Clavister Eagle E7Getting Started GuideClavister ABSjögatan 6JSE-89160 ÖrnsköldsvikSWEDENPhone: +46-660-299200www.clavister.comPublished 2015-04-07Cop
they act as a VLAN. All 8 Ethernet interfaces can act as 8 separate VLANs or they can be groupedinto a lesser number of VLANs. Alternatively, some may
Chapter 1: E7 Product Overview11
Chapter 2: Registering with ClavisterBefore applying power to the E7 and starting cOS Core, it is important to understand the thecustomer and product
2. The customer login page is presented. It is assumed that a new customer is accessing thesite for the first time so they should press the Register b
5. Below is an example of the email that John Smith would receive.6. When the confirmation link in the email is clicked, the new customer is taken to
B. Registration of the E7 Hardware UnitThese steps describe manual registration of the E7 hardware unit.Alternatively, if the E7 is connected to the I
The image above shows an example label which illustrates the typical layout of identificationlabels found on Clavister hardware products.After Success
Chapter 3: E7 Installation• General Installation Guidelines, page 17• Flat Surface Installation, page 19• Rack Mounting, page 20• Local Console Port C
• Surge ProtectionA third party surge protection device should be considered and is strongly recommended asa means to prevent electrical surges reachi
3.2. Flat Surface InstallationThe E7 can be mounted on any appropriate stable, flat, level surface that can safely support theweight of the appliance
Clavister Eagle E7Getting Started GuidePublished 2015-04-07Copyright © 2015 Clavister ABCopyright NoticeThis publication, including all photographs, i
3.3. Rack MountingAn optional Rack Mount Kit is available for the E7 for mounting the appliance in a 19-inch rack.This kit must be ordered as a separa
3. Take a Hex screw driver and secure the bracket by screwing in the 2 pre-installed screws.These screws will engage with the corners of the fan vents
6. Finally, plug the PSU power cord into the E7 power inlet.The E7 with the attached mounting brackets is now ready to be mounted in a 19-inch rack.Fo
3.4. Local Console Port ConnectionOn the first generation of the E7 appliance (revision A) the local console port is a physical RJ45RS-232 port on the
v. No flow control.• An RS-232 cable with appropriate terminating connectors.Connection StepsTo connect a terminal to the local console port, perform
3.5. Micro-USB Console Port ConnectionOn the second generation of the E7 appliance (revision B) the local console port is a physicalmicro-USB port on
The local console port need not be used if setup is done through a web browser as described inSection 4.2, “Web Interface and Wizard Setup”. If the lo
3.6. Connecting PowerThis section describes connecting power. As soon as power is applied, the E7 will boot-up andcOS Core will start.ImportantPlease
Chapter 3: E7 Installation28
Chapter 4: cOS Core Configuration• Management Workstation Connection, page 29• Web Interface and Wizard Setup, page 32• Manual Web Interface Setup, pa
Table of ContentsPreface ... 51. E7 Produ
• Through a web browser.A standard web browser running on a standalone computer (also referred to as themanagement workstation) can be used to access
For connection to the public Internet, another E7 Ethernet interface should be connected to anISP and this is referred to in the setup wizard as the W
4.2. Web Interface and Wizard SetupThis chapter describes the setup when accessing cOS Core for the first time through a webbrowser. The user interfac
It is possible to configure cOS Core to use a CA signed certificate instead of self-signed certificatefor the management login and doing this is descr
the Clavister Security Gateway is being used in Transparent Mode between two internal networks,then the configuration setup is best done with manual W
Wizard step 3: Select the WAN interfaceNext, you will be asked for the WAN interface that will be used to connect to an ISP for Internetaccess.Wizard
These four different connection options are discussed next in the subsections 4A to 4D thatfollow.• 4A. Static - manual configurationInformation suppl
DNS servers are set automatically after connection with PPPoE.• 4D. PPTP settingsThe username and password supplied by an ISP for PPTP connection shou
Wizard step 6: Helper server settingsOptional NTP and Syslog servers can be enabled here in the wizard or configured later. NetworkTime Protocol serve
Wizard step 7: Activate setupThe final step for the configuration is to save and activate it by pressing the Activate button. Afterthis step the Web I
List of Figures1.1. An Unpacked Clavister E7 Appliance ... 71.2. Clavister E7 Connectio
4.3. Manual Web Interface SetupThis section describes initial cOS Core configuration performed directly through the WebInterface, without using the se
Important: The time server URL requires the "dns:" prefixWhen specifying a URL in cOS Core for the time server, it must have the prefix &quo
Reconfiguration is a process that the cOS Core administrator may initiate often. Normally,reconfiguration takes a brief amount of time and causes only
The initial step is to set up a number of IPv4 address objects in the cOS Core Address Book. Let usassume for this section that the interface used for
object is named by combining the interface name with the suffix "_net" and this is the network towhich the interface belongs.Tip: Creating a
Click on the interface in the list which is to be connected to the Internet. The properties for thisinterface will now appear and the settings can be
The properties for the new IP rule will appear. In this example, we will call the rule lan_to_wan.The rule Action is set to NAT (this is explained fur
this is needed. This could be done with a single IP rule or IP policy that uses a custom servicewhich combines the HTTP and DNS protocols but the reco
B. DHCP - automatic configurationAll the required IP addresses for Internet connection can, alternatively, be automatically retrievedfrom an ISP'
For PPPoE connection, we must create a PPPoE tunnel interface associated with the physicalEthernet interface. Assume that the physical interface is G2
PrefaceTarget AudienceThe target audience for this guide is the administrator who has taken delivery of a packagedClavister E7 appliance and is settin
An ISP will supply the correct values for pptp_username, pptp_password and the remoteendpoint. An interface is not specified when defining the tunnel
An example IP pool range might be 196.168.1.10 - 192.168.1.20 with a netmask of 255.255.0.0.In addition, it is important to specify the Default gatewa
Tip: Address book object namingThe cOS Core address book is organized alphabetically so when choosing names for IPaddress objects it is best to have t
The IP rule again has the NAT action and this is necessary if the protected local hosts have privateIPv4 addresses. The ICMP requests will be sent out
Logging can now be enabled on this rule with the desired severity. Click the Log Settings tab,and click the Enable logging box. All log messages gener
Doing this is described in Section 4.5, “License Installation Methods”.Chapter 4: cOS Core Configuration55
4.4. CLI SetupThis chapter describes the setup steps using CLI commands instead of the setup wizard.The CLI is accessible using either one of two meth
The new username/password combination should be remembered and the password should becomposed in a way which makes it difficult to guess. The next ste
Note: Private IPv4 addresses are used for example onlyEach installation's IP addresses will be different from the example IP addresses but theyar
EthernetDevice: 0:G2 1:<empty>AutoSwitchRoute: NoAutoInterfaceNetworkRoute: YesAutoDefaultGatewayRoute: YesReceiveMulticastTraffic: AutoMemberOf
This is essential reading for the user as they should be aware that a serious situationmay result if certain actions are taken or not taken.Text links
Device:/> set DNS DNSServer1=dns1_addressAssuming a second IP object called dns2_address has been defined, the second DNS server isspecified with:D
source interface and source network (in this example, the network G3_net and interface G3) toflow to the destination network all-nets and the destinat
DHCP Server SetupIf the Clavister Security Gateway is to act as a DHCP server then this can be set up in the followingway:First define an IPv4 address
Add an IP rule called allow_ping_outbound to allow ICMP pings to pass:Device:/> add IPRule name=allow_ping_outboundAction=NATSourceInterface=G3Sour
4.5. License Installation MethodsWithout a valid license installed, cOS Core will run in demo mode (demonstration mode) whichmeans that it will cease
v. Download a license from the license list to the computer's local disk.vi. The license file is uploaded to the security gateway through the cOS
4.6. Setup TroubleshootingThis appendix deals with connection problems that might occur when connecting amanagement workstation to a Clavister Securit
This will display console messages that show all the ARP packets being received on the differentinterfaces and confirm that the correct cables are con
4.7. Going Further with cOS CoreAfter initial setup is complete, the administrator is ready to go further with configuring cOS Coreto suit the require
Included with the quick start section is a checklist for troubleshooting and advice on how best todeal with the networking complications that can aris
Chapter 1: E7 Product Overview• Unpacking the E7, page 7• Interfaces and Ports, page 91.1. Unpacking the E7Figure 1.1. An Unpacked Clavister E7 Applia
Chapter 4: cOS Core Configuration70
Chapter 5: Resetting to Factory DefaultsIn some circumstances, it may be necessary to reset the E7 hardware to the state it was in when itleft the fac
Warning: Current configuration and cOS Core upgrades are lostThe factory defaults will include the default configuration and the original version ofcO
Chapter 6: Warranty ServiceLimitation of WarrantyClavister warrants to the customer of the E7 Appliance that the Hardware components will befree from
Clavister ABSjögatan 6J891 60 ÖrnsköldsvikSWEDENIf the product has not yet been registered with the Clavister through its client web, a proofof purcha
Chapter 7: Safety PrecautionsSafety PrecautionsClavister E7 devices are Safety Class I products and have protective ground terminals. There mustbe an
Informations concernant la sécuritéCet appareil est un produit de classe I et possède une borne de mise à la terre. La sourced’alimentation principale
• se la vostra LAN copre un’area servita da più di un sistema di distribuzione elettrica,accertatevi che i collegamenti a terra di sicurezza siano ben
Appendix A: E7 SpecificationsBelow are the key hardware specifications for the Clavister E7 product.Dimensions, Weight and MTBFHeight x Width x Depth
Appendix B: Declarations of Conformity79
Note: If any items are missingIf any items are missing from the E7 package, please contact the reseller or distributor.All relevant documentation in P
Appendix B: Declarations of Conformity80
Appendix B: Declarations of Conformity81
Appendix C: Port Based VLAN SetupVLAN support on the E7 is divided into two types:• On the Ethernet interfaces G1, G2 and G3, VLANs are created by con
2. Associate the VLANs with GESW interfacesGo to Network > Interfaces and VPN > VLAN > Switch Management, enable port based VLANand set each
Clavister ABSjögatan 6JSE-89160 ÖrnsköldsvikSWEDENPhone: +46-660-299200www.clavister.com
1.2. Interfaces and PortsThis section is an overview of the E7 product's external design.Figure 1.2. Clavister E7 Connection PortsThe E7 features
Comentarios a estos manuales