advertisement
Sidewinder
Hardware Guide
Models S4016, 1402-C3, S5032,
S6032, S7032
Revision E
Table of contents
2
Preface
This guide provides the information you need to configure, use, and maintain your product.
Find product documentation
On the
ServicePortal
, you can find information about a released product, including product documentation, technical articles, and more.
1. Go to the
ServicePortal
at https://support.mcafee.com
and click the
Knowledge Center
tab.
2. In the
Knowledge Base
pane under
Content Source
, click
Product Documentation
.
3. Select a product and version, then click
Search
to display a list of documents.
Preface |
3
Introducing the appliances
The features and capabilities of models S4016, 1402-C3, S5032, S6032, and S7032 allow you to plan and configure an appliance.
Models and features
Forcepoint ™ Sidewinder ® models S4016, 1402-C3, S5032, S6032, and S7032 include these features.
• Network module bays that support interchangeable network modules
• Redundant hard drives
• Hardware-based remote management capabilities
• Redundant power supplies
The following table provides an overview of the models.
Table 1: Model features
Model Rack height
1U
Network module bays
2
Maximum network ports
16
Hard drives
2
Power supplies
2 S4016 (similar to
1100F)
1402-C3
S5032 (similar to
2150F)
S6032 (similar to
4150F)
S7032 (similar to
2150F VX)
1U
2U
2U
2U
2
4
4
4
16
32
32
32
1
4
4
4
2
2
2
2
Model S4016
This figure shows the attributes of model S4016.
Figure 1: Model S4016 front panel
Number
1
2
Description
Network module bay 1
Network module bay 2
Introducing the appliances |
4
8
9
6
7
10
4
5
Number
3
Model 1402-C3
This figure shows the attributes of model 1402-C3
Description
Hard drive bays
Remote Management Module Ethernet port
VGA port
Dedicated management port
USB ports
RS-232 serial port
Power button
USB port
Figure 2: Model 1402-C3 front panel
6
7
4
5
8
9
2
3
Number
1
Descriptions
Power button
Indicator lights
UID button
Console port (RS-232 serial port)
VGA port
Fixed Ethernet ports
USB ports
Network module bay 1
Network module bay 2
Introducing the appliances |
5
Models S5032, S6032, and S7032
This figure shows the attributes of models S5032, S6032, and S7032.
Figure 3: Models S5032, S6032, and S7032 front panel
12
13
14
8
9
10
11
6
7
4
5
2
3
Number
1
Description
Network module bay 1
Network module bay 3
RAID battery module
Hard drive bays
Remote Management Module Ethernet port
VGA port
Power button
USB port
Network module bay 2
Network module bay 4
Dedicated management port 1
USB ports
RS-232 serial port
Dedicated management port 2
Supported software
These software versions are supported.
• Models S4016, S5032, and S6032 — Sidewinder software:
• Version 8 — 8.1.1HW04 and later
• Version 7 — 7.0.1.02.HW04 and later
• Model 1402-C3 — 8.3.2HW01 and later
•
Model S7032 — VMware ESXi version 4.1 and later
Introducing the appliances |
6
Network ports
Sidewinder models S4016, 1402-C3, S5032, S6032, and S7032 have network module bays that accept interchangeable network modules.
Network modules are available for different types of Ethernet, so you can select the network modules that are appropriate for your needs. Fiber network modules require the compatible transceiver modules.
Network modules
Network modules contain NICs that connect the appliance to protected networks. Each network module type is interchangeable with all network module bays and can be installed in any combination.
Network modules are available for these types of Ethernet:
• 1 gigabit RJ45 copper
• 1 gigabit SFP fiber
• 10 gigabit SFP+ fiber
The following table summarizes the features of each network module.
Note: By default, model S4016, S5032, and S6032 appliances include a single SC8-UTP network module, and model S7032 appliances include a single S8-UTP network module. For model 1402-
C3 appliances, network modules must be ordered separately.
Table 2: Network modules for S models
Model Type
SC8-UTP 1 gigabit RJ45 copper
Ports
8
S8-UTP 1 gigabit RJ45 copper
8
Integrated SSL
Accelerator
Yes — The accelerator works with all other installed network modules
No
Compatible appliances
• S4016
• S5032
• S6032
S8-SFP
S6-SFP+
1 gigabit SFP fiber 8
10 gigabit SFP+ fiber
6
No
No
• S4016
• S5032
• S6032
• S7032
• S4016
• S5032
• S6032
• S7032
• S4016
• S5032
• S6032
• S7032
Introducing the appliances |
7
Table 3: Network modules for model 1402-C3
Model
MOD-EM1-GE-4 (GE4)
MOD-EM1-GE-8 (GE8)
MOD-EM1-GE-SFP-4 (GE4SFP)
Type
1 gigabit RJ45 copper
1 gigabit RJ45 copper
1 gigabit SFP fiber
MOD-EM1-10G-SFP-2 (10GSFP2) 10 gigabit SFP+ fiber
MOD-EM1-10G-SFP-4 (10GSFP2) 10 gigabit SFP+ fiber
2
4
8
4
Ports
4
Fiber transceivers
These types of fiber transceivers are available.
SFP transceivers
These small form-factor pluggable (SFP) transceivers are compatible with the S8-SFP network module.
Table 4: SFP transceivers
Model
MT9101A (black handle)
Ethernet type Wavelength
1000BASE-SX 850 nm
MT9102A (blue handle)
1000BASE-LX 1310 nm
Distance
• Up to 550 meters on
50/125 µm multi-mode fiber
• Up to 300m on 62.5/125
µm multimode fiber
Up to 10 kilometers on
9/125 µm singlemode fiber
Ethernet speed Connector type
1 gigabit LC
1 gigabit LC
SFP+ transceivers
These enhanced small form-factor pluggable (SFP+) transceivers are compatible with the S6-SFP+ network module.
Table 5: SFP+ transceivers
Model
MT9107 (black handle)
MT9108 (blue handle)
Ethernet type
10GBASE-SR
10GBASE-LR
Wavelength
850 nm
1310 nm
Distance
Up to 300 meters on OM3 multimode fiber
Up to 10 kilometers on single-mode fiber
Ethernet speed Connector type
10 gigabit LC
10 gigabit LC
Introducing the appliances |
8
Identifying network ports
The following sections describe how physical network ports correlate with software interface names.
Models S4016, 1402-C3, S5032, and S6032
The Ethernet ports on network modules are physically labeled. These port labels, combined with network module location, correspond to Sidewinder NIC names for software version 8.1.1 and later.
Software NIC names for network ports are derived from a combination of two factors:
• Ethernet port number (labeled on the network module)
• Network module bay number where the Ethernet port is installed
This information is combined to create the NIC name as follows:
<module bay number>-<Ethernet port number>
For example, port 3 in network module bay 2 is named 2–3. The following table shows the NIC names for an example S5032 configuration.
Table 6: Example S5032 configuration
3
4
Network module bay
1
2
Module type
SC8-UTP (8 ports)
S6-SFP+ (6 ports)
S8-UTP (8 ports)
S8-SFP (8 ports)
Software NIC names
1–0 to 1–7
2–0 to 2–5
3–0 to 3–7
4–0 to 4–7
Model S7032
You will need to determine which ESXi network adapter corresponds to a given network port.
1. Connect the network port to an active network.
2. In the VMware vSphere client, view the network adapters.
3. Find the network adapter that corresponds to the network port you connected in Step 1. Use the following columns to identify the correct network adapter:
• Speed
• Observed IP ranges
Types of Management ports
Sidewinder models S4016, S5032, S6032, and S7032 have dedicated management ports and a Remote
Management Module (RMM) port.
Note: Model 1402-C3 does not have an RMM. Use any of the fixed Ethernet ports as a management port.
Introducing the appliances |
9
Dedicated management ports
Dedicated management ports are 10/100/1000 RJ45 copper ports that provide additional network connection options for management traffic.
Supported types of network traffic
Dedicated management ports can be used for these types of network traffic.
• Firewall administration, including:
• Sidewinder Admin Console
• Forcepoint
™ Sidewinder ® Control Center
• Secure Shell
• Logging to remote Syslog servers.
• High Availability heartbeat
Note: Network ports on the network modules can also be used for these types of traffic.
Identifying management ports and NICs
The following table shows the dedicated management ports and corresponding NIC names.
Table 7: Dedicated management ports
Model
S4016
S5032
S6032
S7032
Management ports
1
2
2
2
NIC names
mgr1
• mgr1
• mgr2
• mgr1
• mgr2
• mgr1
• mgr2
Remote Management Module port
The Remote Management port is a 10/100 RJ45 copper port that provides system management features independent from the Sidewinder operating system.
Note: The Remote Management Module port cannot be used by Sidewinder and the port does not appear in the list of firewall interfaces.
Features
You can use the Remote Management Module web interface to furnish these tasks.
• View system information
• View system health, including:
• Sensor readings
• Event log
Introducing the appliances |
10
• Control the appliance remotely using console redirection
• Turn the appliance on or off
Types of replaceable hardware components
There are two types of replaceable hardware components: hot-swap capable and non-hot-swap capable.
Hot-swap capable components
Components that are hot-swap capable can be installed or uninstalled while the appliance is operating. These components are the hot-swap capable.
• SFP and SFP+ transceivers
• Power supplies
• Hard drives
CAUTION: The hard drive in the 1402-C3 model is not hot-swap capable and should only be serviced by a qualified technician.
Non-hot-swap capable components
Components that are not hot-swap capable must be installed or uninstalled when the appliance is turned off and disconnected from the power source. These are the non-hot-swap capable components.
• Network modules
• RAID batteries
Regulatory information
In compliance with Federal Communications Commission (FCC) regulations, this section provides information about the appliance models and contact information.
Model information
This regulatory information applies to Sidewinder S4016, 1402-C3, S5032, S6032, and S7032 models.
Table 8: Regulatory model information
Sidewinder model
S4016
1402-C3
S5032
S6032
S7032
Regulatory model
SR1602
Series 1400
SR2604
SR2604
SR2604
Introducing the appliances |
11
Contact information
Use the following information to contact us.
Forcepoint LLC
10900-A Stonelake Blvd
Quarry Oaks 1, Ste 350
Austin, TX 78759
USA
+1-800-723-1166
Introducing the appliances |
12
Installing hardware components
Install compatible hardware components like network modules, fiber transceivers for an appliance. Use this section to replace or remove hardware components.
Verifying compatibility
Before you install a hardware component, make sure it is compatible with the appliance. If you are installing fiber transceivers, make sure they are compatible with the network module(s).
Network modules and fiber transceivers
The table shows network module compatibility with fiber transceivers and appliance models.
Table 9: Network module compatibility
Network module
SC8-UTP
Compatible fiber transceivers
N/A
S8-UTP
S8-SFP
N/A
• MT9101A (1000BASE-SX)
• MT9102A (1000BASE-LX)
Compatible appliances
• S4016
• S5032
• S6032
• S4016
• S5032
• S6032
• S7032
• S4016
• S5032
• S6032
• S7032
S6-SFP+
• MT9107 (10GBASE-SR)
• MT9108 (10GBASE-LR)
• S4016
• S5032
• S6032
• S7032
1402-C3 MOD-EM1-GE-SFP-4 (GE4SFP)
• MT9101A (1000BASE-SX)
• MT9102A (1000BASE-LX)
MOD-EM1-10G-SFP-2 (10GSFP2) • MT9107 (10GBASE-SR)
• MT9108 (10GBASE-LR)
1402-C3
Installing hardware components |
13
Other hardware components
The table shows hardware component compatibility with appliance models.
Table 10: Hardware component compatibility
Hardware component
S4016
X
1402-C3
Appliance models
S5032
1U Power supply
1402-C3 power supply
2U Power supply
146 GB hard drive
600 GB hard drive
RAID battery
X
X
X
X
X
S6032
X
X
X
S7032
X
X
X
Install or replace the network module
You must install an interface module or a placeholder module in each slot before making the appliance operational.
CAUTION: Network modules are not hot-swap capable. Always turn off the appliance and disconnect both power cable before installing or uninstalling network modules.
• If the appliance is deployed in a production environment, schedule a maintenance interval to perform the installation procedure.
• Gather the following items:
• Number 2 Phillips screwdriver
• Anti-static wrist strap
Note: A disposable anti-static wrist strap is included with the new network module.
• Verify hardware compatibility:
• Make sure that the network module is compatible with your appliance model.
• If you are installing a new fiber module, make sure that you have compatible fiber transceivers.
• If you are installing a replacement network module, identify which network module bay contains the failing module.
CAUTION: Electrostatic discharge (ESD) can damage electronic components. Always take ESD precautions when handling hardware components. We recommend that you perform all steps at an ESD workstation. If an ESD workstation is not available, provide protection by wearing an antistatic wrist strap attached to the chassis ground (any unpainted metal surface on the appliance).
1. Turn off the appliance and disconnect the power cables.
Installing hardware components |
14
CAUTION: The power button does not completely turn off power to the appliance. Make sure that both power cables are unplugged before you begin working on the appliance.
2. Put on the anti-static wrist strap and attach the other end to the appliance chassis.
3. Prepare the network module bay.
1. If needed, use a number 2 Phillips screwdriver to loosen the screws on the installed network module or network module bay cover.
2. Pull on the installed network module or network module bay cover to remove it.
4. Remove the new network module from the anti-static packaging.
5. Slide the new module into the empty network module bay.
6. If needed, secure the network module by tightening the fasteners with the screwdriver.
7. If you removed a network module from the appliance, place it into the anti-static packaging that came with the new module.
8. Reconnect the power cables, then turn on the appliance.
Related concepts
on page 13
Before you install a hardware component, make sure it is compatible with the appliance. If you are installing fiber transceivers, make sure they are compatible with the network module(s).
Install or remove fiber transceivers
This section describes how to install or remove fiber transceivers.
Verify that the fiber transceivers are compatible with the network module.
Related concepts
on page 13
Before you install a hardware component, make sure it is compatible with the appliance. If you are installing fiber transceivers, make sure they are compatible with the network module(s).
Install a fiber transceiver
Perform these steps to install a fiber transceiver into a compatible network module.
1. Clear the SFP socket where the transceiver will be installed.
• If the socket is empty, remove the cover and keep it for future use.
• If the socket is populated with a failed transceiver, remove it.
2. Remove the SFP transceiver from the protective packaging.
3. Slide the SFP transceiver into the SFP socket on the network module until it snaps into place.
• S6-SFP+ network module — Insert the transceiver with the label down.
•
S8-SFP network module:
• If the SFP socket is located in the top row, insert the transceiver with the label up.
• If the SFP socket is located in the bottom row, insert the transceiver with the label down.
Note: The SFP transceiver will not snap into place if it is inserted upside down.
4. [Optional] Connect a fiber cable to the SFP transceiver.
1. Remove the protective plug and keep it for future use.
2. Insert the fiber cable into the SFP transceiver.
Installing hardware components |
15
Remove a fiber transceiver
Perform these steps to remove a fiber transceiver from a network module.
1. If a fiber cable is connected to the transceiver, disconnect the cable, then place dust caps over the exposed ends of the cable.
2. Release the latch on the SFP transceiver by rotating it to the horizontal position.
3. Gently pull the latch straight out to remove the SFP transceiver from the network module.
4. Rotate the latch back to normal position.
5. Place a protective plug over the exposed optics on the SFP transceiver, if one is not already present.
6. Place an SFP cover over the empty SFP socket on the network module.
Replace the hard drive
Each model S4016, S5032, S6032, or S7032 appliance uses hot-swap hard drives connected to a RAID controller. The RAID controller allows the system to continue operating in the event that a single disk drive fails. A single failed hard drive can be replaced while the system is still operational.
To replace a hard drive, make sure these prerequisites are met:
• The appliance must have no more than one failed hard drive.
Note: If two or more hard drives have failed, contact technical support for assistance with recreating the RAID array and restoring the firewall image.
• The replacement hard drive must be the same size or larger than the failed drive.
1. Identify the failed hard drive.
Tip: A failed hard drive typically has an amber indicator light.
2. Remove the failed hard drive from the appliance.
1. Press the aqua latch on the failed hard drive to release the spring-loaded black handle.
2. Remove the failed hard drive from the appliance by pulling on the black handle.
3. Prepare the replacement hard drive.
1. Remove the replacement hard drive from the protective packaging.
2. Compare the replacement hard drive to the failed hard drive to make sure the replacement hard drive has similar or greater capacity.
Note: A smaller hard drive will not work. Contact technical support if you received a replacement hard drive that is smaller than the failed hard drive.
3. Press the aqua latch to release the spring-loaded black handle.
4. Insert the replacement hard drive into the appliance.
1. Slide the drive into the empty hard drive bay until it is fully seated.
2. Press the black handle until it latches.
3. If the appliance is turned off, turn it on.
After the drive is inserted, the RAID controller begins the rebuild operation. When the rebuild operation begins, each hard drive shows activity. You can monitor the rebuild process:
•
Models S4016, S5032, and S6032
— RAID messages appear on the system console.
•
Model S7032
— The VMware vSphere Client shows RAID status.
CAUTION: Do not turn off the appliance until the rebuild operation is complete.
Installing hardware components |
16
Note: Performance is reduced while the rebuild operation takes place.
5. Place the failed hard drive in the packaging materials from the replacement hard drive.
Related concepts
on page 13
Before you install a hardware component, make sure it is compatible with the appliance. If you are installing fiber transceivers, make sure they are compatible with the network module(s).
Replace the power supply
In the event of a failure, replace the power supply.
• Verify that the replacement power supply is compatible with your appliance model.
• Identify the failed power supply.
Each model has dual supplies that allow the appliance to continue operating if one power supply fails. The power supplies are hot-swappable, so a single power supply can be replaced while the system is still operating.
Note: We recommend using both power supplies in normal operation so that two power supplies share the load.
A power supply can be replaced while the appliance is turned on and running or when the appliance is turned off.
1. Disconnect the power cable from the failed power supply.
2. Remove the failed power supply.
1. Unlatch the failed power supply.
• Model S4016 — Press the aqua handle down.
• Model 1402-C3 — Press the black handle sideways.
• Model S5032, S6032, and S7032 — Press the aqua handle sideways toward the black handle.
2. Continue pressing the handle and remove the power supply, holding the handle if needed.
3. Remove the replacement power supply from the protective packaging.
4. Slide the replacement power supply into the appliance until it is fully seated and the latch has engaged.
5. Connect the power cable to the replacement power supply.
Related concepts
on page 13
Before you install a hardware component, make sure it is compatible with the appliance. If you are installing fiber transceivers, make sure they are compatible with the network module(s).
Replace the RAID battery
This section describes how to replace a RAID battery in a model S5032, S6032, or S7032 appliance. The battery provides power to the cache memory of the RAID controller in the event of sudden power loss.
CAUTION: RAID batteries are not hot-swap capable. Always turn off the appliance and disconnect both power cords before installing or uninstalling a RAID battery. Never operate the appliance without the RAID battery installed.
Perform these tasks before replacing a RAID battery.
Installing hardware components |
17
• If the appliance is deployed in a production environment, schedule a maintenance interval to perform the replacement procedure.
• Gather the following items:
• Number 2 Phillips screwdriver
• Anti-static wrist strap
Note: A disposable anti-static wrist strap is included with the new RAID battery.
1. Turn off the appliance and disconnect the power cables.
CAUTION: The power button does not completely turn off power to the appliance. Make sure that both power cords are unplugged before you begin working on the appliance.
2. Put on the anti-static wrist strap and attach the other end to the appliance chassis.
3. Remove the old battery and tray from the appliance.
1. Find the battery tray, which is located between the network module bays and the hard drive bays.
2. Use a number 2 Phillips screwdriver to loosen the screws on the battery tray.
3. Pull the battery tray out of the appliance.
Note: The battery is connected to the appliance by a cable, which is long enough to allow you to remove the tray from the appliance.
4. Gently unplug the cable from the battery.
4. Remove the old battery from the tray.
1. Completely unscrew all three screws on the underside of the tray. Do not discard.
2. Disconnect the circuit board from the battery by pressing the small clip and sliding it out.
3. Gently disconnect the wire harness from the circuit board.
5. Attach the new battery to the old tray.
1. Connect the wire harness from the battery to the circuit board.
2. Seat the circuit board on the battery sliding it in and then press the small clip to secure it in place.
6. Install the replacement battery and tray into the appliance.
1. Connect the three screws and standoffs on the underside of the tray.
2. Gently plug the cable into the new battery.
3. Slide the battery tray into the appliance.
4. Use a number 2 Phillips screwdriver to tighten the screws on the battery tray.
7. Reconnect the power cords, then turn on the appliance.
8. Place the old battery in the packaging materials from the replacement battery.
Installing hardware components |
18
Configuring the management ports
You must enable the dedicated management ports, Remote Management Module, and connect to the Remote
Management Module web interface to manage network traffic.
Note: Model 1402-C3 does not have a RMM. Use any of the fixed Ethernet ports as a management port.
Configure a dedicated management port
The dedicated management ports are disabled by default. To configure and enable a dedicated management port, perform these steps.
1. Create a zone for the management network.
2. Configure the NIC that corresponds to the dedicated management port and assign it to the management zone.
3. Create or modify access control rules to allow the appropriate management traffic.
Related concepts
Dedicated management ports on page 10
Dedicated management ports are 10/100/1000 RJ45 copper ports that provide additional network connection options for management traffic.
Configure the Remote Management Module
The Remote Management Module is disabled by default. Perform these tasks to configure and use the Remote
Management Module port.
If the appliance is deployed in a production environment, schedule a maintenance interval to enable the Remote
Management Module.
Related concepts
Remote Management Module port on page 10
The Remote Management port is a 10/100 RJ45 copper port that provides system management features independent from the Sidewinder operating system.
Connect the Remote Management Module port
To use the Remote Management Module, connect the Remote Management Module port to a network.
CAUTION: We recommend connecting the Remote Management Module port to a dedicated management network that meets the security needs of your organization.
Enable the Remote Management Module
Perform these steps to configure and enable the Remote Management Module.
1. Enter the appliance BIOS menu.
1. Restart or turn on the appliance.
Configuring the management ports |
19
2. Press F2 to enter the BIOS menu.
3. Navigate to the
Server Management
tab.
4. Select
BMC LAN Configuration
.
2. Configure the following options:
• IP address
• Subnet mask
• Gateway IP address
3. In the User configuration area, specify at least one user that will be allowed to access the appliance from a remote host.
1. In the
User ID
field, select the user ID that you want to configure.
Tip: The appliance has five user IDs for user information: anonymous, root, User3,
User4, and User5. Each user ID can be enabled or disabled and assigned a privilege.
2. Configure the following options:
• Privilege
• User name
• User password
3. In the
User status
field, select
Enable
to activate the user ID.
4. Press F10 to exit the BIOS and save the changes.
Connect to the Remote Management Module web interface
Perform these steps to connect to the Remote Management Module web interface from a remote computer.
1. In a web browser, go to https://
<IP of Remote Management Module>
. The first time you connect, accept the SSL certificate.
2. Specify a user name and password, then click
Login
. The homepage appears.
3. Click the tab that corresponds to the task you want to perform.
Tip: For option descriptions, click
Help
.
Table 11: Web interface tabs
Tab
System Information
Server Health
Configuration
Remote Control
Task
View appliance information
• View sensor readings
• View the event log
• Configure Remote Management Module network settings
• Manage Remote Management Module users
• Upload a new SSL certificate
• Configure LDAP (Lightweight Directory Access
Protocol)
• Access the appliance console
• Turn the appliance on or off
Configuring the management ports |
20
CAUTION: When modifying network settings for the Remote Management Module on the
Configuration tab, select
Intel(R) RMM3
from the
LAN Channel
drop-down list. Do not configure the Baseboard Mgmt LAN channel.
Configuring the management ports |
21
Re-imaging an appliance
Serious issues might require you to re-install or re-image your Sidewinder.
Re-imaging without external media
Sidewinder models S4016, S5032, S6032, and S7032 include an integrated device that allows the appliances to be re-imaged without external media.
The integrated device includes two software versions — the current version that is pre-installed on the appliance and the previous version.
CAUTION: Re-imaging an appliance removes all configuration and log data.
Update the eUSB device
You can use the eUSB Flashing Utility to update the versions available on the eUSB device.
Verify that your appliance has an integrated eUSB device.
Select the type of media for the eUSB Flashing Utility image.
• USB — The USB drive must be 2 GB or larger.
• DVD — S models do not have a DVD drive — an external USB DVD drive is needed.
Note: We recommend using USB media.
The versions that shipped with your appliance might not be the most current, or you might have different eUSB versions throughout your network. With the eUSB Flashing utility, you can update the versions available for your appliances.
Important: Do not use the eUSB flashing utility with 1402-C3 or S7032 models.
1. Download the update tool.
1. Go to http://secure.mcafee.com/apps/downloads/my-products/login.aspx
.
2. Enter your grant number, then navigate to the appropriate product and version.
3. Select the eUSB Flashing Utility file and write the image to a DVD or USB drive.
• USB drive
1. Download the USB .img image.
2. Write the image to the USB drive.
Note: See KnowledgeBase article KB69115 for instructions.
• DVD
1. Download the .iso image.
2. From your local hard drive, right-click the .iso image file and select
Burn disk image
.
3. When prompted, insert a blank DVD disc.
2. Restart the appliance to the media you created.
1. Insert the media into the appliance.
Re-imaging an appliance |
22
2. Restart the appliance.
3. When
Press <F2> to enter SETUP, <F6> Boot Menu, <F12> for Network Boot
appears on the screen, press F6.
4. Select the drive that the media is in.
5. When prompted
Would you like to update your eUSB image?
, select
Yes
.
The eUSB Flashing Utility opens and searches for the eUSB device.
6. When the device is found, select
Yes
to proceed.
Note: If the eUSB device cannot be found, the system shows an error message and prompts you to restart.
3. When complete, you are prompted to restart; select
Yes
.
4. After the system restarts, remove the media.
Re-image the appliance
Perform these steps to re-image an appliance.
If the appliance is deployed in a production environment, schedule a maintenance interval to re-image.
If you need to re-image your appliance, use the integrated installation media to install a fresh image.
Re-image a model S4016, S5032, and S6032 appliance
Perform these steps to re-image your appliance.
1. Connect your appliance to a monitor and keyboard or serial console.
2. Restart or turn on the appliance.
3. During startup, press F6 to access the one-time boot settings.
4. From the list of boot options, select
McAfee Firewall
.
The appliance boots from the integrated installation media and displays standard boot-up information.
5. On the welcome menu, select the appropriate option.
• If you are using a mouse and keyboard, type
1, then press Enter.
• If you are using a serial console, type 4, then press Enter.
The appliance continues starting.
6. When prompted, choose the version you want to install.
1. Use the arrow keys and spacebar to select the version.
2. Select
OK
, then press Enter.
Installation begins. When the operation completes, a menu appears.
7. On the post-installation menu, select
Reboot
, then press
Enter.
The appliance restarts and boots the Sidewinder version you installed.
8. Provide the initial configuration using one of these methods:
• Insert a USB drive containing a disaster recovery backup into one of the appliance USB ports.
• Use the Quick Start Wizard on a Windows-based computer to create an initial configuration file and save it to a USB drive, then insert the USB drive into the appliance.
• Complete the text-based Quick Start Wizard at the appliance terminal.
Re-imaging an appliance |
23
Re-image a model 1402-C3 appliance
The 1402-C3 model does not have an eUSB, so you must download the media to re-image the appliance.
Select the type of media for the image.
• USB — The USB drive must be 2 GB or larger. If you use a USB hub, it must be powered.
• DVD — A powered, external USB DVD drive is required (the Model 1402-C3 does not have a DVD drive).
Note: We recommend using USB media.
1. Download the image.
1. Go to http://secure.mcafee.com/apps/downloads/my-products/login.aspx
.
2. Enter your grant number, then navigate to the appropriate product and version.
3. Select the correct image file and write the image to a DVD or USB drive.
• USB drive
1. Download the USB .img image.
2. Write the image to the USB drive.
• DVD
1. Download the .iso image.
2. From your local hard drive, right-click the .iso image file and select
Burn disk image
.
3. When prompted, insert a blank DVD disc.
2. Restart the appliance from the media you created.
1. Insert the media into the appliance.
2. Restart the appliance.
3. When
Press <F2> to enter SETUP, <F6> Boot Menu, <F12> for Network Boot
appears on the screen, press F6.
4. Select the drive that the media is in.
The appliance completes the imaging process.
5. When prompted, remove the media and restart the system.
3. Follow the
Quick Start Wizard
prompts.
When the wizard is completed, you are prompted to log on.
Re-image a model S7032 appliance
For re-imaging instructions, see the McAfee Firewall Enterprise, Multi-Firewall Edition Installation Guide, model
S7032.
Re-imaging an appliance |
24
Diagnosing hardware problems
Sidewinder models S4016, S5032, S6032, and S7032 include an integrated hardware diagnostics tool you can use to diagnose hardware problems. The 1402-C3 model uses an external IDT CD or USB drive.
Note: For details about how to create an IDT CD or USB drive, see the Intel Diagnostics Tool for
McAfee Appliances Instructions. The 1402-C3 model uses IDT version 3.2.5044 or later.
Run hardware diagnostics
The diagnostics utility is independent of the appliance operating system, so the appliance must be restarted to run the diagnostics.
• If the appliance is deployed in a production environment, schedule a maintenance interval to run hardware diagnostics.
• Make sure that your appliance is not connected to a network.
• If your appliance does not have an integrated eUSB, create an IDT CD or USB drive.
Note: If you want to run a comprehensive test on the NIC ports, use a crossover cable to connect any network port to another port in the same system.
Use these high-level steps to run diagnostics on your appliance.
Note: For complete instructions, see the Intel Diagnostics Tool for McAfee Appliances
Instructions.
1. Determine the IDT media source — eUSB, CD, or USB drive.
CAUTION: If you use the eUSB IDT, the test logs cannot be saved.
2. Complete any necessary tasks to prepare your appliance.
If external media is used, insert the CD or USB drive during this step.
3. Start the diagnostic utility.
4. Run the hardware test.
5. [Optional] Run another type of test.
6. Exit the diagnostic utility.
7. [Optional] View the log created by the test with the edit fsz:\result.log
command.
8. If external media was used, remove it.
9. Restart the appliance with the reset
command.
View the system event log
Depending on your model, you can view the system event log (SEL) by connecting to the Remote Management
Module or by using the system event log viewer.
Note: The 1402-C3 model does not have an integrated SEL viewer. Use the SEL viewer available on the external IDT media; for instructions, see the Intel Diagnostics Tool for McAfee
Appliances Instructions.
Diagnosing hardware problems |
25
Use the Remote Management Module
To view the system event log from a remote location, use the Remote Management Module.
1. In a web browser, go to https://
<IP of Remote Management Module>
.
2. Specify your credentials and log on.
3. Click the
Server Health
tab.
4. Click
Event Log
.
Use the integrated system event log viewer
If you have local access to the appliance, use the integrated system event log viewer to view the system event log.
Note: If the Sidewinder IPMI daemon (ipmid) is enabled, system event log events are converted to firewall audit entries and removed from the system event log. If you want to use the system event log to monitor hardware events instead of the firewall audit, disable ipmid by running the command cf daemond disable agent=ipmid.
1. Connect your appliance to a monitor and keyboard.
2. Restart or turn on the appliance.
3. When the appliance starts, press F6 to access the one-time boot settings.
4. From the list of boot options, select
Internal EFI Shell
.
The EFI shell starts and a countdown timer appears. When the countdown is complete, the
Intel Diagnostic
Tool
menu appears.
CAUTION: Wait for the countdown to finish. Do not press any key.
5. At the fs0:\>
prompt, run the
sel
command. The system event log viewer appears.
Tip: For instructions on how to use the system event log viewer, select
Help
.
Diagnosing hardware problems |
26
Status indicator lights
Sidewinder models S4016, S5032, S6032, and S7032 feature several indicator lights on the appliance to help determine the status of various hardware components.
S4016 control panel indicator lights
The control panel of S4016 models has four status indicator lights. The control panel is found on the front of the chassis.
Figure 4: S4016 control panel indicator lights
1. NIC 1
2. System power
3. System status
4. Hard drive activity
5. Power button
6. USB port
The following table summarizes the indicator light states and the corresponding hardware component status.
Table 12: S4016 indicator light states
Indicator light
NIC 1
System power
Disk activity
Color
Green
Green
Off
Green
Off
State
Solid
Blink
Solid
Off
Random blink
Off
Status
NIC link/no access
LAN access
Power on
Power off
Hard disk activity in progress
No hard disk activity
The following table describes the system status indicator light.
Diagnosing hardware problems |
27
Table 13: S4016 system status indicator light
Color
Green
State
Solid
Blink
Amber
Off
Blink
Solid
Off
Status
System booted and ready
System degraded:
• Non-critical temperature threshold asserted
• Non-critical voltage threshold asserted
• Non-critical fan threshold asserted
• Fan redundancy lost, sufficient system cooling maintained
Note: This does not apply to nonredundant systems.
• Power supply predictive failure
• Power supply redundancy lost
Note: This does not apply to nonredundant systems.
• Correctable errors over a threshold of 10 and migrating to a mirrored DIMM (memory mirroring)
Note: This indicates the appliance no longer has spare DIMMs indicating a redundancy lost condition. The corresponding DIMM indicator light should light up.
Non-fatal alarm — System is likely to fail:
• CATERR asserted
• Critical temperature threshold asserted
• Critical voltage threshold asserted
• VRD hot asserted
• SMI Timeout asserted
Fatal alarm — System has failed or shut down:
• CPU missing
• Thermal Trip asserted
• Non-recoverable temperature threshold asserted
• Non-recoverable voltage threshold asserted
• Power fault/Power Control Failure
• Fan redundancy lost, insufficient system cooling
Note: This does not apply to nonredundant systems.
• Power supply redundancy lost insufficient system power
Note: This does not apply to nonredundant systems.
System powered off
Diagnosing hardware problems |
28
1402-C3 control panel indicator lights
The control panel of the 1402-C3 model has four status indicator lights. The control panel is found on the front of the chassis.
Figure 5: 1402-C3 control panel indicator lights
1. Power
2. Warning
3. Disk activity
4. UID
The following table summarizes the indicator light states and the corresponding hardware component status.
Table 14: 1402-C3 indicator light states
Indicator light
Power
Warning
Disk Activity
UID
Color
Green
Red
Red
Yellow
Blue
State
Solid
Solid
Solid
Blinking
Flashing
Solid
Status
The appliance is in a running state.
The appliance is in a standby state.
The appliance is overheating.
There is a fan failure or system failure.
Indicates SSD activity.
The UID indicator has been switched on.
Diagnosing hardware problems |
29
S5032, S6032, and S7032 control panel indicator lights
The control panel of S5032, S6032, and S7032 models has five status indicator lights. The control panel is found on the front of the chassis.
Figure 6: S5032, S6032, and S7032 control panel indicator lights
1. NIC 1
2. NIC 2
3. System power
4. System status
5. Hard drive activity
6. Power button
7. USB port
The following table summarizes the indicator light states and the corresponding hardware component status.
Table 15: S5032, S6032, and S7032 indicator light states
Indicator light
NIC 1/NIC 2
System power
Disk activity
Color
Green
Green
Off
Green
Off
State
Solid
Blink
Solid
Off
Random blink
Off
Status
NIC link/no access
LAN access
Power on
Power off
Hard disk activity in progress
No hard disk activity
The following table describes the system status indicator light.
Table 16: S5032, S6032, and S7032 system status indicator light
Color
Green
State
Solid
Blink
Status
System booted and ready
System degraded:
• Non-critical temperature threshold asserted
Diagnosing hardware problems |
30
Color
Amber
State
Blink
Solid
Status
• Non-critical voltage threshold asserted
• Non-critical fan threshold asserted
• Fan redundancy lost, sufficient system cooling maintained
Note: This does not apply to nonredundant systems.
• Power supply predictive failure
• Power supply redundancy lost
Note: This does not apply to nonredundant systems.
• Correctable errors over a threshold of 10 and migrating to a mirrored DIMM (memory mirroring)
Note: This indicates the appliance no longer has spare DIMMs indicating a redundancy lost condition. The corresponding DIMM indicator light should light up.
Non-fatal alarm — System is likely to fail:
• CATERR asserted
• Critical temperature threshold asserted
• Critical voltage threshold asserted
• Critical fan threshold asserted
• VRD hot asserted
• SMI Timeout asserted
Fatal alarm — System has failed or shut down:
• Thermal Trip asserted
• Non-recoverable temperature threshold asserted
• Non-recoverable voltage threshold asserted
• Power fault/Power Control Failure
• Fan redundancy lost, insufficient system cooling
Note: This does not apply to nonredundant systems.
Note: This state also occurs when AC power is first applied to the system.
This indicates the BMC is booting.
System powered off Off Off
Power supply indicator lights
Each power supply module installed on an appliance has a single indicator light to indicate the power supply status.
The following tables describe the indicator light states and the corresponding power supply status.
Diagnosing hardware problems |
31
Table 17: Power supply indicator light states for S4016, S5032, S6032, or S7032 models
Color
Green
Amber
Off
State
Solid
Blink
Solid
Blink
Off
Status
One of the following:
• Output ON and OK
• Active state (for 1+1 cold redundant power supplies configuration)
One of the following:
• AC present/Only 5 VSB on (PS Off)
• Cold standby state (for 1+1 cold redundant power supplies configuration)
One of the following:
• No AC power to this PSU only (for 1+1 configuration)
• Power supply critical event causing a shutdown:
Failure, fuse blown (1+1 only), OCP, OVP, fan failed.
Power supply warning events where the power supply continues to operate: high temp, high power, high current, slow fan
No AC power to all power supplies
Table 18: Power supply indicator light states for the 1402-C3 model
Color
Green
Red
Off
State
Solid
Solid
Blink
Off
Status
Output ON and OK
Power supply critical event causing a shutdown
No AC power to this PSU only
No AC power to all power supplies
Copyright © 1996 - 2016 Forcepoint LLC
Forcepoint™ is a trademark of Forcepoint LLC.
SureView®, ThreatSeeker®, TRITON®, Sidewinder® and Stonesoft® are registered trademarks of Forcepoint LLC.
Raytheon is a registered trademark of Raytheon Company.
All other trademarks and registered trademarks are property of their respective owners.
Diagnosing hardware problems |
32
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project