
port of the 7120 in-line pair and the other side of the network connection.
52 Installing the 7100 Series
Cabling
Figure 4-4 depicts a 2 In-line Bypass unit deployed with a 7120 and other
network devices.
Figure 4-42 In-line Bypass unit deployed with 7120
AppA AppB
2 In-line Bypass unit
NetA
NetB
Port group 0
Port group 1
7120
0 - Port 0
1 - Port 1
2 - Port 2
3 - Port 3
4 - In-line pair 0
5 - In-line pair 1
Note: Follow the cabling instructions carefully to match each in-line interface
pair with its associated port group on the bypass unit. Connect in-line pair 0
(ports 0/1 on the appliance) to port group 0 on the bypass unit. Connect in-line
pair 1 on the 7120 to port group 1 on the bypass unit.
The Net A port of each port group on the bypass unit is implemented as
10/100/1000Base-TX. You may need a crossover cable to connect Net A to some
devices. This is more likely when connecting Net A to an older switch that does
not provide automatic pair reversal. The Net B port of each port group is
Cabling
implemented as 10/100/1000Base-T. Consult the documentation for your
network devices to determine whether they require crossover connections.
The following procedures do not anticipate the type of cable. It is up to you to
select a crossover cable if your network device requires one.
The link parameters, including speed and duplex mode, should be
auto-negotiated between Net A and App A, and Net B and App B. Do not force the
link speed or duplex mode to a specific setting on network devices that connect
to Net A or Net B.
See “About the In-line Bypass unit” on page 35.
To connect the bypass unit App A and App B ports to the 7120 in-line pair, use
the Ethernet cables provided with the bypass unit.
Note: After connecting the bypass unit to the 7100 Series and powering both on,
all port groups are initially in bypass mode. To change the port group to online
mode, you must start a sensor on the in-line pair that is connected to that port
group. Event detection can occur only when the port group is in online mode.
53Installing the 7100 Series
See “Starting a sensor on an appliance interface” on page 115.
To cable in-line pair 0 with port group 0
1Shut down the 7120 appliance if it is running.
2On the bypass unit, connect Net Aof port group 0 to one side of the network.
3Connect App Aof port group 0 to port 0 on your appliance.
4Connect App Bof port group 0 to port 1 on your appliance.
5On the bypass unit, connect Net Bof port group 0 to the other side of the
network.
6Using the USB cable, plug one USB connector into either USB port on the
7120 appliance, and plug the other connector into the Mgmt USB port on
the 2 In-line Bypass unit.
To cable in-line pair 1 with port group 1
1Shut down the 7120 appliance if it is running.
2On the bypass unit, connect Net Aof port group 1 to one side of the network.
3Connect App Aof port group 1 to port 2 on your appliance.
4Connect App Bof port group 1 to port 3 on your appliance.
5On the bypass unit, connect Net Bof port group 1 to the other side of the
network.
54 Installing the 7100 Series
Cabling
6If the USB cable is not yet connected,plug one USB connector into either
USB port on the 7120 appliance, and plug the other connector into the
Mgmt USB port on the 2 In-line Bypass unit.
Powering the 7120 on or off
As the last step in the physical installation of the 7120 appliance, connect and
turn on the power. When the appliance powers on, you should hear the hard
drive spin up and the fans turn on, and see the LEDs and LCD screen light up.
An uninterruptible power supply (UPS) is recommended. Do not use an
extension cord.
To power the 7120 on for the first time
◆Connect one end of the power cord to the AC power socket on the appliance,
and plug the other end into the power source.
The 7120 powers up automatically.
Powering the 7120 off before initial configuration
If you need to power the 7120 off before performing initial configuration, you
can use the master power switch or the Shutdown Host option on the LCD. After
initial configuration, you should power the appliance off by using the LCD menu
item or a command on the serial console.
See “Powering off the appliance” on page 152.
To power the 7120 off before initial configuration
◆Do one of the following:
■On the LCD panel, use the buttons to navigate to the Shutdown Host
option on the LCD screen and press e.
■On the back panel of the 7120, press and hold the master power switch
for approximately 5 seconds until you hear the fans stop.
Cabling for model 7160
This section describes cabling for model 7160. If you have a different model,
refer to the appropriate section.
See “Cabling for model 7120” on page 49.
See “Cabling for model 7161” on page 62.
The following topics are covered here:
■Connecting the management, reset, and serial ports
Cabling
■Cabling for passive mode monitoring
■Cabling for in-line mode monitoring
■Cabling a bypass unit for fail-open
■Powering the 7160 on or off
Warning: To prevent a possible electric shock, do not connect the power until all
other cabling is done. An alarm will sound if you connect only one power cord.
Figure 4-5 shows the back panel of the 7160.
Figure 4-57160 back panel
55Installing the 7100 Series
1 - Power supplies
2 - Power switch
3 - USB ports
4 - Serial port
5 - Compact flash adapter
6 - Port 0
7 - Port 1
8 - Port 2
10 - Port 4
11 - Port 5
12 - Port 6
13 - Port 7
14 - RST0
15 - RST1
16 - RST2
17 - Management port
9 - Port 3
Connecting the management, reset, and serial ports
You need four Ethernet cables of an appropriate length to connect the
management and reset ports to your network.
Use the provided serial console cable to connect the serial port to your serial
device.
To connect the management port
◆Connect the management port on the appliance to your management
network.
56 Installing the 7100 Series
Cabling
To connect the reset ports
1Connect the first reset port (RST0) on the appliance to a monitored network
where you want to send TCP resets.
2Connect the second reset port (RST1) on the appliance to a monitored
network where you want to send TCP resets.
3Connect the third reset port (RST2) on the appliance to a monitored network
where you want to send TCP resets.
To connect the serial port
◆Connect the serial port on the appliance to a laptop, PC, or other serial
device.
Cabling for passive mode monitoring
The 7160 appliance can monitor up to eight separate network segments. All
monitoring ports are 10/100/1000 Base-T Ethernet, capable of handling up to 1
Gbps of network traffic.
To access network segments for monitoring, you can connect each port to a hub,
a router, or a switch.
To cable the 7160 for passive mode monitoring
◆Connect ports 0 through 7 of the appliance to the eight network segments
that you want to monitor.
Cabling for in-line mode monitoring
The 7160 appliance provides in-line mode monitoring for up to four network
segments. In-line mode requires an interface pair for each monitored network
segment. The interface pair can be ports 0 and 1, ports 2 and 3, ports 4 and 5, or
ports 6 and 7. Other port combinations are not supported.
Within each interface pair, the lower numbered port (the top port on the NIC)
connects to one side of the network, while the port with the higher number
connects to the other side of the network.
To use in-line mode for monitoring fewer than four network segments, you may
use any of the supported interface pairs (ports 0/1, ports 2/3, ports 4/5, or ports
6/7). You can use the remaining ports for monitoring other network segments in
passive mode.
Figure 4-6 depicts a 7160 using in-line mode to monitor four network segments.
Figure 4-67160 using in-line mode
57Installing the 7100 Series
Cabling
7160
Network
segment 1
Network
segment 1
Network
segment 2
Network
segment 2
Network
segment 3
Network
segment 3
Network
segment 4
Network
segment 4
To cable the 7160 for in-line mode monitoring
1Connect port 0 of the appliance to one side of network segment 1.
2Connect port 1 of the appliance to the other side of network segment 1.
3Connect port 2 of the appliance to one side of network segment 2.
4Connect port 3 of the appliance to the other side of network segment 2.
5Connect port 4 of the appliance to one side of network segment 3.
6Connect port 5 of the appliance to the other side of network segment 3.
7Connect port 6 of the appliance to one side of network segment 4.
8Connect port 7 of the appliance to the other side of network segment 4.
Cabling a bypass unit for fail-open
This section describes how to install a Symantec Network Security In-line
Bypass unit to provide fail-open capability. The 4 In-line Bypass unit is
recommended for operation with the 7160.
58 Installing the 7100 Series
Cabling
Note: Only the 4 In-line Bypass unit is supported for use with model 7160.
Figure 4-7 shows the 4 In-line Bypass unit.
Figure 4-74 In-line Bypass unit
The 4 In-line Bypass unit contains four port groups, each with four ports. Two
ports, Net A and App A, are associated with one port of the 7160 in-line pair and
the corresponding side of the network. The other two ports in the port group,
Net B and App B, are associated with the other port of the 7160 in-line pair and
the other network connection.
Figure 4-8 depicts a 4 In-line Bypass unit deployed with a 7160 and other
network devices.
Figure 4-84 In-line Bypass unit deployed with 7160
Port group 0
59Installing the 7100 Series
Cabling
Port
group 2
Port group 1
7160
0 - Port 0
1 - Port 1
2 - Port 2
3 - Port 3
4 - Port 4
5 - Port 5
6 - Port 6
7 - Port 7
8 - RST0
9 - RST1
Port
group 3
10 - RST 2
11 - Management port
12 - Mgmt USB on bypass unit
13 - USB ports
14 - In-line pair 0
15 - In-line pair 1
16 - In-line pair 2
17 - In-line pair 3
60 Installing the 7100 Series
Cabling
Note: Follow the cabling instructions carefully to match each in-line interface
pair with its associated port group on the bypass unit. Connect in-line pair 0
(ports 0/1 on the appliance) to port group 0 on the bypass unit. Connect in-line
pair 1 on the 7160 to port group 1 on the bypass unit. Connect in-line pair 2 to
port group 2, and connect in-line pair 3 to port group 3.
The Net A port of each port group on the bypass unit is implemented as
10/100/1000Base-TX. You may need a crossover cable to connect Net A to some
devices. The Net B port of each port group is implemented as
10/100/1000Base-T. Consult the documentation for your network devices to
determine whether they require crossover connections.
The following procedures do not anticipate the type of cable. It is up to you to
select a crossover cable if your network device requires one.
The link parameters, including speed and duplex mode, should be
auto-negotiated between Net A and App A, and Net B and App B. Do not force the
link speed or duplex mode to a specific setting on network devices that connect
to Net A or Net B.
See “About the In-line Bypass unit” on page 35.
To connect the bypass unit App A and App B ports to the 7160 in-line pair, use
the Ethernet cables provided with the bypass unit.
Note: After connecting the bypass unit to the 7100 Series and powering both on,
all port groups are initially in bypass mode. To change the port group to online
mode, you must start a sensor on the in-line pair that is connected to that port
group. Event detection can occur only when the port group is in online mode.
See “Starting a sensor on an appliance interface” on page 115.
To cable in-line pair 0 with port group 0
1Shut down the 7160 appliance if it is running.
2On the bypass unit, connect Net Aof port group 0 to one side of the network.
3Connect App Aof port group 0 to port 0 on your appliance.
4Connect App Bof port group 0 to port 1 on your appliance.
5On the bypass unit, connect Net Bof port group 0 to the other side of the
network.
6Using the USB cable, plug one USB connector into either USB port on the
7160 appliance, and plug the other connector into the Mgmt USB port on
the 4 In-line Bypass unit.
Cabling
To cable in-line pair 1 with port group 1
1Shut down the 7160 appliance if it is running.
2On the bypass unit, connect Net Aof port group 1 to one side of the network.
3Connect App Aof port group 1 to port 2 on your appliance.
4Connect App Bof port group 1 to port 3 on your appliance.
5On the bypass unit, connect Net Bof port group 1 to the other side of the
network.
6If the USB cable is not yet connected,plug one USB connector into either
USB port on the 7160 appliance, and plug the other connector into the
Mgmt USB port on the 4 In-line Bypass unit.
To cable in-line pair 2 with port group 2
1Shut down the 7160 appliance if it is running.
2On the bypass unit, connect Net Aof port group 2 to one side of the network.
61Installing the 7100 Series
3Connect App Aof port group 2 to port 4 on your appliance.
4Connect App Bof port group 2 to port 5 on your appliance.
5On the bypass unit, connect Net Bof port group 2 to the other side of the
network.
6If the USB cable is not yet connected,plug one USB connector into either
USB port on the 7160 appliance, and plug the other connector into the
Mgmt USB port on the 4 In-line Bypass unit.
To cable in-line pair 3 with port group 3
1Shut down the 7160 appliance if it is running.
2On the bypass unit, connect Net Aof port group 3 to one side of the network.
3Connect App Aof port group 3 to port 6 on your appliance.
4Connect App Bof port group 3 to port 7 on your appliance.
5On the bypass unit, connect Net Bof port group 3 to the other side of the
network.
6If the USB cable is not yet connected,plug one USB connector into either
USB port on the 7160 appliance, and plug the other connector into the
Mgmt USB port on the 4 In-line Bypass unit.
62 Installing the 7100 Series
Cabling
Powering the 7160 on or off
As the last step in the physical installation of the 7160 appliance, connect and
turn on the power. When the appliance powers on, you should hear the hard
drive spin up and the fans turn on, and see the LEDs and LCD screen light up.
The dual redundant power supplies on the 7160 are designed to connect to two
different power sources. An uninterruptible power supply (UPS) is
recommended. Do not use extension cords.
Note: A high pitched alarm sounds when power is supplied to only one power
supply on the appliance. To stop the alarm, connect the other power supply to a
power source.
To power the 7160 on for the first time
1Connect the two power cords to the power sockets on the 7160.
2Plug one of the power cords into an AC power source.
The 7160 powers up automatically and the alarm will sound.
3Plug the second power cord into a different AC power source.
Powering the 7160 off before initial configuration
If you need to power the 7160 off before performing initial configuration, you
can use the master power switch or the Shutdown option on the LCD. After
initial configuration, you should power the appliance off by using the LCD menu
item or a command on the serial console.
See “Powering off the appliance” on page 152.
To power the 7160 off before initial configuration
◆Do one of the following:
■On the LCD panel, use the buttons to navigate to the Shutdown Host
option on the LCD screen and press e.
■On the back panel of the 7160, press and hold the master power switch
for approximately 5 seconds until you hear the fans stop.
Cabling for model 7161
This section describes cabling for the 7161. If you have a different model, refer
to the appropriate section.
See “Cabling for model 7120” on page 49.
See “Cabling for model 7160” on page 54.
Cabling
The following topics are covered here:
■Connecting the management, reset, and serial ports
■Cabling for passive mode monitoring
■Cabling for in-line mode monitoring
■Powering the 7161 on or off
Warning: To prevent a possible electric shock, do not connect the power until all
other cabling is done. An alarm will sound if you connect only one power cord.
Figure 4-9 shows the back panel of the 7161.
Figure 4-97161 back panel
63Installing the 7100 Series
1 - Power supplies
2 - Power switch
3 - USB ports
4 - Serial port
5 - Compact flash adapter
6 - Port 0
7 - Port 1
8 - Port 2
10 - Port 4
11 - Port 5
12 - Port 6
13 - Port 7
14 - RST0
15 - RST1
16 - RST2
17 - Management port
9 - Port 3
Connecting the management, reset, and serial ports
You need four Ethernet cables of an appropriate length to connect the
management and reset ports to your network.
Use the provided serial console cable to connect the serial port to your serial
device.
64 Installing the 7100 Series
Cabling
To connect the management port
◆Connect the management port (port 11) on the appliance to your
management network.
To connect the reset ports
1Connect the first reset port (port 8) on the appliance to a monitored network
where you want to send TCP resets.
2Connect the second reset port (port 9) on the appliance to a monitored
network where you want to send TCP resets.
3Connect the third reset port (port 10) on the appliance to a monitored
network where you want to send TCP resets.
To connect the serial port
◆Connect the serial port on the appliance to a laptop, PC, or other serial
device.
Cabling for passive mode monitoring
The 7161 appliance can monitor up to eight separate network segments. Four of
the 7161 monitoring ports are 1000 Base-SX optical fiber ports, and four are
10/100/1000 Base-T Ethernet ports. Use multimode fiber cables with LC fiber
optic connectors for the 7161 fiber ports, and Ethernet cables with RJ45
connectors for the copper ports.
To access network segments for monitoring, you can connect each port to a hub,
a router, or a switch.
To cable the 7161 for passive mode monitoring
◆Connect ports 0 through 7 of the appliance to the eight network segments
that you want to monitor.
Cabling for in-line mode monitoring
The 7161 appliance provides in-line mode monitoring for up to four network
segments. In-line mode requires an interface pair for each monitored network
segment. The interface pair can be ports 0 and 1, ports 2 and 3, ports 4 and 5, or
ports 6 and 7. Other port combinations are not supported.
Within each interface pair, the lower numbered port (the top port on the NIC)
connects to one side of the network, while the port with the higher number
connects to the other side of the network.
To use in-line mode for monitoring fewer than four network segments, you may
use any of the supported interface pairs (ports 0/1, ports 2/3, ports 4/5, or ports
Cabling
6/7). You can use the remaining ports for monitoring other network segments in
passive mode.
Figure 4-10 depicts a 7161 using in-line mode to monitor four network
segments.
Figure 4-107161 using in-line mode
65Installing the 7100 Series
7161
Network
segment 1
Network
segment 1
Network
segment 2
Network
segment 2
Network
segment 3
Network
segment 3
Network
segment 4
Network
segment 4
To cable the 7161 for in-line mode monitoring
1Connect port 0 of the appliance to one side of network segment 1.
2Connect port 1 of the appliance to the other side of network segment 1.
3Connect port 2 of the appliance to one side of network segment 2.
4Connect port 3 of the appliance to the other side of network segment 2.
5Connect port 4 of the appliance to one side of network segment 3.
6Connect port 5 of the appliance to the other side of network segment 3.
7Connect port 6 of the appliance to one side of network segment 4.
8Connect port 7 of the appliance to the other side of network segment 4.
66 Installing the 7100 Series
Cabling
Powering the 7161 on or off
As the last step in the physical installation of the 7161 appliance, connect and
turn on the power. When the appliance powers on, you should hear the hard
drive spin up and the fans turn on, and see the LEDs and LCD screen light up.
The dual redundant power supplies on the 7161 are designed to connect to two
different power sources. An uninterruptible power supply (UPS) is
recommended. Do not use extension cords.
Note: A high pitched alarm sounds when power is supplied to only one power
supply on the appliance. To stop the alarm, connect the other power supply to a
power source.
To power the 7161 on for the first time
1Connect the two power cords to the power sockets on the 7161.
2Plug one of the power cords into an AC power source.
The 7161 powers up automatically and the alarm will sound.
3Plug the second power cord into a different AC power source.
To power the 7161 on after the initial cabling
◆The 7161 powers on automatically when first connected to a power source.
Powering the 7161 off before initial configuration
If you need to power the 7161 off before performing initial configuration, you
can use the master power switch or the Shutdown option on the LCD. After
initial configuration, you should power the appliance off by using the LCD menu
item or a command on the serial console.
See “Powering off the appliance” on page 152.
To power the 7161 off before initial configuration
◆Do one of the following:
■On the LCD panel, use the buttons to navigate to the Shutdown Host
option on the LCD screen and press e.
■On the back panel of the 7161, press and hold the master power switch
for approximately 5 seconds until you hear the fans stop.
Chapter
Initializing Symantec
Network Security
This chapter includes the following topics:
■About initializing Symantec Network Security
■LCD panel initial configuration
5
■Serial console initial configuration
■Compact flash initial configuration
■Default login accounts
About initializing Symantec Network Security
Initial configuration of the Symantec Network Security 7100 Series appliance is
quick and straightforward. The configuration process prompts you for
information, after which Symantec Network Security is installed on the 7100
Series node.
Some of the required information depends on whether you are adding the
appliance as a master or a slave node. You can deploy one or more master nodes
independently in your network. Multiple independent master nodes are known
as single nodes. You can also deploy a master node as part of a cluster. A cluster
can include multiple slave nodes that operate in sync with the master. For more
information, see the Symantec Network Security Administration Guide.
You can choose among three methods for answering the questions:
■LCD panel
■Serial console
■Compact flash
68 Initializing Symantec Network Security
LCD panel initial configuration
The LCD subsystem contains a 2-line by 16-character liquid crystal diode display
screen and six push buttons for entering input. It is located on the front bezel of
the appliance.
To use the LCD panel or the compact flash method for initial configuration, you
must use the LCD panel to select your choice. To use the serial console method,
you can access the appliance directly from the serial console by logging in using
the default username (secadm) and password (Symantec).
LCD panel initial configuration
When the appliance boots up for the first time, the LCD displays a menu with the
three configuration method choices and a fourth menu item for shutting down
the appliance. After a minute or so of inactivity, the LCD reverts to displaying
the date and time. You can access the menu again by pressing one of the buttons.
Figure 5-1LCD initial menu
This section describes the LCD method of initial configuration.
During initial configuration, the LCD screen displays one question or prompt at
a time on the top line, and your input appears on the bottom line.
Use the four arrow buttons to compose your input.
■To scroll through characters or numbers, press the up or down arrow
buttons.
■To speed up the scrolling rate, hold the button.
■To move the cursor position, press the left or right arrow buttons.
■To enter your answer and move to the next question, press the e button.
■To start over, press the s button.
LCD panel initial configuration
Procedures for configuring a master or slave node are provided in the sections
below.
■Using the LCD panel to configure a master node
■Using the LCD panel to configure a slave node
The procedures show each prompt as it appears on the LCD display, and what is
the expected input. The questions are limited to 16 characters.
Figure 5-2 shows the LCD panel on the front bezel of the appliance.
Figure 5-2LCD panel
69Initializing Symantec Network Security
1 - LCD screen
2 - Arrow buttons
3 - s button
4 - e button
5 - Power LED
6 - Disk activity LED
7 - Traffic in LED
8 - Traffic out LED
9 - Temperature LED
Using the LCD panel to configure a master node
This section contains the procedure for initial configuration of a master node by
using the LCD panel.
To configure your appliance as a slave node, see “Using the LCD panel to
configure a slave node” on page 72.
To use the LCD panel for initial configuration of a master node
1Use the master power switch to turn on the power, if necessary.
During the boot process, the LCD screen displays:
Symantec v1.03
OK
Wait for the appliance to boot up.
2When the LCD screen displays the first menu choice, for example:
SNS7120
1. LCD Config
press the e button. Press s at any time to start over.
If this menu item is not displayed, press any button to return to the menu or
press the up or down arrow buttons to scroll through the menu.
70 Initializing Symantec Network Security
LCD panel initial configuration
3For:
Local IP Address
[000]000.000.000
use the arrow buttons to enter the local IP address for the appliance. Use the
up or down buttons to scroll through the numbers for each three-digit part
of the address. Use the right or left buttons to move the cursor brackets.
Note: If this node is not behind a NAT router, the Network Security console
will use the local IP address to connect to the node. Otherwise, it uses the
NAT address that is provided later in the procedure.
Press e.
4For:
Local IP Netmask
[000]000.000.000
use the arrow buttons to enter the netmask for the local subnet, for example:
255.255.255.000. The netmask designates the part of the address that refers
to the network, as opposed to the host.
Press e.
5For:
Default Gateway
[000]000.000.000
use the arrow buttons to enter the default gateway for the local subnet. The
default gateway is the router on the local network.
Press e.
6For:
Master Node?
[Yes] No
leave the cursor on Ye s .
The node number is automatically set to 1 for a master node.
Press e.
7For:
QSP Port Number
6234[5]
use the arrow buttons to change the QSP port number.
The QSP port number is used when connecting to the 7100 Series node from
the Network Security console and for communication between master and
slave nodes in a cluster.
LCD panel initial configuration
Warning: Randomly choose a unique number between 1025 and 65535. A
random, unique QSP port number prevents profiling by intruders. All slave
nodes must use the same QSP port number that the master node uses.
Press e.
8For:
Timezone (GMT):
[+0]
use the up/down arrow buttons to scroll to the hour offset of your time zone
from Greenwich Mean Time (GMT). For example, the offset in Tokyo is +9
and the offset in San Francisco is -8 (PST) or -7 (PDT).
Press e.
9For:
Date: MMDDhhmmYY
[0]
use the arrow buttons to input the month, date, hour, minute, and year using
two digits for each. Use 24-hour format for the hour. For example, May 12,
2004 at 1:05pm is entered as: 0512130504.
Press e.
71Initializing Symantec Network Security
10 For:
Superuser Pswd
[a]
use the arrow buttons to input a 6 to 14 character password to use for:
■superuser account on the Network Security console
■Unlocking the LCD panel
■operating system secadm account
■operating system root account
■elevate command used by secadm
Note: You can change to separate passwords for root, secadm, and
superuser after initial configuration. The
matches the
root password, and the password for unlocking the LCD
elevate password always
matches the secadm password.
You can select lower and upper case letters, numbers, and a subset of special
characters for the password.
Press e.
11For:
NAT Addressed?
72 Initializing Symantec Network Security
LCD panel initial configuration
Yes [N o]
do one of the following:
■If Network Address Translation (NAT) is not used, leave the cursor on
No
■If the node is behind a NAT router, use the arrow buttons to move the
cursor to Ye s , press e, and at the display:
NAT Address
[000]000.000.000
use the arrow buttons to enter the externally visible IP address.
This is the address the Network Security console will use to connect to
the appliance.
Press e.
12 For:
Configure SNS?
[Yes] No
do one of the following:
■To proceed with installation of Symantec Network Security, leave the
cursor on Yes.
■To start the initial configuration process over, use the arrow buttons to
move the cursor to No.
Press e.
13 For:
Success
Press any button
press any button.
14 For:
Reboot Now?
[Yes] No
press e to reboot the appliance and start Symantec Network Security.
Using the LCD panel to configure a slave node
This section contains the procedure for initial configuration of a slave node by
using the LCD panel.
Note: A Symantec Network Security 7100 Series appliance can only be deployed
as a slave node to another 7100 Series appliance or to a master node running
Symantec Network Security 4.0.
LCD panel initial configuration
For more information about master and slave nodes, see the Symantec Network
Security Administration Guide.
If you wish to configure your appliance as a master node, see “Using the LCD
panel to configure a master node” on page 69.
To use the LCD panel for initial configuration of a slave node
1Use the master power switch to turn on the power, if necessary.
During the boot process, the LCD screen displays:
Symantec v1.03
OK
Wait for the appliance to boot up.
2When the LCD screen displays the first menu choice, for example:
SNS7120
1. LCD Config
press the e button. Press s at any time to start over.
If this menu item is not displayed, press any button to return to the menu, or
press the up or down arrow buttons to scroll through the menu.
73Initializing Symantec Network Security
3For:
Local IP Address
[000]000.000.000
use the arrow buttons to enter the local IP address for the appliance. Use the
up or down buttons to scroll through the numbers for each three-digit part
of the address. Use the right or left buttons to move the cursor brackets.
Note: If this node is not behind a NAT router, this is the address the master
node will use to communicate with this slave node. Otherwise, the master
uses the NAT address that is provided later in the procedure.
Press e.
4For:
Local IP Netmask
[000]000.000.000
use the arrow buttons to enter the netmask for the local subnet, for example:
255.255.255.000. The netmask designates the part of the address that refers
to the network, as opposed to the host.
Press e.
5For:
Default Gateway
[000]000.000.000
74 Initializing Symantec Network Security
LCD panel initial configuration
use the arrow buttons to enter the default gateway for the local subnet. The
default gateway is the router on the local network.
Press e.
6For:
Master Node?
[Yes] No
use the arrow buttons to move the cursor to No.
Press e.
7For:
Slave Node Nmbr
[2]
do one of the following:
■Leave the node number as is.
■Use the arrow buttons to enter a unique node number.
Press e.
Note: The node number must match the number you provide when adding
the slave node object to the topology tree in the Network Security console.
You can assign a unique number between 2 and 120.
8For:
Master Node Nmbr
[1]
do one of the following:
■If 1 is the correct master node number, leave it as is.
■Use the arrow buttons to enter the master node number.
Press e.
9For:
Master Node IP
[000]000.000.000
use the arrow buttons to enter the master node management IP address.
Press e.
10 For:
Master Node Pswd
[a]
use the arrow buttons to input the master node synchronization password.
Press e.
LCD panel initial configuration
Warning: The Master Node Pswd you input here must match the Master
Node Sync Password you enter when adding the slave node object to the
topology tree in the Network Security console. See “Configuring appliance
nodes” on page 102.
Use this password for:
■Unlocking the LCD panel
■operating system secadm account
■operating system root account
■elevate command used by secadm
Note: You can change to separate passwords for root and secadm after
initial configuration. The
password, and the password for unlocking the LCD matches the
elevate password always matches the root
secadm
password.
75Initializing Symantec Network Security
You can select lower and upper case letters, numbers, and a subset of special
characters.
11 For:
QSP Port Number
6234[5]
use the arrow buttons to change the QSP port number.
On a slave node, the QSP port number is used for communication with the
master node in the cluster.
Warning: Randomly choose a unique number between 1025 and 65535. A
random, unique QSP port number prevents profiling by intruders. All slave
nodes must use the same QSP port number that the master node uses.
Press e.
12 For:
Timezone (GMT):
[+0]
use the up or down arrow buttons to scroll to the hour offset of your time
zone from Greenwich Mean Time (GMT). For example, the offset in Tokyo is
+9 and the offset in San Francisco is -8 (PST) or -7 (PDT).
Press e.
13 For:
Date: MMDDhhmmYY
[0]
76 Initializing Symantec Network Security
Serial console initial configuration
use the arrow buttons to input the month, date, hour, minute, and year using
two digits for each. Use 24-hour format for the hour. For example, May 12,
2004 at 1:05pm is entered as: 0512130504.
Press e.
14For:
NAT Addressed?
Yes [N o]
do one of the following:
■If you do not use Network Address Translation (NAT) when accessing
the appliance, leave the cursor on No
■If the node is behind a NAT router, use the arrow buttons to move the
cursor to Ye s , press e, and at the display:
NAT Address
[000]000.000.000
use the arrow buttons to enter the externally visible IP address.
Press e.
15 For:
Configure SNS?
[Yes] No
do one of the following:
■To proceed with installation of Symantec Network Security, leave the
cursor on Yes.
■To start the initial configuration process over, use the arrow buttons to
move the cursor to No.
Press e.
16 For:
Success
Press any button
press any button.
17 For:
Reboot Now?
[Yes] No
press e to reboot the appliance and start Symantec Network Security.
Serial console initial configuration
You can use a serial terminal application with VT100 emulation for the initial
configuration of your Symantec Network Security 7100 Series appliance. Each
appliance has a serial port on the back for connecting to a serial terminal. The
serial console stays on while the appliance is running. To use it you must enter
the correct login and password, which have default values for initial
configuration.
Some required information depends on whether you are adding the appliance as
a master or a slave node. Both procedures are provided in the following sections:
■Configuring a master node using the serial console
■Configuring a slave node using the serial console
Note: Truncated error messages are sent to the LCD screen if errors occur during
initial configuration.
Starting a serial console
Before you can begin the configuration, you must connect the appliance to the
serial terminal device and start the serial terminal application.
77Initializing Symantec Network Security
Serial console initial configuration
To start the serial console
1Connect one end of the serial console cable to the serial port on the back of
the appliance.
2Connect the other end of the serial console cable to the serial port on your
PC, laptop, or other serial device.
3Start a serial terminal application on your serial device.
The recommended settings are:
Speed115200
Data bits8
ParityNone
Stop bits1
Flow controlNone
4Press Enter to get a
login: prompt on the serial console.
Configuring a master node using the serial console
This section contains the procedure for initial configuration of a master node by
using the serial console.
78 Initializing Symantec Network Security
Serial console initial configuration
To configure your appliance as a slave node, see “Configuring a slave node using
the serial console” on page 80.
To configure a master node using the serial console
1At the
login prompt in the serial console window, enter secadm
2At the password prompt, enter Symantec
3At the SNS7100> prompt, enter configure
This starts the initial configuration script, which prompts you for
information, as shown in the following steps. To quit at any time, enter
4Enter the local IP address of the administration interface:
Type the local IP address of the appliance.
Note: If this node is not behind a NAT router, the Network Security console
will use the local IP address to connect to the node. Otherwise, it uses the
NAT address that is provided later in the procedure.
5Enter the netmask for this node:
Type the netmask. The netmask designates the part of the address that
refers to the network, as opposed to the host. A typical netmask is
255.255.255.0
6Enter the gateway address for this node:
Type the gateway IP address. This is the IP address of the default router on
the local network.
q .
7Is this the first install for this cluster? [YES/no]
Press Enter to take the default, YES, for a master node. The node number is
set to 1.
8Enter qspproxy port number (default: 62432):
Press Enter to accept the randomized default or enter a number between
1024 and 65535.
The qspproxy port number (QSP port number) is used to connect to the 7100
Series node from the Network Security console, and for communication
between nodes in a cluster.
Warning: Randomly choose a unique number between 1025 and 65535. A
random, unique QSP port number prevents profiling by intruders. All slave
nodes must use the same QSP port number that the master node uses.
9Enter GMT timezone offset (i.e. +5):
Type the number of hours your time zone differs from Greenwich Mean
Time (GMT). For example, the offset in Tokyo is +9 and the offset in San
Francisco is -8 (PST) or -7 (PDT).
Serial console initial configuration
10Enter date in MMDDhhmmYY format:
Type the current month, date, hour, minute, and year using two digits for
each. For the hour, use 24 hour format. For example, May 12, 2004 at 1:05pm
is entered as: 0512130504.
11
Superuser password (6-14 characters):
Type the password for this node. The characters are not displayed on the
console window.
This password is used for:
■superuser account on the Network Security console
■Unlocking the LCD panel
■operating system secadm account
■operating system root account
■elevate command used by secadm
Note: You can change the passwords for root/elevate and secadm / LCD
unlocking after initial configuration. You can also change the password for
the Network Security console superuser account.
79Initializing Symantec Network Security
12Please enter the password again:
Re-enter the password for confirmation.
Is this node behind NAT? [yes/NO]
13
Do one of the following:
■If you do not use Network Address Translation (NAT) when accessing
the appliance, press Enter to accept the default,
■If the node is behind a NAT router, type yes, press Enter, and at the next
NO.
prompt:
Enter NAT address:
type the externally visible IP address. This is the address that the
Network Security console will use to connect to the node.
14 Configuration Information:
Local IP Address : 10.10.10.5
Netmask: 255.255.255.0
Gateway: 10.10.10.1
Master Node?: Yes
Qsp node number: 1
Qsp proxy port: 62432
80 Initializing Symantec Network Security
Serial console initial configuration
Behind NAT: No
Verify that the displayed values are correct. Sample values are shown here.
15Ready to install? [YES/no]
Do one of the following:
■Press Enter to accept the default, YES, to proceed with the installation
if you believe you have entered all of the information correctly.
The script displays:
Configuring SNS (this may take a while)
■Type no if you need to make a correction or are not ready to proceed
with the installation of Symantec Network Security. The serial console
displays the
Done installing. Please reboot.
16
At the SNS7100> prompt, to reboot and start Symantec Network Security,
type:
reboot
SNS7100> prompt if you enter no.
Configuring a slave node using the serial console
This section contains the procedure for initial configuration of a slave node by
using the serial console.
To configure your appliance as a master node, see “Configuring a master node
using the serial console” on page 77.
Note: A Symantec Network Security 7100 Series appliance can only be deployed
as a slave node to another 7100 Series or to a master node running Symantec
Network Security 4.0.
To configure a slave node using the serial console
1At the login prompt in the serial console window, enter
2At the password prompt, enter Symantec
3At the SNS7100> prompt, enter configure
This starts the initial configuration script, which prompts you for
information, as shown in the following steps. To quit at any time, enter
4Enter the local IP address of the administration interface:
Type the local IP address of the management interface.
secadm
q .
Serial console initial configuration
Note: If this node is not behind a NAT router, this is the address the master
node will use to communicate with this slave node. Otherwise, the master
uses the NAT address that is provided later in the procedure.
5Enter the netmask for this node:
Type the netmask. The netmask designates the part of the address that
refers to the network, as opposed to the host. A typical netmask is
255.255.255.0
6Enter the gateway address for this node:
Type the gateway IP address. This is the IP address of the router on the local
network.
7Is this the first install for this cluster? [YES/no]
no and press Enter for a slave node.
Type
8Enter the local node number (default 2):
Press Enter to accept the default node number, 2, or enter a unique number
between 2 and 120. This node number cannot be changed once you have
finished this procedure and installed Symantec Network Security.
81Initializing Symantec Network Security
9Enter the master node number (default 1):
Press Enter to accept the default, or enter the node number of the master
node for this cluster.
10Master node IP:
Type the management IP address of the master node for this cluster.
11Master node sync password (6-14 characters):
Enter the synchronization password of the master node.
Warning: The Master node sync password you input here must match the Master Node Sync Password you enter when adding the slave node object to
the topology tree in the Network Security console. See “Configuring
appliance nodes” on page 102.
This password has several initial roles:
■Synchronization password for the master node
■Unlocking the LCD panel
■operating system secadm account
■operating system root account and elevate command
Note: You can change the passwords for root/elevate and secadm / LCD
unlocking after initial configuration. The
linked together, as are the secadm and LCD unlocking passwords.
root and elevate passwords are
82 Initializing Symantec Network Security
Serial console initial configuration
12Please enter the password again:
Re-enter the password for confirmation.
13Enter qspproxy port number (default: 62432):
Press Enter to accept the randomized default or enter a number between
1024 and 65535.
This port number is used for communication between nodes in a cluster.
Note: Randomly choose a unique number between 1025 and 65535. A
random, unique QSP port number prevents profiling by intruders. All slave
nodes must use the same QSP port number that the master node uses.
14Enter GMT timezone offset (i.e. +5):
Type the number of hours your time zone differs from Greenwich Mean
Time (GMT). For example, the offset in Tokyo is +9 and the offset in San
Francisco is -8 (PST) or -7 (PDT).
15Enter date in MMDDhhmmYY format:
Type the current month, date, hour, minute, and year using two digits for
each. For the hour, use 24 hour format.
16Is this node behind NAT? [yes/NO]
Do one of the following:
■If you do not use Network Address Translation (NAT) when accessing
the appliance, press Enter to accept the default,
■If the node is behind a NAT router, type yes, press Enter, and at the next
NO.
prompt:
Enter NAT address:
type the externally visible IP address.
Configuration Information:
17
Local IP Address : 10.10.10.8
Netmask: 255.255.255.0
Gateway: 10.10.10.1
Master Node?: No
Master node ip: 10.10.10.5
Master node num: 1
Qsp node number: 2
Behind NAT: Yes
Nat address: 10.10.10.7
Compact flash initial configuration
Verify that the displayed values are correct. Sample values are shown here.
18Ready to install? [YES/no]
Do one of the following:
■Press Enter to accept the default, YES, to proceed with the installation
if you believe you have entered all of the information correctly.
The script displays:
Configuring SNS (this may take a while)
■Type no if you need to make a correction or are not ready to proceed
with the installation of Symantec Network Security. The serial console
displays the
Done installing. Please reboot.
19
SNS7100> prompt if you enter no.
At the SNS7100> prompt, to reboot and start Symantec Network Security,
type:
reboot
83Initializing Symantec Network Security
Compact flash initial configuration
If you have a compact flash card with a Symantec Network Security
configuration already written to it, you can use it to configure your appliance.
This convenient method provides a known configuration for a new appliance
slave node that you are adding to an existing topology.
To prepare the compact flash, use the Network Security console to first add the
new node to your topology. As part of this process, configure its IP address, QSP
port, and node password. From the console, save these settings onto a compact
flash card. During initial configuration, lab personnel can use the compact flash
to configure the new node as planned.
See “Saving initial configuration to compact flash” on page 146.
Note: Be sure the compact flash card is not bootable when you use it for initial
configuration. See “Making a non-bootable compact flash card” on page 143.
To use a compact flash for initial configuration
1Insert the non-bootable compact flash into the compact flash adapter on the
back of the appliance.
2Reboot the appliance to make the compact flash card accessible.
3On the LCD panel, use the right arrow button to scroll to the Compact Flash
menu option, and press e.
84 Initializing Symantec Network Security
Default login accounts
4The appliance reads the configuration information from the compact flash
card, automatically decrypts it, and stores it onto the hard drive.
5The appliance automatically runs the Symantec Network Security silent
installation using the stored configuration information. Any errors are
written to the LCD screen.
6The appliance automatically reboots to start Symantec Network Security.
Default login accounts
The Symantec Network Security 7100 Series comes with two login accounts:
root and secadm. The default password for both of these logins is Symantec.
When you run the initial configuration on the appliance, the passwords are
changed for both logins to the node password you enter. After initial
configuration, it is recommended that you change the password for each
account to a unique value. The password you assign to the secadm account will
become the new password for unlocking the LCD panel, either from the panel
itself or from the Network Security console.
Under normal operation, all tasks can be completed from the Network Security
console or by using the buttons on the LCD panel. Occasionally you may need
access to the operating system or the Symantec Network Security filesystem for
troubleshooting or to view system log files.
You can use the secadm login account to perform certain Symantec Network
Security functions on the serial console if the Network Security console is
inoperative or unable to connect to the appliance.
See “Using the serial console” on page 158.
The root account has full permissions on the appliance, so care must be taken. It
is recommended that you login as
perform a task, use the
root password. Once elevated, you have root permissions.
You can access the secadm and root accounts from a serial console connected to
the appliance, using a serial terminal application.
See “Starting a serial console” on page 77.
elevate command. The elevate command requires the
secadm, and if you need root permissions to
Chapter
Starting the Network
Security console
This chapter includes the following topics:
■About the Network Security console
■Installing the console
6
■Launching the console
About the Network Security console
Once you have installed your Symantec Network Security 7100 Series appliance
and performed initial configuration, the next step is to install the Network
Security console on a separate machine.
The Network Security console is a Java application that will run on a Windows or
Linux machine.
You can use the console to perform key tasks required to configure and operate
Symantec Network Security on your appliance.
Network Security console requirements
The Network Security console can be installed on a computer that meets the
minimum requirements given in the following sections:
■Console requirements on Windows
■Console requirements on Linux
86 Starting the Network Security console
Installing the console
Console requirements on Windows
Table 6-1 shows the minimum requirements needed by a Windows computer for
running the Network Security console.
Table 6-1Console requirements on a Windows system
ParameterRequired minimum value
Operating systemMicrosoft Windows 2000, Microsoft Windows
Memory512 MB RAM
Disk space100 MB
Screen resolution1024 x 768
JavaSun Java™ 2 Runtime Environment (J2RE)
XP
version 1.4.2
Console requirements on Linux
Table 6-2 shows the minimum requirements needed by a Linux computer for
running the Network Security console.
Table 6-2Console requirements on a Linux system
ParameterRequired minimum value
Operating systemRed Hat Enterprise Linux 3.0 ES
Memory512 MB RAM
Disk space100 MB
Screen resolution1024 x 768
JavaSun Java™ 2 Runtime Environment (J2RE)
Installing the console
The Network Security console application is provided on the Management
Console CD that is included with your appliance. You can install it on a Windows
or Linux machine that has the correct version of the Java Runtime Environment.
version 1.4.2
See the following sections:
■Installing the Java Runtime Environment
■Installing the console on Windows
■Installing the console on Linux
Installing the Java Runtime Environment
The Network Security console requires the Java Runtime Environment (JRE)
version 1.4.2. You can download this free software from the Internet at:
http://java.sun.com
The package to download is called J2SE v1.4.2_04 JRE. Installation instructions
are also available on the site.
Note: If you install the console on a Windows system, the setup.exe installation
file on the Management Console CD can install the JRE for you.
87Starting the Network Security console
Installing the console
Installing the console on Windows
This section describes how to install the console on a Windows machine. You
should close all other programs before running the console installer.
To install the console on Windows
1Insert the Management Console CD into the CD drive of the console system.
2In a My Computer window, double-click the CD drive icon to access the CD.
7In Symantec Software License Agreement, read the agreement, and then
click Ye s .
8In Choose Destination Location, do one of the following:
■Click Next to accept the default directory:
C:\Program Files\Symantec\SNS
■Click Browse to select a different directory, and then click Next.
9In Select Components, click Next.
88 Starting the Network Security console
Launching the console
The Symantec Network Security and Java Runtime Environment
components are selected by default. If you already have JRE 1.4.2_04
installed on this machine, uncheck Java Runtime Environment.
10 In Ready To Install, click Next.
If you chose to install the JRE, the JRE setup is launched.
11 Follow the instructions in the JRE install dialog boxes.
When the JRE installation is finished, the Network Security console
installation process completes.
12 In Important Notes, read the text, and then click Next.
13 In Finished, click Close.
Installing the console on Linux
This section describes how to install the console on a Linux machine.
To install the console on Linux
1Insert the Management Console CD into the CD drive of the console system.
2Login as root to the console system.
3Mount the CD filesystem by entering the following:
■For Linux, type the command:
mount /mnt/cdrom
4Create the directory where you want to install the console application. For
example:
mkdir /usr/SNS_console
5Copy the snsadmin.jar file from the CD filesystem to the install directory on
Note: Copying the snsadmin.jar file to your hard drive is not required. If you
prefer, you can run the console application directly from the CD filesystem
after mounting it.
Launching the console
If your appliance is connected to the management network and powered on, you
can connect to it by launching the Network Security console.
See the following sections:
■Launching the console on Windows
■Launching the console on Linux
Using the correct administration IP address
The Network Security console connects to the administration IP address of the
appliance. If the appliance is behind a NAT router, the console connects to it
using the NAT address. This is true even when the console is also behind the
NAT router. The NAT address is the externally visible IP address, which you
input during initial configuration of the appliance.
If the appliance is not configured behind a NAT router, the console connects to
the local IP address of the appliance. You specify the local IP address during
initial configuration as well.
89Starting the Network Security console
Launching the console
Launching the console on Windows
This section describes how to launch the console on a Windows machine.
To launch the console on Windows
1Double-click the shortcut to Symantec Network Security on your desktop.
2In Symantec Network Security Console, enter the administration IP
address of the appliance into the Hostname text box.
See “Using the correct administration IP address” on page 89.
3In the Por t text box, enter the qspproxy port number for the appliance.
The port number is set during initial configuration of the appliance.
4In the Username text box, enter superuser
The superuser username is configured by default during initial
configuration. This account has the highest level of privileges when used to
log in on the Network Security console.
5In the Passphrase text box, enter the superuser passphrase that was set
during initial configuration.
6Click OK.
Launching the console on Linux
This section describes how to launch the console on a Linux machine.
90 Starting the Network Security console
Launching the console
To launch the console on Linux
1Change to the directory where the console application is installed. For
example:
cd /usr/SNS_console
2Type the following command:
java -jar -Xmx256m snsadmin.jar
If the location of the java program is not in your PATH environment
variable, you can provide the full path in the command. For example:
/usr/local/bin/java -jar -Xmx256m snsadmin.jar
The option -Xmx256m allots the required memory for the application.
3In Symantec Network Security, enter the administration IP address of the
appliance into the Hostname text box.
See “Using the correct administration IP address” on page 89.
4In the Por t text box, enter the qspproxy (QSP) port number for the
appliance.
The port number is set during initial configuration of the appliance.
5In the Username text box, enter superuser
The superuser username is configured by default during initial
configuration. This account has the highest level of privileges when used to
log in on the Network Security console.
6In the Passphrase text box, enter the superuser passphrase that was set
during initial configuration.
7Click OK.
Licensing
This chapter includes the following topics:
■About licensing
■Installing licenses
■Checking the license status
Chapter
7
■Adding to licenses
■Calling for help
About licensing
Licenses are required for each 7100 Series node, but not for the console.
Symantec Network Security software functionality is activated by license. Only
the SuperUser has permission to update licenses.
You can use the Network Security console to install the license file on your 7100
Series node. The first time you use the console to connect to a master node after
initial configuration, a licensing window prompts you to supply the license file.
To license a slave node, you must connect to the master node and use the menu
to access licensing.
When a license expires, a new license must be installed to activate the node.
When no license is installed, only the licensing window is active.
Standard Symantec licenses are node locked to the Symantec System ID, and are
based on the monitored bandwidth. The license automatically includes
maintenance and support for the first year. This consists of technical support,
content updates via LiveUpdate, and software upgrades. You can contract for
maintenance and support separately from the license after the first year.
See the Symantec licensing Web site at https://licensing.symantec.com for more
information about obtaining a license.
92 Licensing
Installing licenses
Bandwidth licensing options
The Symantec Network Security 7100 Series has extremely flexible bandwidth
licensing. There are multiple licensing options available for each model as base
activation licenses.
Table 7-1 shows the base activation licenses for each 7100 Series model.
Table 7-1Base activation licenses
ModelBase activation license
712050 Mbps
100 Mbps
200 Mbps
7160 / 7161250 Mbps
500 Mbps
1.0 Gbps
2.0 Gbps
You can purchase additive licenses if your initial bandwidth requirement
estimate is too low. Additive licenses provide additional bandwidth for your
license.
Table 7-2 shows the available additive licenses.
Table 7-2Additive licenses
ModelAdditive license
712050 Mbps
100 Mbps
7160 / 7161250 Mbps
500 Mbps
1.0 Gbps
Installing licenses
The Symantec Network Security software functionality is activated by license. A
separate license must be installed for each 7100 Series node, but the console
Loading...
+ hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.