Eagle Access Control Systems Eagle-E7 Especificaciones

Clavister Eagle E7Getting Started GuideClavister ABSjögatan 6JSE-89160 ÖrnsköldsvikSWEDENPhone: +46-660-299200www.clavister.comPublished 2015-04-07Cop

they act as a VLAN. All 8 Ethernet interfaces can act as 8 separate VLANs or they can be groupedinto a lesser number of VLANs. Alternatively, some may

Chapter 1: E7 Product Overview11

Chapter 2: Registering with ClavisterBefore applying power to the E7 and starting cOS Core, it is important to understand the thecustomer and product

2. The customer login page is presented. It is assumed that a new customer is accessing thesite for the first time so they should press the Register b

5. Below is an example of the email that John Smith would receive.6. When the confirmation link in the email is clicked, the new customer is taken to

B. Registration of the E7 Hardware UnitThese steps describe manual registration of the E7 hardware unit.Alternatively, if the E7 is connected to the I

The image above shows an example label which illustrates the typical layout of identificationlabels found on Clavister hardware products.After Success

Chapter 3: E7 Installation• General Installation Guidelines, page 17• Flat Surface Installation, page 19• Rack Mounting, page 20• Local Console Port C

• Surge ProtectionA third party surge protection device should be considered and is strongly recommended asa means to prevent electrical surges reachi

3.2. Flat Surface InstallationThe E7 can be mounted on any appropriate stable, flat, level surface that can safely support theweight of the appliance

Clavister Eagle E7Getting Started GuidePublished 2015-04-07Copyright © 2015 Clavister ABCopyright NoticeThis publication, including all photographs, i

3.3. Rack MountingAn optional Rack Mount Kit is available for the E7 for mounting the appliance in a 19-inch rack.This kit must be ordered as a separa

3. Take a Hex screw driver and secure the bracket by screwing in the 2 pre-installed screws.These screws will engage with the corners of the fan vents

6. Finally, plug the PSU power cord into the E7 power inlet.The E7 with the attached mounting brackets is now ready to be mounted in a 19-inch rack.Fo

3.4. Local Console Port ConnectionOn the first generation of the E7 appliance (revision A) the local console port is a physical RJ45RS-232 port on the

v. No flow control.• An RS-232 cable with appropriate terminating connectors.Connection StepsTo connect a terminal to the local console port, perform

3.5. Micro-USB Console Port ConnectionOn the second generation of the E7 appliance (revision B) the local console port is a physicalmicro-USB port on

The local console port need not be used if setup is done through a web browser as described inSection 4.2, “Web Interface and Wizard Setup”. If the lo

3.6. Connecting PowerThis section describes connecting power. As soon as power is applied, the E7 will boot-up andcOS Core will start.ImportantPlease

Chapter 3: E7 Installation28

Chapter 4: cOS Core Configuration• Management Workstation Connection, page 29• Web Interface and Wizard Setup, page 32• Manual Web Interface Setup, pa

Table of ContentsPreface ... 51. E7 Produ

• Through a web browser.A standard web browser running on a standalone computer (also referred to as themanagement workstation) can be used to access

For connection to the public Internet, another E7 Ethernet interface should be connected to anISP and this is referred to in the setup wizard as the W

4.2. Web Interface and Wizard SetupThis chapter describes the setup when accessing cOS Core for the first time through a webbrowser. The user interfac

It is possible to configure cOS Core to use a CA signed certificate instead of self-signed certificatefor the management login and doing this is descr

the Clavister Security Gateway is being used in Transparent Mode between two internal networks,then the configuration setup is best done with manual W

Wizard step 3: Select the WAN interfaceNext, you will be asked for the WAN interface that will be used to connect to an ISP for Internetaccess.Wizard

These four different connection options are discussed next in the subsections 4A to 4D thatfollow.• 4A. Static - manual configurationInformation suppl

DNS servers are set automatically after connection with PPPoE.• 4D. PPTP settingsThe username and password supplied by an ISP for PPTP connection shou

Wizard step 6: Helper server settingsOptional NTP and Syslog servers can be enabled here in the wizard or configured later. NetworkTime Protocol serve

Wizard step 7: Activate setupThe final step for the configuration is to save and activate it by pressing the Activate button. Afterthis step the Web I

List of Figures1.1. An Unpacked Clavister E7 Appliance ... 71.2. Clavister E7 Connectio

4.3. Manual Web Interface SetupThis section describes initial cOS Core configuration performed directly through the WebInterface, without using the se

Important: The time server URL requires the "dns:" prefixWhen specifying a URL in cOS Core for the time server, it must have the prefix &quo

Reconfiguration is a process that the cOS Core administrator may initiate often. Normally,reconfiguration takes a brief amount of time and causes only

The initial step is to set up a number of IPv4 address objects in the cOS Core Address Book. Let usassume for this section that the interface used for

object is named by combining the interface name with the suffix "_net" and this is the network towhich the interface belongs.Tip: Creating a

Click on the interface in the list which is to be connected to the Internet. The properties for thisinterface will now appear and the settings can be

The properties for the new IP rule will appear. In this example, we will call the rule lan_to_wan.The rule Action is set to NAT (this is explained fur

this is needed. This could be done with a single IP rule or IP policy that uses a custom servicewhich combines the HTTP and DNS protocols but the reco

B. DHCP - automatic configurationAll the required IP addresses for Internet connection can, alternatively, be automatically retrievedfrom an ISP'

For PPPoE connection, we must create a PPPoE tunnel interface associated with the physicalEthernet interface. Assume that the physical interface is G2

PrefaceTarget AudienceThe target audience for this guide is the administrator who has taken delivery of a packagedClavister E7 appliance and is settin

An ISP will supply the correct values for pptp_username, pptp_password and the remoteendpoint. An interface is not specified when defining the tunnel

An example IP pool range might be 196.168.1.10 - 192.168.1.20 with a netmask of 255.255.0.0.In addition, it is important to specify the Default gatewa

Tip: Address book object namingThe cOS Core address book is organized alphabetically so when choosing names for IPaddress objects it is best to have t

The IP rule again has the NAT action and this is necessary if the protected local hosts have privateIPv4 addresses. The ICMP requests will be sent out

Logging can now be enabled on this rule with the desired severity. Click the Log Settings tab,and click the Enable logging box. All log messages gener

Doing this is described in Section 4.5, “License Installation Methods”.Chapter 4: cOS Core Configuration55

4.4. CLI SetupThis chapter describes the setup steps using CLI commands instead of the setup wizard.The CLI is accessible using either one of two meth

The new username/password combination should be remembered and the password should becomposed in a way which makes it difficult to guess. The next ste

Note: Private IPv4 addresses are used for example onlyEach installation's IP addresses will be different from the example IP addresses but theyar

EthernetDevice: 0:G2 1:<empty>AutoSwitchRoute: NoAutoInterfaceNetworkRoute: YesAutoDefaultGatewayRoute: YesReceiveMulticastTraffic: AutoMemberOf

This is essential reading for the user as they should be aware that a serious situationmay result if certain actions are taken or not taken.Text links

Device:/> set DNS DNSServer1=dns1_addressAssuming a second IP object called dns2_address has been defined, the second DNS server isspecified with:D

source interface and source network (in this example, the network G3_net and interface G3) toflow to the destination network all-nets and the destinat

DHCP Server SetupIf the Clavister Security Gateway is to act as a DHCP server then this can be set up in the followingway:First define an IPv4 address

Add an IP rule called allow_ping_outbound to allow ICMP pings to pass:Device:/> add IPRule name=allow_ping_outboundAction=NATSourceInterface=G3Sour

4.5. License Installation MethodsWithout a valid license installed, cOS Core will run in demo mode (demonstration mode) whichmeans that it will cease

v. Download a license from the license list to the computer's local disk.vi. The license file is uploaded to the security gateway through the cOS

4.6. Setup TroubleshootingThis appendix deals with connection problems that might occur when connecting amanagement workstation to a Clavister Securit

This will display console messages that show all the ARP packets being received on the differentinterfaces and confirm that the correct cables are con

4.7. Going Further with cOS CoreAfter initial setup is complete, the administrator is ready to go further with configuring cOS Coreto suit the require

Included with the quick start section is a checklist for troubleshooting and advice on how best todeal with the networking complications that can aris

Chapter 1: E7 Product Overview• Unpacking the E7, page 7• Interfaces and Ports, page 91.1. Unpacking the E7Figure 1.1. An Unpacked Clavister E7 Applia

Chapter 4: cOS Core Configuration70

Chapter 5: Resetting to Factory DefaultsIn some circumstances, it may be necessary to reset the E7 hardware to the state it was in when itleft the fac

Warning: Current configuration and cOS Core upgrades are lostThe factory defaults will include the default configuration and the original version ofcO

Chapter 6: Warranty ServiceLimitation of WarrantyClavister warrants to the customer of the E7 Appliance that the Hardware components will befree from

Clavister ABSjögatan 6J891 60 ÖrnsköldsvikSWEDENIf the product has not yet been registered with the Clavister through its client web, a proofof purcha

Chapter 7: Safety PrecautionsSafety PrecautionsClavister E7 devices are Safety Class I products and have protective ground terminals. There mustbe an

Informations concernant la sécuritéCet appareil est un produit de classe I et possède une borne de mise à la terre. La sourced’alimentation principale

• se la vostra LAN copre un’area servita da più di un sistema di distribuzione elettrica,accertatevi che i collegamenti a terra di sicurezza siano ben

Appendix A: E7 SpecificationsBelow are the key hardware specifications for the Clavister E7 product.Dimensions, Weight and MTBFHeight x Width x Depth

Appendix B: Declarations of Conformity79

Note: If any items are missingIf any items are missing from the E7 package, please contact the reseller or distributor.All relevant documentation in P

Appendix B: Declarations of Conformity80

Appendix B: Declarations of Conformity81

Appendix C: Port Based VLAN SetupVLAN support on the E7 is divided into two types:• On the Ethernet interfaces G1, G2 and G3, VLANs are created by con

2. Associate the VLANs with GESW interfacesGo to Network > Interfaces and VPN > VLAN > Switch Management, enable port based VLANand set each

Clavister ABSjögatan 6JSE-89160 ÖrnsköldsvikSWEDENPhone: +46-660-299200www.clavister.com

1.2. Interfaces and PortsThis section is an overview of the E7 product's external design.Figure 1.2. Clavister E7 Connection PortsThe E7 features