H3C SecPath F1000-E Installation Manual
  1. Manuals
  2. Brands
  3. H3C Manuals
  4. Firewall
  5. SecPath F1000-E
  6. Installation manual
H3C SecPath F1000-E Installation Manual

H3C SecPath F1000-E Installation Manual

Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
H3C SecPath F1000-E Firewall
Installation Manual
Hangzhou H3C Technologies Co., Ltd.
http://www.h3c.com
Manual Version: T2-080499-20071221-C-1.00

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the SecPath F1000-E and is the answer not in the manual?

Questions and answers

Related Manuals for H3C SecPath F1000-E

Summary of Contents for H3C SecPath F1000-E

  • Page 1 H3C SecPath F1000-E Firewall Installation Manual Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Manual Version: T2-080499-20071221-C-1.00...
  • Page 2 Copyright © 2007, Hangzhou H3C Technologies Co., Ltd. and its licensors All Rights Reserved No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of Hangzhou H3C Technologies Co., Ltd.
  • Page 3 About This Manual Related Documentation In addition to this manual, each H3C SecPath Series Security Products documentation set includes the following: Manual Description Introduces features, operation principle, configuration and operation guidance, configuration H3C SecPath Series Security Products operation commands for H3C SecPath...
  • Page 4 Chapter Contents Introduces how to maintain the software of the H3C SecPath F1000-E Firewall, 6 Maintaining Software including upgrading the software and updating the configuration files. Introduces maintain 7 Maintaining Hardware hardware of the H3C SecPath F1000-E Firewall. Describes some problems that may...

  • Page 5: Table Of Contents

    Installation Manual H3C SecPath F1000-E Firewall Table of Contents Table of Contents Chapter 1 Product Overview ......................1-1 1.1 Overview ..........................1-1 1.1.1 Introduction......................1-1 1.1.2 Main Features ......................1-1 1.2 Appearance of the F1000-E....................1-3 1.2.1 Front Panel......................1-3 1.2.2 Rear Panel ......................

  • Page 6: Chapter 1 Product Overview

    1.1 Overview 1.1.1 Introduction The H3C SecPath F1000-E Firewall (hereinafter referred to as the F1000-E) is a new generation, professional firewall product developed by Hangzhou H3C Technologies Co., Ltd. (hereinafter referred to as H3C) for enterprise users. In addition to traditional firewall functions, the F1000-E supports virtual firewall, security zone, attack protection, P2P flow control, and URL filtering, ensuring effective protection of network security.
  • Page 7 Installation Manual H3C SecPath F1000-E Firewall Chapter 1 Product Overview II. Diversified security protection functions Security zone management. The F1000-E supports security zone division based on physical interfaces, logical interfaces, L2 Ethernet sub-interfaces, and L2 Ethernet interfaces + VLANs. Interfaces in the same security zone typically have the same security requirements for security policy control.

  • Page 8: Appearance Of The F1000-E

    Installation Manual H3C SecPath F1000-E Firewall Chapter 1 Product Overview 1.2 Appearance of the F1000-E 1.2.1 Front Panel (1) AC power socket (100 VAC to 240 VAC; (2) AC power switch (ON/OFF) 50 Hz or 60 Hz; 2.5 A) (3) RPS socket (RPS)

  • Page 9: Rear Panel

    Installation Manual H3C SecPath F1000-E Firewall Chapter 1 Product Overview 1.2.2 Rear Panel (2) (3) (10) (15) (14) (13) (12) (11) (2) 10/100/1000 Mbps electrical Ethernet (1) Grounding screw and grounding sign interface 1 (4) 1000 Mbps optical Ethernet interface LED...

  • Page 10: Dimensions And Weight

    Installation Manual H3C SecPath F1000-E Firewall Chapter 1 Product Overview 1.3.2 Dimensions and Weight Table 1-2 Dimensions and weight Item Specification Dimensions without feet and 44.2 × 442 × 463 mm (1.74 × 17.40 × rack-mounting ears (H × W × D) 18.23 in.)

  • Page 11: Operating Environment

    Installation Manual H3C SecPath F1000-E Firewall Chapter 1 Product Overview 1.3.5 Operating Environment Table 1-5 Operating environment Item Specification Operating temperature 0°C to 45°C (32°F to 113°F) Operating humidity 10% to 95%, noncondensing Operating altitude –60 m to +3000 m (–196.85 ft. to +9842.52 ft.) 1.4 Components...
  • Page 12 H3C SecPath F1000-E Firewall Chapter 1 Product Overview 1 GB Caution: The F1000-E only supports the CF cards provided by Hangzhou H3C Technologies Co., Ltd. and may not be compatible with those provided other manufacturers. CF card and slot (1) Eject button...

  • Page 13: Panel Leds

    Installation Manual H3C SecPath F1000-E Firewall Chapter 1 Product Overview 1.4.2 Panel LEDs I. Front Panel LEDs Figure 1-4 Front panel LEDs Table 1-6 Description of front panel LEDs Status Meaning Power input is not available. Green The power module is operational.
  • Page 14 Installation Manual H3C SecPath F1000-E Firewall Chapter 1 Product Overview Status Meaning No host is connected to the USB interface. A host is connected to the USB interface. You USB1 Solid green can remove the in this state. Green Data is being transmitted or received. Do not Flashing green remove the device in this state.

  • Page 15: Fixed Interfaces

    Installation Manual H3C SecPath F1000-E Firewall Chapter 1 Product Overview Table 1-7 Description of rear panel LEDs Status Meaning No link is present. Solid green A 1000 Mbps link is present. Data is being received or transmitted at a rate...
  • Page 16 Installation Manual H3C SecPath F1000-E Firewall Chapter 1 Product Overview I. Console port Introduction The F1000-E provides an RS232 asynchronous serial console port that can be connected to a computer for system debugging, configuration, maintenance, management, and host software loading.
  • Page 17 Installation Manual H3C SecPath F1000-E Firewall Chapter 1 Product Overview Pin (RJ-45) Signal direction Pin (DB-9) Signal — Note: For the connection of the console cable, refer to section 4.10.1 “Connecting the Console Cable” in Chapter 4 “Installing the Firewall”.
  • Page 18 Installation Manual H3C SecPath F1000-E Firewall Chapter 1 Product Overview DB-25 (female) connector, either of which can be plugged into the serial interface of the Console terminal as needed. Figure 1-7 AUX cable Table 1-12 AUX cable pinouts Pin (RJ-45)
  • Page 19 Installation Manual H3C SecPath F1000-E Firewall Chapter 1 Product Overview Table 1-13 Rate and negotiation mode when the electrical Ethernet interface is operating Rate Negotiation mode 10 Mbps (autosensing) Half/full-duplex auto-negotiation 100 Mbps (autosensing) Half/full-duplex auto-negotiation 1000 Mbps (autosensing) Full-duplex The electrical Ethernet interface LEDs are above the RJ-45 ports.
  • Page 20 Installation Manual H3C SecPath F1000-E Firewall Chapter 1 Product Overview Note: For a GE combo interface, the default operating interface is the optical Ethernet interface. For a GE combo interface, you can use either the electrical Ethernet interface or the optical Ethernet interface.
  • Page 21 Installation Manual H3C SecPath F1000-E Firewall Chapter 1 Product Overview Item Specification Short-ha Medium-ha Long-haul Long-haul Ultra-long optical optical multimod single-mod haul Type Optical module module e optical e optical optical transm module module module (1310 nm) (1550 nm) (850 nm)
  • Page 22 Installation Manual H3C SecPath F1000-E Firewall Chapter 1 Product Overview LC connector Optical fiber connectors are indispensable passive components in optical fiber communication systems. Their application enables the removable connection between optical channels, which makes the optical system debugging and maintenance more convenient and the transit dispatching of the system more flexible.
  • Page 23 Installation Manual H3C SecPath F1000-E Firewall Chapter 1 Product Overview Ethernet cables fall into the following two categories: Standard cable: Also called straight-through cable. At both ends of a standard cable, wires are crimped in the RJ-45 connectors in the same sequence. A straight-through cable is used to connect a terminal (for example, a PC or a firewall) to a hub or LAN Switch.

  • Page 24: Interface Modules

    Note: No SFP module is shipped with the F1000-E. Use only the SFP modules provided by H3C. The F1000-E cannot identify SFP modules from other manufacturers. For the connection of electrical Ethernet interfaces or optical Ethernet interfaces, refer to section 4.10.3 “Connecting Ethernet Cables” in Chapter 4 “Installing the Firewall”.

  • Page 25: Usb Interfaces

    Installation Manual H3C SecPath F1000-E Firewall Chapter 1 Product Overview Note: For the technical specifications and functions of HIMs, refer to Chapter 2 “Interface Modules”. For the installation and removal of HIMs, refer to Chapter 7 “Maintaining Hardware”. 1.4.5 USB Interfaces...

  • Page 26: Ac Power Input

    USB cable. Note: The F1000-E supports only USB flash drives provided by H3C and may be incompatible with those from other manufacturers. Do not remove the USB flash drive when the LED is flashing. Otherwise, the file system in the USB flash drive may be damaged.

  • Page 27: Rps (Optional)

    You can use the clock datetime, clock summer-time one-off (or clock summer-time repeating), and clock time zone commands to set the system date and time. For details about these commands, refer to H3C SecPath Series Security Products User Manual. 1.4.8 RPS (Optional) The redundancy power supply (RPS) can provide power supply to maintain the normal system operation for a short period when the system power supply fails.

  • Page 28: Power Lightning Arrester (Optional)

    Installation Manual H3C SecPath F1000-E Firewall Chapter 1 Product Overview Note: For the installation of the port lightning arrester, refer to section 4.6 “Installing a Port Lightning Arrester (Optional)” in Chapter 4 “Installing the Firewall”. 1.4.10 Power Lightning Arrester (Optional)

  • Page 29: System Software

    “Installing the Firewall“. 1.4.12 System Software The F1000-E operates on Comware V5, the core software platform of H3C. By supporting abundant security features such as virtual firewall, attack prevention, load balancing, and P2P flow management, the F1000-E well integrates networking and...
  • Page 30 Installation Manual H3C SecPath F1000-E Firewall Table of Contents Table of Contents Chapter 2 Interface Modules ......................2-1 2.1 4GBE/8GBE........................2-1 2.2 Arranging Slots and Numbering Interfaces................ 2-3 2.2.1 Slot Arrangement ....................2-3 2.2.2 Interface Numbering....................2-4 2.2.3 Examples......................... 2-4...

  • Page 31: Chapter 2 Interface Modules

    2.1 4GBE/8GBE I. Introduction An 8GBE is a high-speed Layer 3 Gigabit Ethernet interface module developed by H3C. An 8GBE module provides eight RJ-45 electrical interfaces that support the Layer 3 routing function. Each interface is provided with a bi-color LED indicating the running status of the interface.
  • Page 32 Installation Manual H3C SecPath F1000-E Firewall Chapter 2 Interface Modules (2) (3) (1) Captive screw (2) GE interface LED (3) GE interface (4) Ejector lever Figure 2-2 Front panel of 4GBE III. LEDs Table 2-1 Description of the LEDs on the front panel of 4GBE/8GBE...

  • Page 33: Arranging Slots And Numbering Interfaces

    Installation Manual H3C SecPath F1000-E Firewall Chapter 2 Interface Modules Item Specification Full/half duplex, 10 Mbps (autosensing) auto-negotiation Interface speed and duplex Full/half duplex, mode 100 Mbps (autosensing) auto-negotiation 1000 Mbps (autosensing) Full duplex V. Interface cable A 4GBE/8GBE module uses a straight-through or crossover Ethernet cable.

  • Page 34: Interface Numbering

    Installation Manual H3C SecPath F1000-E Firewall Chapter 2 Interface Modules 2.2.2 Interface Numbering The interfaces of the F1000-E firewall are numbered as per the following rule: An interface is numbered in the form of interface-type X/Y. interface-type: Interface type, such as GigabitEthernet.
  • Page 35 Installation Manual H3C SecPath F1000-E Firewall Table of Contents Table of Contents Chapter 3 Preparing for Installation .................... 3-1 3.1 Environment Requirements ....................3-1 3.1.1 Ventilation Requirements ..................3-1 3.1.2 Temperature and Humidity Requirements .............. 3-1 3.1.3 Cleanness Requirements..................3-2 3.1.4 Electrostatic Discharge Prevention .................

  • Page 36: Chapter 3 Preparing For Installation

    Installation Manual H3C SecPath F1000-E Firewall Chapter 3 Preparing for Installation Chapter 3 Preparing for Installation 3.1 Environment Requirements The F1000-E is designed for indoor use. To ensure the normal operation and prolong the service life, the installation site must meet the requirements mentioned hereunder.

  • Page 37: Cleanness Requirements

    Installation Manual H3C SecPath F1000-E Firewall Chapter 3 Preparing for Installation A long-term low relative humidity will result in looseness of fastening screws owing to shrinkage of insulation washers, or electrostatic discharge (ESD), which may damage the CMOS circuit on the firewall.

  • Page 38: Electrostatic Discharge Prevention

    Installation Manual H3C SecPath F1000-E Firewall Chapter 3 Preparing for Installation Max (mg/m 0.01 3.1.4 Electrostatic Discharge Prevention I. Generation and damage of static electricity In the communication network to which the firewall is connected, static induction mainly results from:...

  • Page 39: Electromagnetic Interference Prevention

    Installation Manual H3C SecPath F1000-E Firewall Chapter 3 Preparing for Installation Figure 3-2 Wear the ESD-preventive wrist strap Caution: For the sake of safety, check the resistance of the ESD-preventive wrist strap. The resistance reading should be in the range of 1 to 10 megohms between human body and the ground.

  • Page 40: Lightning Protection

    Installation Manual H3C SecPath F1000-E Firewall Chapter 3 Preparing for Installation Separate the protection ground of the firewall from the grounding device or lightning protection grounding device of the power supply equipment as far as possible. Keep the firewall far away from radio stations, radar, and high-frequency devices working in high current.

  • Page 41: Safety Precautions

    Installation Manual H3C SecPath F1000-E Firewall Chapter 3 Preparing for Installation Make sure that the size of the cabinet is appropriate for the firewall, and that there is enough clearance around the left and right panels of the firewall for heat dissipation.

  • Page 42: Installation Tools, Meters And Devices

    ESD-preventive gloves, ESD-preventive wrist straps, antistatic bags or mats 3.3.3 Reference When installing or maintaining the F1000-E, you can refer to the following documents shipped with the F1000-E: H3C F1000-E Firewall Installation Manual H3C SecPath Series Security Products User Manual Note: To obtain the latest documents, visit http://www.h3c.com.

  • Page 43: Checklist Before Installation

    Installation Manual H3C SecPath F1000-E Firewall Chapter 3 Preparing for Installation 3.4 Checklist Before Installation Table 3-4 Checklist before installation Item Requirements There is a minimum clearance of 10 cm (3.9 in.) around the inlet vents and exhaust vents for heat dissipation of the firewall chassis.
  • Page 44 Installation Manual H3C SecPath F1000-E Firewall Chapter 3 Preparing for Installation Item Requirements The workbench is stable enough Workbench Well grounding Install the firewall in an open cabinet if possible. If you install the firewall in a closed cabinet, make sure that the cabinet is equipped with a good ventilation system.
  • Page 45 Installation Manual H3C SecPath F1000-E Firewall Table of Contents Table of Contents Chapter 4 Installing the Firewall ....................4-1 4.1 Preparations........................4-1 4.2 Installation Flowchart ......................4-1 4.3 Installing the Firewall ......................4-2 4.3.1 Installing the Firewall on a Workbench ..............4-2 4.3.2 Installation the Firewall in a Rack................

  • Page 46: Chapter 4 Installing The Firewall

    Installation Manual H3C SecPath F1000-E Firewall Chapter 4 Installing the Firewall Chapter 4 Installing the Firewall 4.1 Preparations Before installing the firewall, make sure that: You have read through Chapter 3 “Preparing for Installation”. Make sure all the requirements mentioned in Chapter 3 “Preparing for Installation”...

  • Page 47: Installing The Firewall

    Installation Manual H3C SecPath F1000-E Firewall Chapter 4 Installing the Firewall 4.3 Installing the Firewall You can install the firewall on a workbench or in a rack. 4.3.1 Installing the Firewall on a Workbench If a 19-inch rack is not available, you can install the firewall on a clean workbench.

  • Page 48: Installation The Firewall In A Rack

    4.3.2 Installation the Firewall in a Rack I. Installing an N68 rack The F1000-E can be installed in an H3C N68 rack. For the installation of an N68 rack, refer to N68 Cabinet Installation Guide. II. Installing rack-mounting brackets onto the firewall...
  • Page 49 Installation Manual H3C SecPath F1000-E Firewall Chapter 4 Installing the Firewall III. Installing the firewall in a rack Follow these steps to install the firewall in a rack: Check the grounding and stability of the rack and use screws to fix the rear rack-mounting brackets onto both sides of the rack.

  • Page 50: Installing Generic Modules

    Installation Manual H3C SecPath F1000-E Firewall Chapter 4 Installing the Firewall Figure 4-6 Fix the front rack-mounting brackets on the rack 4.4 Installing Generic Modules Generic modules include memory module, CF card, and HIM. For their installation procedures, refer to Chapter 7 “Maintaining Hardware”.
  • Page 51 Installation Manual H3C SecPath F1000-E Firewall Chapter 4 Installing the Firewall (1) Grounding screw (2) OT terminal (3) Grounding screw hole (4) Grounding sign (5) PGND cable Figure 4-7 Connect the grounding terminal of the PGND cable to the firewall Follow these steps to connect the PGND cable: Remove the grounding screw from the firewall chassis.

  • Page 52: Installing A Port Lightning Arrester (Optional)

    Installation Manual H3C SecPath F1000-E Firewall Chapter 4 Installing the Firewall (1) PGND cable (2) Naked part of the PGND cable (3) Grounding bar (4) Grounding post (5) Hex nut Figure 4-8 Connect the PGND cable to the grounding bar...

  • Page 53: Tools

    Installation Manual H3C SecPath F1000-E Firewall Chapter 4 Installing the Firewall 4.6.1 Tools Phillips or flat-blade screwdriver Multimeter Diagonal pliers 4.6.2 Installation Procedure Follow these steps to install a port lightning arrester: Use a double-faced adhesive tape to stick the port lightning arrester to the firewall.

  • Page 54: Precautions

    Installation Manual H3C SecPath F1000-E Firewall Chapter 4 Installing the Firewall 4.6.3 Precautions Pay attention that the performance of the port lightning arrester may be affected in the following cases: The IN and OUT ends of the port lightning arrester are connected incorrectly.
  • Page 55 Installation Manual H3C SecPath F1000-E Firewall Chapter 4 Installing the Firewall Figure 4-10 Install a power lightning arrester Note that: Make sure that the protection wire (PE) terminal of the power lightning arrester is well grounded before using it. After the AC power cord of the firewall is plugged into the multi-purpose socket of the power lightning arrester (lightning protection busbar), if the green LED is ON and the red LED is OFF, the lightning protection can function normally.

  • Page 56: Selecting And Installing A Signal Lightning Arrester (Optional)

    Installation Manual H3C SecPath F1000-E Firewall Chapter 4 Installing the Firewall 4.8 Selecting and Installing a Signal Lightning Arrester (Optional) Note: No signal lightning arrester is shipped with the firewall. You should purchase one if needed. Generally, you need to connect a signal lightning arrester (namely, a transient over-voltage protection) before connecting a signal cable to the firewall.

  • Page 57: Connecting The Power Cables

    Installation Manual H3C SecPath F1000-E Firewall Chapter 4 Installing the Firewall 4.9 Connecting the Power Cables 4.9.1 Power Supply Port and PGND Terminal The F1000-E only supports AC power input. The AC power socket and power switch are located on the left of the front panel, as shown in Figure 4-11.

  • Page 58: Connecting The Rps Dc Power Cable

    Installation Manual H3C SecPath F1000-E Firewall Chapter 4 Installing the Firewall III. Connection procedure Follow these steps to connect the AC power cord: Make sure that the PGND terminal is securely connected to the ground. Turn the firewall power switch to the OFF position.
  • Page 59 Installation Manual H3C SecPath F1000-E Firewall Chapter 4 Installing the Firewall Figure 4-13 Loosen the screws on the RPS blank panel Shake the blank panel slightly and then take it off. Now, you can see the RPS socket. Figure 4-14 RPS socket Plug the RPS power cable into the RPS socket on the firewall.

  • Page 60: Connecting Port Cables

    Installation Manual H3C SecPath F1000-E Firewall Chapter 4 Installing the Firewall Figure 4-15 Connect the RPS DC power cable Connect the other end of the RPS cable to the RPS power output port. (1) RPS (2) RPS power output port...
  • Page 61 Installation Manual H3C SecPath F1000-E Firewall Chapter 4 Installing the Firewall Connect the console cable. Disconnect the power supply to the firewall. Connect the RJ-45 connector of the console cable to the console port on the firewall, and the DB-9 (female) connector to the serial port on the configuration terminal.

  • Page 62: Connecting The Aux Port To A Modem

    Installation Manual H3C SecPath F1000-E Firewall Chapter 4 Installing the Firewall 4.10.2 Connecting the AUX Port to a Modem The AUX port is usually used for remote configuration or dial backup. In this case, you need to connect the local modem to the remote modem through PSTN and then to the remote device.
  • Page 63 Installation Manual H3C SecPath F1000-E Firewall Chapter 4 Installing the Firewall Check the status of the LED of the fixed electrical Ethernet port after power-on. For the status of the LED, see Table 4-4. Table 4-4 Status of the LED...
  • Page 64 Installation Manual H3C SecPath F1000-E Firewall Chapter 4 Installing the Firewall Figure 4-20 Insert an SFP module Identify the Rx and Tx ports on the SFP module. Plug the LC connector at one end of one fiber cable into the Rx port of the firewall and the LC connector at the other end into the Tx port of the peer device.

  • Page 65: Connecting A 4Gbe/8Gbe Interface Module Cable

    Installation Manual H3C SecPath F1000-E Firewall Chapter 4 Installing the Firewall Table 4-5 Status of the SFP LED Color Status No optical fiber link is present. Solid green An optical fiber link is present. SFP0 to SFP3 (yellow/green) Flashing green Data is being transmitted/received.

  • Page 66: Verifying Installation

    Installation Manual H3C SecPath F1000-E Firewall Chapter 4 Installing the Firewall Check the status of the LED of the corresponding interface module slot on the front panel: If the LED is on, the power-on self test (POST) succeeds and the module works normally;...
  • Page 67 Installation Manual H3C SecPath F1000-E Firewall Table of Contents Table of Contents Chapter 5 Starting and Configuring the Firewall ............... 5-1 5.1 Setting Up a Configuration Environment ................5-1 5.1.1 Connecting the Firewall to a Configuration Terminal ..........5-1 5.1.2 Setting the Parameters for the Console Terminal........... 5-1 5.2 Firewall Power-On ......................

  • Page 68: Chapter 5 Starting And Configuring The Firewall

    Installation Manual H3C SecPath F1000-E Firewall Chapter 5 Starting and Configuring the Firewall Chapter 5 Starting and Configuring the Firewall You can use only the console port to make initial configuration of the F1000-E. 5.1 Setting Up a Configuration Environment 5.1.1 Connecting the Firewall to a Configuration Terminal...
  • Page 69 Installation Manual H3C SecPath F1000-E Firewall Chapter 5 Starting and Configuring the Firewall Figure 5-2 Select a port for local configuration connection Set serial port parameters. Set the properties of the serial port in the COM1 Properties dialog box, as shown in Figure 5-3.
  • Page 70 Installation Manual H3C SecPath F1000-E Firewall Chapter 5 Starting and Configuring the Firewall Figure 5-3 Set serial port parameters Click OK after setting the serial port parameters to enter the HyperTerminal window, as shown below. Figure 5-4 HyperTerminal window...

  • Page 71: Firewall Power-On

    Installation Manual H3C SecPath F1000-E Firewall Chapter 5 Starting and Configuring the Firewall Set HyperTerminal properties. In the HyperTerminal window, select File > Properties from the menu, and select the Settings tab to enter the properties setting dialog box, as shown below. Select VT100 or Auto detect from the Emulation drop-down list, and click OK to return to the HyperTerminal window.

  • Page 72: Powering On The Firewall

    Installation Manual H3C SecPath F1000-E Firewall Chapter 5 Starting and Configuring the Firewall Warning: Before powering on the firewall, locate the position of the power switch for the equipment room where you will operate so that you can switch off the power supply promptly in case of any accident 5.2.2 Powering On the Firewall...

  • Page 73: Startup Process

    The information displayed on the terminal may vary with different BootWare versions. System start booting... Booting Normal Extend BootWare..******************************************************** H3C SecPath F1000-E BootWare, Version 1.12 ******************************************************** Copyright (c) 2004-2007 Hangzhou H3C Technologies Co., Ltd. Compiled Date : Jul 27 2007 CPU Type : XLR732 CPU L1 Cache...

  • Page 74: Configuration Fundamentals

    Installation Manual H3C SecPath F1000-E Firewall Chapter 5 Starting and Configuring the Firewall Press Ctrl+B at this prompt to enter the extended BootWare menu, or let the system start to decompress the application program. Note: To enter the extended BootWare menu, press Ctrl+B as prompted within four seconds;...

  • Page 75: Command Line Interface

    Perform security configuration for the firewall if necessary. Perform reliability configuration for the firewall if necessary. For the configuration details of the protocols or functions of the firewall, refer to H3C SecPath Series Security Products User Manual. 5.5 Command Line Interface 5.5.1 Features of the Command Line Interface...

  • Page 76: Logging To The Firewall Through A Web Browser

    Installation Manual H3C SecPath F1000-E Firewall Chapter 5 Starting and Configuring the Firewall 5.6 Logging to the Firewall Through a Web Browser The F1000-E supports Web-based network management, which allows you to manage and maintain the firewall in a more user-friendly way.
  • Page 77 Installation Manual H3C SecPath F1000-E Firewall Table of Contents Table of Contents Chapter 6 Maintaining Software....................6-1 6.1 Overview ..........................6-1 6.1.1 Files Managed by the Firewall ................6-1 6.1.2 BootWare Program File................... 6-1 6.1.3 Application File ......................6-1 6.1.4 Configuration Files ....................6-2 6.1.5 Software Maintenance Methods................
  • Page 78 Installation Manual H3C SecPath F1000-E Firewall Table of Contents 6.9.2 Software Upgrade Configuration Example............6-39...

  • Page 79: Chapter 6 Maintaining Software

    Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software Chapter 6 Maintaining Software 6.1 Overview 6.1.1 Files Managed by the Firewall Three types of files need to be managed on the F1000-E. They are: BootWare program file Application file Configuration file 6.1.2 BootWare Program File...

  • Page 80: Configuration Files

    Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software Main application file. The default name is main.bin, and the file type is M. It is the default application file used for booting. Backup application file. The default name is backup.bin, and the file type is B.

  • Page 81: Software Maintenance Methods

    Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software Backup configuration file. The file type is B. When the boot using the main configuration file fails, the system boots using the backup configuration file. Default configuration file. The file type can be M, B or N. When the boot using the main and backup configuration files fails, the system boots using the default configuration file.
  • Page 82 Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software In the CLI approach, the following two methods are available for software upgrading: Upgrade BootWare and applications using the Xmodem protocol through a serial interface. Upgrade applications using TFTP/FTP through Ethernet interface on BootWare menu or through command lines.

  • Page 83: Bootware Menu

    The information displayed on the terminal may vary with different BootWare versions. System start booting... Booting Normal Extend BootWare..******************************************************** H3C SecPath F1000-E BootWare, Version 1.12 ******************************************************** Copyright (c) 2004-2007 Hangzhou H3C Technologies Co., Ltd. Compiled Date : Jul 27 2007 CPU Type : XLR732 CPU L1 Cache...
  • Page 84 Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software Note: You must press Ctrl+B in four seconds when “Press Ctrl+B to enter extended boot menu” appears. Otherwise, the system will not enter the extended BootWare menu but enter the self extraction process of applications.

  • Page 85: Serial Submenu

    Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software Table 6-1 BootWare main menu Menu item Description <1> Boot System Boot system applications from the CF card Enter the serial submenu. <2> Enter Serial SubMenu For detailed information, refer to section 6.2.2 “Serial Submenu”...

  • Page 86: Ethernet Submenu

    Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software | <3> Update Backup Application File | <4> Update Secure Application File | <5> Modify Serial Interface Parameter | <0> Exit To Main Menu ============================================================= Enter your choice(0-5): Items on this submenu are described in Table 6-2.

  • Page 87: File Control Submenu

    Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software Table 6-3 Ethernet submenu Menu item Description <1> Download Application Program To Download an application to the SDRAM SDRAM And Run and run the program. <2> Update Main Application File Upgrade the main application file.

  • Page 88: Storage Device Operation Submenu

    Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software | <1> Backup Full BootWare | <2> Restore Full BootWare | <3> Update BootWare By Serial | <4> Update BootWare By Ethernet | <0> Exit To Main Menu ============================================================= Enter your choice(0-4):...

  • Page 89: Upgrading Bootware And An Application Through A Serial Interface

    Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software 6.3 Upgrading BootWare and an Application Through a Serial Interface 6.3.1 Introduction to Xmodem Use Xmodem when upgrading BootWare and an application through a serial interface. Xmodem is a file transfer protocol that is widely used due to its simplicity and high performance.
  • Page 90 Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software Enter Your Choice(0-5): Select a proper baud rate. For example, select 5 for a baud rate of 115200 bps and the system displays the following information: Baudrate has been changed to 115200 bps.

  • Page 91: Upgrading An Application

    Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software Select Call > Call to establish a new connection. Figure 6-4 Re-establish a call connection Then, press the Enter key, and the system will prompt the current baud rate and return to the previous menu.
  • Page 92 Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software Figure 6-5 Send File dialog box Click Browse… to select the application to be downloaded, and select Xmodem from the Protocol drop-down list. Then click Send and the following dialog box appears:...

  • Page 93: Upgrading Bootware

    Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software 6.3.4 Upgrading BootWare Enter the BootWare main menu, refer to section 6.2.1 “BootWare Main Menu“ on page 6-5. Select 7 to enter the BootWare operation submenu, where you can perform all BootWare operations.

  • Page 94: Upgrading An Application Using Tftp

    Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software Figure 6-8 Sending file dialog box After the file is downloaded, the following information appears on the terminal interface, indicating the success of BootWare upgrade: Download successfully! 10129792 bytes downloaded! Note: The BootWare program is upgraded together with the Comware application.

  • Page 95: Upgrading An Application Using Tftp On The Bootware Menu

    Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software does not provide any access authorization and authentication mechanism. It employs timeout and retransmission to guarantee successful data delivery. The F1000-E firewall can serve as the TFTP client. Therefore the file server serves as the TFTP server.
  • Page 96 Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software Caution: The TFTP Server software is not included in the F1000-E firewall package. You need to purchase and install it by yourself, You can upgrade the applications of the F1000-E through GigabitEthernet 0/0 only.
  • Page 97 Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software Display information Description Server IP Address IP address of the FTP/TFTP server. IP address of the interface connected with the Local IP Address FTP/TFTP server. IP address of the gateway. You need not configure Gateway IP Address this IP address.

  • Page 98: Upgrading An Application Using Tftp Through Command Lines

    Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software 6.4.2 Upgrading an Application Using TFTP Through Command Lines Set up a TFTP upgrade environment. Firewall serves as the TFTP client, and PC serves as the TFTP server. For the procedure of setting up an upgrade environment, refer to step 1 in section 6.4.1 “Upgrading an Application Using TFTP on the BootWare Menu”...
  • Page 99 You need to select Y or N for confirmation. For details about the tftp command, refer to H3C SecPath Series Security Products User Manual.

  • Page 100: Upgrading An Application Using Ftp

    For details about the tftp command, refer to H3C SecPath Series Security Products User Manual. You can backup a configuration file using the same method as backing up an application file.

  • Page 101: Upgrading An Application Using Ftp On The Bootware Menu

    Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software 6.5.1 Upgrading an Application Using FTP on the BootWare Menu Set up an FTP upgrade environment. F1000-E (FTP client) Ethernet cable (FTP server) Console cable Figure 6-10 Set up an FTP upgrade environment Firewall servers as the FTP client, and PC serves as the FTP server.
  • Page 102 Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software Use the dir command on the console terminal to view the files contained in the current file system, and the available space of the storage device. For details, refer to step 2 in section 6.4.2 “Upgrading an Application Using TFTP Through...
  • Page 103 You need to choose Y or N for confirmation. For details about the get command, refer to H3C SecPath Series Security Products User Manual.
  • Page 104 Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software Table 6-10 Description on the information displayed when you upgrade and backup an application file on the firewall Display information Description [ftp]get main.bin main.bin Download the file used for upgrade cfa0:/main.bin has been existing.
  • Page 105 3. Otherwise, the system prompts that “You have no rights to store files” when you restore the backed-up file to the firewall. For configurations of user levels, refer to H3C SecPath Series Security Products User Manual. Enable the FTP client program on the PC.
  • Page 106 Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software In the following example, the FTP client program is the built-in Windows XP FTP client: Enter ftp in the DOS window: C:\Documents and Settings\Administrator>ftp ftp> ftp> open 192.168.80.10 Connected to 192.168.80.10.
  • Page 107 For details about the put command, refer to H3C SecPath Series Security Products User Manual. You can upgrade a configuration file using the same method as upgrading an application file.

  • Page 108: Maintaining Application And Configuration Files

    Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software Display information Description ftp> get main.bin main_bac.bin Download the file from the firewall to the PC. ftp> quit Quit the FTP server. 6.6 Maintaining Application and Configuration Files You can modify and display a file type on the file control submenu.

  • Page 109: Setting The Application File Type

    File system type of cfa0 File system type of the storage medium. Note: For details about the dir command, refer to H3C SecPath Series Security Products User Manual. 6.6.2 Setting the Application File Type I. Setting application file type on the BootWare menu You can modify the type of type M, B and N application files on the BootWare menu or using commands after the application files boot;...

  • Page 110: Deleting A File

    If there was an M type of application file, the type of that file was automatically changed to N. Note: For details about the boot-loader command, refer to H3C SecPath Series Security Products User Manual. 6.6.3 Deleting a File I.

  • Page 111: Dealing With Password Loss

    Undelete cfa0:/startup.cfg? [Y/N]:y % Undeleted file cfa0:/startup.cfg. Note: For details about the delete and undelete commands, refer to H3C SecPath Series Security Products User Manual. 6.7 Dealing with Password Loss When the BootWare password, user password or super password is lost, resort to the following methods: 6.7.1 User Password Loss...

  • Page 112: Bootware Password Loss

    <H3C> system-view [H3C] user-interface console 0 [H3C-ui-console0] authentication-mode password [H3C-ui-console0] set authentication password simple 123456 The above information indicates that the password authentication is adopted on the console interface and the password is set to 123456 and stored in plain text.

  • Page 113: Super Password Loss

    Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software please input old password: Enter the old password. please input old password: ****** Note: If the old password is incorrect, the system will prompt “Wrong password,Please input password again:”. You have three chances to enter the correct old password. If you fail to do that, the system will halt and prompt “Wrong password,system halt.”.

  • Page 114: Backing Up And Restoring Bootware

    Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software Clear Application Password Success Note: Select option 8, quit the menu, reboot the firewall, and then you can enter system view directly. This setting (password clearing) is valid only for the first reboot of the firewall. The super password will be restored after a second reboot.

  • Page 115: Restoring The Full Bootware

    Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software II. Backing up the full BootWare using the CLI <H3C>bootrom backup Now backuping bootrom, please wait... Backup bootrom! Please wait... Read normal basic bootrom completed! Backup normal basic bootrom completed!

  • Page 116: Upgrading The Software Through The Web Interface

    Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software Read backup extend bootrom completed! Restore extend bootrom completed! Restore bootrom completed! 6.9 Upgrading the Software Through the Web Interface When you upgrade the software of the F1000-E through the Web interface, the system downloads the software from the specified TFTP server to the local storage device and updates the software.
  • Page 117 Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software Item Remarks Device Specify the filename to be saved on the device, which must have a filename suffix of .bin or .app. File Select If file with same name exists, overwrite it without...
  • Page 118 Installation Manual H3C SecPath F1000-E Firewall Chapter 6 Maintaining Software Verify the upgrade result # Use the display boot-loader command on the TFTP server to verify the software upgrade result. <Sysname>display boot-loader The file used this time:flash:/dest.bin attr:Main 6-40...
  • Page 119 Installation Manual H3C SecPath F1000-E Firewall Table of Contents Table of Contents Chapter 7 Maintaining Hardware ....................7-1 7.1 Preparing Tools........................7-1 7.2 Precautions ........................7-1 7.3 Opening/Closing the Chassis Cover.................. 7-2 7.4 Interior Structure ........................ 7-3 7.5 Installing and Removing Blank Panels ................7-4 7.5.1 Blank Panel Structure .....................

  • Page 120: Chapter 7 Maintaining Hardware

    ESD-preventive wrist straps, ESD-preventive gloves Antistatic bags, antistatic pads Note: None of the above-mentioned tools are shipped with the SecPath F1000-E firewall. 7.2 Precautions Maintain the firewall hardware under the guidance of the local dealer or technical support engineers appointed by H3C.

  • Page 121: Opening/Closing The Chassis Cover

    7.3 Opening/Closing the Chassis Cover Caution: One of the screws fixing the firewall chassis is covered with an H3C temper-proof seal. Before providing services on your firewall, your local dealer requires that the temper-proof seal be unbroken. Therefore, please contact your local dealer for permission before opening the firewall chassis, and follow your local dealer’s...

  • Page 122: Interior Structure

    Installation Manual H3C SecPath F1000-E Firewall Chapter 7 Maintaining Hardware With the front panel of the firewall facing you, pull the chassis cover about five centimeters. Figure 7-3 Pull the chassis cover about five centimeters Lift the end of the chassis cover and then pull the chassis cover away from the bottom part of the chassis, as shown below.

  • Page 123: Installing And Removing Blank Panels

    Installation Manual H3C SecPath F1000-E Firewall Chapter 7 Maintaining Hardware (1) HIM slot 2 (2) HIM slot 1 (3) Fan (4) Memory module connector (5) Built-in CF card (6) Power supply Figure 7-5 Interior structure of the F1000-E 7.5 Installing and Removing Blank Panels 7.5.1 Blank Panel Structure...

  • Page 124: Removing Blank Panels

    Installation Manual H3C SecPath F1000-E Firewall Chapter 7 Maintaining Hardware (1) Front view of a blank panel (2) Side view of a blank panel (3) Back view of a blank panel Figure 7-6 Structure of a blank panel 7.5.2 Removing Blank Panels Follow these steps to remove a blank panel: Face the rear panel of the firewall.

  • Page 125: Installing A Blank Panel

    Installation Manual H3C SecPath F1000-E Firewall Chapter 7 Maintaining Hardware Note: Place the removed blank panels and screws in a safe place for later use. 7.5.3 Installing a Blank Panel After an HIM is removed from the firewall, it is recommended to install two blank panels if the slot is to remain empty.

  • Page 126: Removing An Him

    Installation Manual H3C SecPath F1000-E Firewall Chapter 7 Maintaining Hardware Figure 7-9 Fix the HIM Power on the firewall, and check the LED of the corresponding slot on the front panel. After the HIM is initialized, the LED should stay on to indicate the normal operating condition of the interface module;...

  • Page 127: Removing A Cf Card

    Installation Manual H3C SecPath F1000-E Firewall Chapter 7 Maintaining Hardware Make sure that the CF card LED is not flashing before proceeding with the next step. Press the CF card eject button in and make sure it does not project from the panel.

  • Page 128: Replacing A Memory Module

    Installation Manual H3C SecPath F1000-E Firewall Chapter 7 Maintaining Hardware Press the eject button again so that the CF card comes part-way out, and then pull the card out of the slot. Figure 7-12 Eject the CF card Caution: Do not remove the CF card when the firewall is booting or the LED is flashing to avoid hardware damage.

  • Page 129: Flow Of Replacing A Memory Module

    H3C SecPath F1000-E Firewall Chapter 7 Maintaining Hardware Caution: Use the memory modules provided by Hangzhou H3C Technologies Co., Ltd. only. Otherwise, anomalies might occur to the device. For specific specifications of memory modules supported by the F1000-E firewall, refer to 1.4.1 “Processor and Storages” in Chapter 1 “Product Overview”.

  • Page 130: Memory Module And Connector Structure

    Installation Manual H3C SecPath F1000-E Firewall Chapter 7 Maintaining Hardware 7.8.3 Memory Module and Connector Structure Figure 7-14 Structure of a memory module for the F1000-E Figure 7-15 Structure of a memory module connector 7.8.4 Removing a Memory Module Make sure all power supplies to the firewall are disconnected.

  • Page 131: Installing A Memory Module

    Installation Manual H3C SecPath F1000-E Firewall Chapter 7 Maintaining Hardware Caution: Do not touch the surface-mounted components of the memory module directly with your hands. Hold the memory module only at its non-conductive edge. Because a memory module is vulnerable to ESD, improper operation may damage it.
  • Page 132 Installation Manual H3C SecPath F1000-E Firewall Table of Contents Table of Contents Chapter 8 Troubleshooting ......................8-1 8.1 Troubleshooting the Power System................... 8-1 8.2 Troubleshooting Fans ......................8-1 8.3 Troubleshooting the Configuration System ............... 8-2 8.3.1 No Display on the Terminal Screen ................ 8-2 8.3.2 Illegible Characters on the Terminal Screen............

  • Page 133: Chapter 8 Troubleshooting

    8.2 Troubleshooting Fans I. Symptom After the firewall is booted, the following information appears: %Jun 22 16:11:37:485 2007 H3C DEV/4/FAN FAILED: Fan 1 failed. II. Solution Follow these steps to troubleshoot fans: Remove the chassis cover.

  • Page 134: Troubleshooting The Configuration System

    Installation Manual H3C SecPath F1000-E Firewall Chapter 8 Troubleshooting 8.3 Troubleshooting the Configuration System If the system runs normally after the firewall is powered on, the booting information is displayed on the configuration terminal. If the configuration system is faulty, the terminal screen may display nothing or illegible characters.

  • Page 135: Using The Aux Port As Backup Console Port

    The AUX port works in the flow mode by default. Use the async mod { flow | protocol } command to switch between the flow mode and the protocol mode. For more information, refer to H3C SecPath Series Security Products User Manual.

  • Page 136: Troubleshooting The Cooling System

    If the temperature inside the firewall exceeds 90°C (194°F), power off the firewall immediately and contact your local sales agent. Note: For more information about the display environment command, refer to H3C SecPath Series Security Products User Manual. 8.7 Troubleshooting Interface Modules, Cables and Connections I.
  • Page 137 Installation Manual H3C SecPath F1000-E Firewall Chapter 8 Troubleshooting The HIM cable is correctly connected. The interface has been correctly configured and is working normally (use the display command).

Table of Contents