H3c-technologies H3C SecPath F1000-E Manuel d'utilisateur

H3C SecPath F1000-E/F1000-S-EI FirewallsInstallation Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Document vers

2 F1000-S-EI chassis views Figure 3 F1000-S-EI front view (1) Copper Ethernet ports 0 to 5 (10/100/1000Base-T) (2) Console port (CONSOLE) (3) USB por

3 Figure 5 4GBE panel view (1) Captive screw (2) Copper Ethernet ports (GE 0 to GE 3) (3) Ejector lever Figure 6 8GBE panel view (1) Captive scre

4 4GBP The 4GBP interface module provides four fiber SFP Ethernet ports, which can be set to operate as Layer 3 interfaces or Layer 2 interfaces. Conn

5 Figure 10 NSQ1GP4U0 panel view (1) Captive screw (2) SFP fiber ports (SFP 0 to SFP 3) (3) Ejector lever Interface module and chassis compatibility

6 Preparing for installation Safety recommendations To avoid possible bodily injury and equipment damage, read all safety recommendations carefully be

7 WARNING! • Do not stare into any fiber port when the firewall has power. The laser light emitted from the optical fiber may hurt your eyes. • Use

8 Item Temperature Storage temperature –40°C to +70°C (–40°F to +158°F) Table 2 Humidity requirements Item Relative humidity Operating humidity 10%

9 Figure 11 Airflow through the chassis (F1000-E) ESD prevention CAUTION: • Check the resistance of the ESD-preventive wrist strap for safety. Th

10 Figure 12 Attaching an ESD-preventive wrist strap (1) Alligator clip (2) Lock (3) ESD-preventive wrist strap EMI All electromagnetic interferenc

11 Rack installation • Reserve at least 1 m (3.28 ft) of clearance between the rack and walls or other devices. • The equipment room is at least 3

Copyright © 2007-2013, Hangzhou H3C Technologies Co., Ltd. and its licensors All rights reserved No part of this manual may be reproduced or transmi

12 Cage nuts (user-supplied) ESD-preventive wrist strap (user-supplied) Cable tie (user-supplied) Insulation sheath (user-supplied) Ring termi

13 Item Requirements Result EMI prevention • Take effective measures to protect the power system from the power grid system. • Separate the protec

14 Installing the firewall Figure 13 Firewall installation flow Confirming installation preparations Before you install the firewall, verify that:

15 • The firewall is ready for installation and has been carried to a place near the installation site and convenient for moving. Unpacking the fire

16 Figure 15 Marking the positions of the cage nuts 2. As shown in Figure 16, insert one edge of a cage nut into the hole, and compress the other

17 Figure 18 Attaching the rear mounting brackets to the rack 4. Align the screw holes in one mounting bracket with the screw holes in the side pa

18 Figure 21 Sliding the firewall into the rack 7. Attach the firewall horizontally by fastening the mounting brackets to the rack with appropriat

19 Installing an F1000-S-EI in the rack To install the firewall in the rack: 1. As shown in Figure 23, mark the positions of the cage nuts on the fr

20 Figure 25 Cage nuts installed 3. Align the screw holes in one mounting bracket with the screw holes in the side panel of the chassis, and use s

21 3. Secure the metal part of the cable to the ring terminal with a crimper, cover the joint with the insulation covering, and heat the insulation

Preface The H3C SecPath F1000-E/F1000-S-EI Firewalls Installation Guide includes eight chapters, which describe the product overview, preparing for i

22 Figure 27 Connecting the grounding cable to the grounding hole of firewall (F1000-E) NOTE: • The resistance reading should be smaller than 5

23 Figure 28 Inserting the CF card into the slot Connecting interface cables Connecting a copper Ethernet port You can use category-5 or above twis

24 To connect a fiber port to a peer device through optical fibers (F1000-E): 1. Remove the dust plug from the fiber port. 2. Remove the dust cover

25 Figure 30 Connecting an AC power cord to the firewall Verifying the installation To ensure normal operation of the firewall, verify the followin

26 Installing FRUs You can install an interface module, a lightning protector for a network port, and a power strip with lightning protection on an F

27 Connecting to an RPS power cord The RPS power cord only connects to the F1000-E firewall. To connect to an RPS power cord: 1. Make sure the power

28 Installing a lightning protector for a network port The lightning protector for a network port is only applicable to a copper Ethernet port. If

29 Figure 35 Installing a lightning protector (1) Outdoor network cable (2) Grounding wire (3) Lightning protector for a network port (4) Cable con

30 Figure 36 Power strip with lightning protection (1) Operating LED (green) On means the circuit is operating properly. Off means the circuit is d

31 Logging in and performing basic configurations The first time you access the firewall, you can log in to the CLI through the console port or log i

Convention Description &<1-n> The argument or keyword and argument combination before the ampersand (&) sign can be entered 1 to n times

32 Figure 37 Connecting the terminal to the firewall IMPORTANT: • Identify the mark on the console port and make sure you are connecting to the c

33 3. Select the serial port used to connect to the firewall and click OK. Figure 39 Selecting the serial port 4. Configure serial port propertie

34 Table 6 Serial port properties Property Value Bits per second 9600 bps (the default) Data bits 8 Parity None Stop bits 1 Flow control None To

35 Figure 42 Selecting the emulation type 7. Select VT100 or Auto detect for Emulation and click OK. Powering on the firewall Before powering on t

36 3. For a console login, the boot information on the terminal shows that the firewall is starting up normally. For more information, see "Ver

37 ... System is starting... ... User interface con0 is available. P

38 2. Assign the PC an IP address in the network segment 192.168.0.0/24 (except for 192.168.0.1), for example, 192.168.0.2. 3. Launch a Web browser

39 The syntax of commands and the Web interface vary with software versions. Performing basic configurations at the CLI Step Command Remarks 1. Ent

40 Figure 44 Basic configuration wizard—1/6 Configuring the system name and user password 1. Click Next on the first basic configuration page to e

41 Table 8 Configuration items Item Description Sysname Set the system name. The default system name is H3C. Modify Current User Password Specify wh

About the H3C SecPath F1000-E/F1000-S-EI documentation set The H3C SecPath F1000-E/F1000-S-EI documentation set includes: Category Documents Purposes

42 Item Description HTTP Specify whether to enable the HTTP service on the firewall. To enable the HTTP service on the firewall, select the Enable

43 2. Click the link for an interface to perform IP address configuration as described in Table 10. Table 10 Configuration items Item Description IP

44 Item Description Dynamic NAT Specify whether to enable dynamic NAT on the interface. If dynamic NAT is enabled, the IP address of the interface wi

45 Figure 49 Basic configuration wizard—6/6 2. To modify your configuration, click Back to go back to the previous page. 3. To save the current

46 Replacement procedures Precautions • Always wear an ESD-preventive wrist strap or ESD-preventive gloves when servicing the firewall. • When remo

47 Figure 51 Removing an interface module 4. Install a new interface module. For the installation procedures, see the chapter "Installing an

48 Figure 52 Removing a CF card 5. Install a new CF card. For the installation procedures, see the chapter "Installing a CF card." Repla

49 4. Put the dust plug on the removed module, and put the removed module into its original shipping materials. 5. Install a new transceiver module

50 Hardware management and maintenance This chapter describes how to display hardware information for the firewall, verify and diagnose transceiver m

51 <Sysname> display diagnostic-information Save or display diagnostic information (Y=save, N=display)? [Y/N]:y Please input the f

i Contents Product overview ··························································································································

52 RDS 0% 0/ 65ca IKE 0% 0/ 20ef5

53 Displaying the electrical label data Electrical label data is also called permanent configuration data or archive information, including name of t

54 Field Description 1% in last 5 minutes After a boot, the system calculates and records the average CPU usage rate every five minutes. This field d

55 Fan 1 State: Normal Table 16 Command output Field Description Fan 1 Number of fan. State Fan status: • Normal—The fan is operating pro

56 Verifying and diagnosing transceiver modules The commonly used transceiver module is as follows: Transceiver type Application scenarios Whether

57 Step Command Remarks 1. Enter system view. system-view N/A 2. Configure the exception handling method for the system. system-failure { maintain

58 Troubleshooting The barcode stuck on the firewall chassis contains information about production and servicing. Before you return a faulty firewall

59 No display on the configuration terminal Symptom After the firewall is powered on, the configuration terminal does not display anything. Solution

60 2. Verify that the working environment of the firewall is well ventilated. 3. If the temperature inside the firewall exceeds 50°C (122°F), the f

61 Appendix A Technical specifications Dimensions and weight Table 19 Dimensions and weight Item Description F1000-E F1000-S-EI Dimensions (H × W × D

ii Installing FRUs ···································································································································

62 Power consumption Table 22 Power consumption Item Description F1000-E F1000-S-EI Power consumption 64 W to 110 W 30 W to 46 W Fixed interfaces F

63 Table 24 Console port specifications Item Description Connector type RJ-45 Interface standard RS-232 Baud rate 9600 bps (default) to 115200 bps Ma

64 Item Description Transmission distance 100 m (328.08 ft) Rate and negotiation mode 10 Mbps (autosensing) Half-/full-duplex 100 Mbps (autosensing)

65 Interface modules (optional) 4GBE/8GBE Table 28 4GBE/8GBE specifications Item Description Connector type RJ-45 Number of interfaces 4GBE: 4 8GBE:

66 Item Description Hot swapping Supported Optical transmit power Type Short-haul multimode Medium-haul single-mode Long-haul single-mode Long-haul

67 Item Description Receiving sensitivity –7.5 dBm –10.3 dBm –11.3 dBm Central wavelength 850 nm 1310 nm 1550 nm Maximum transmission distance 3

68 Item Description Frame format Ethernet_II Ethernet_SNAP Interface rate 1000 Mbps in full duplex mode Hot swapping Supported Optical transmit pow

69 Power strip with lightning protection (optional) If part of the AC power line is routed outdoors, use a power strip with lightning protection to c

70 Appendix B LEDs Panel LEDs F1000-E panel LEDs Figure 54 F1000-E front panel LEDs Table 34 LED description LED Status Description (green) Off N

71 LED Status Description (green) Off No host is connected to the device-mode USB interface. On A host is connected to the device-mode USB interf

iii Appendix A Technical specifications ··············································································································

72 LED Status Description (green) Off No CF card is present or the CF card is not recognizable. On A CF card is in position and has passed the P

73 4GBP Figure 58 4GBP status LED Table 38 LED description LED Status Description (yellow/green) Off No link is present on the port. Steady gre

74 NSQ1GT2UA0 Figure 60 NSQ1GT2UA0 LEDs Table 40 LED description LED Status Description (green) Off No link is present. On A link is present.

75 Appendix C Arranging slots and numbering interfaces Arranging slots The F1000-E/F1000-S-EI supports console, fiber, and copper ports. This chapter

76 { GigabitEthernet 0/0 { GigabitEthernet 0/1 { GigabitEthernet 0/2 { GigabitEthernet 0/3 2. If both slot 1 and slot 2 of the F1000-E are insta

77 Appendix D Cables This chapter describes cables used for connecting network ports. Table 42 Cable description Cable Port type Application Ethernet

78 Figure 64 RJ-45 connector pinout diagram NOTE: The RJ-45 Ethernet interfaces use category 5 or higher Ethernet twisted pair cables for connect

79 Figure 66 Crossover cable Select an Ethernet twisted pair cable according to the RJ-45 Ethernet port type on your device. An RJ-45 Ethernet inte

80 Pin 10Base-T/100Base-TX 1000Base-T Signal Function Signal Function 5 Reserved N/A BIDD- Bi-directional data cable D- 6 Tx- Send data BIDA-

81 Table 46 Allowed maximum tensile force and crush load Period of force Tensile load (N) Crush load (N/mm) Short period 150 500 Long term 80 10

1 Product overview The H3C SecPath F1000-E Firewall and H3C SecPath F1000-S-EI Firewall are new-generation gigabit firewalls developed for medium- and

82 Appendix E Cabling recommendations When a firewall is mounted in a 19-inch standard rack, the interface cables are routed through the cable manage

83 Figure 68 Correct and incorrect cable binding • Route different types of cables (for example, power cables and signal cables) separately. If th

84 Figure 70 Binding cables where they must be bent • Route, bind, and attach excess cables for easy, safe maintenance activities and proper opera

85 Cable bundle diameter (mm) Space between bundles (mm) 30 200 to 300 • Do not tie cables or bundles in a knot. • The metal parts of the crimped

86 Index A C D E F G I L M N O P R S T U V A Accessories,11 Arranging slots,75 C Cable management requirements,82 Cabling examples,85 Checklist befo

87 Troubleshooting password loss,59 Troubleshooting power supply system failures,58 Troubleshooting system exceptions,56 Troubleshooting the interfac