目录
1产品介绍 ············································································································································ 1-1
1.1 产品简介············································································································································ 1-1
1.2 F1000-E产品外观 ······························································································································ 1-1
1.3 F1000-S-EI产品外观 ························································································································· 1-2
1.4 接口模块············································································································································ 1-3
1.4.1 4GBE/8GBE ··························································································································· 1-3
1.4.2 1EXP ······································································································································ 1-3
1.4.3 4GBP ······································································································································ 1-4
1.4.4 NSQ1GT2UA0 ························································································································ 1-4
1.4.5 NSQ1GP4U0 ·························································································································· 1-5
1.5 接口模块与设备适配关系 ·················································································································· 1-5 2安装前准备工作 ································································································································· 2-1
2.1 安全注意事项····································································································································· 2-1
2.1.1 安全标志 ································································································································· 2-1
2.1.2 通用安全建议 ·························································································································· 2-1
2.1.3 用电安全 ································································································································· 2-1
2.1.4 激光安全 ································································································································· 2-1
2.1.5 搬运安全 ································································································································· 2-2
2.2 安装场所要求····································································································································· 2-2
2.2.1 承重要求 ································································································································· 2-2
2.2.2 温度/湿度要求 ························································································································· 2-2
2.2.3 洁净度要求······························································································································ 2-3
2.2.4 通风要求 ································································································································· 2-3
2.2.5 防静电要求······························································································································ 2-4
2.2.6 电磁环境要求 ·························································································································· 2-5
2.2.7 防雷击要求······························································································································ 2-5
2.2.8 空间要求 ································································································································· 2-6
2.2.9 供电要求 ································································································································· 2-6
2.3 安装工具············································································································································ 2-6
2.4 安装附件············································································································································ 2-6
2.5 安装前的Checklist ····························································································································· 2-7 3防火墙的安装 ····································································································································· 3-1
3.1 防火墙的安装流程 ····························································································································· 3-1
3.2 安装前的确认····································································································································· 3-1
3.3 打开包装箱 ········································································································································ 3-2
3.4 安装防火墙到工作台·························································································································· 3-2
3.5 安装防火墙到19英寸机柜 ················································································································ 3-2
3.5.1 安装F1000-E到机柜················································································································ 3-2
3.5.2 安装F1000-S-EI到机柜 ··········································································································· 3-6
3.6 连接保护地线····································································································································· 3-7
3.7 安装CF卡··········································································································································· 3-9
3.8 连接以太网线缆 ······························································································································· 3-10
3.8.1 连接以太网电口线缆 ············································································································· 3-10
3.8.2 连接以太网光接口光纤 ········································································································· 3-10
3.9 连接交流电源线 ······························································································································· 3-11
3.9.1 连接交流电源线 ···················································································································· 3-11
3.10 安装后的检查································································································································· 3-12 4安装可选配件 ····································································································································· 4-1
4.1 可选配件简介····································································································································· 4-1
4.2 安装接口模块····································································································································· 4-1
4.3 连接RPS电源线································································································································· 4-2
4.4 安装网口避雷器 ································································································································· 4-3
4.5 安装交流电源避雷器(防雷接线排) ································································································ 4-4 5防火墙的登录与基本配置 ··················································································································· 5-1
5.1 常用的登录方法 ································································································································· 5-1
5.2 通过Console口登录防火墙 ················································································································ 5-1
5.2.1 连接防火墙和配置终端 ··········································································································· 5-1
5.2.2 建立超级终端并配置终端的参数 ····························································································· 5-2
5.2.3 防火墙上电前检查··················································································································· 5-6
5.2.4 防火墙上电······························································································································ 5-6
5.2.5 上电后检查/操作 ····················································································································· 5-6
5.2.6 查看设备启动信息··················································································································· 5-7
5.3 通过Telnet登录防火墙 ······················································································································· 5-8
5.4 通过Web登录防火墙·························································································································· 5-8
5.5 通过AUX口登录防火墙 ······················································································································ 5-9
5.6 防火墙的基本配置 ··························································································································· 5-10
5.6.1 通过命令行方式配置 ············································································································· 5-10
5.6.2 通过Web方式配置················································································································· 5-11
6硬件更换 ············································································································································ 6-1
6.1 注意事项············································································································································ 6-1
6.2 更换接口模块····································································································································· 6-1
6.3 更换CF卡··········································································································································· 6-2
6.4 更换光模块 ········································································································································ 6-3 7硬件管理和维护 ································································································································· 7-1
7.1 查看设备的硬件信息·························································································································· 7-1
7.1.1 查看设备的软件及硬件版本信息 ····························································································· 7-1
7.1.2 查看设备运行的统计信息········································································································ 7-1
7.1.3 查看接口模块的详细信息········································································································ 7-3
7.1.4 查看接口模块的电子标签信息································································································· 7-4
7.1.5 查看设备CPU利用率的统计信息····························································································· 7-4
7.1.6 查看内存的使用状况 ··············································································································· 7-5
7.1.7 查看CF卡的相关信息 ·············································································································· 7-5
7.1.8 查看设备风扇的工作状态········································································································ 7-6
7.1.9 查看电源的工作状态 ··············································································································· 7-6
7.2 查看设备的温度告警门限 ·················································································································· 7-6
7.3 可插拔接口模块的识别与诊断 ··········································································································· 7-7
7.3.1 可插拔接口模块简介 ··············································································································· 7-7
7.3.2 常用可插拔接口模块简介········································································································ 7-7
7.3.3 识别可插拔接口模块 ··············································································································· 7-7
7.3.4 诊断可插拔接口模块 ··············································································································· 7-7
7.4 系统异常时的处理方式 ······················································································································ 7-8
7.4.1 配置系统异常时的处理方式 ···································································································· 7-8
7.4.2 查看系统异常时的处理方式 ···································································································· 7-8
7.5 重启设备············································································································································ 7-8 8安装故障处理 ····································································································································· 8-1
8.1 电源故障处理····································································································································· 8-1
8.2 风扇故障处理····································································································································· 8-1
8.3 配置系统故障处理 ····························································································································· 8-1
8.3.1 终端无显示故障处理 ··············································································································· 8-2
8.3.2 终端显示乱码故障处理 ··········································································································· 8-2
8.4 口令丢失的处理 ································································································································· 8-2
8.5 设备在非正常高温下工作的处理········································································································ 8-2
8.6 接口模块故障的处理·························································································································· 8-3
1 产品介绍
1.1 产品简介
H3C SecPath F1000-E防火墙(以下简称F1000-E)和H3C SecPath F1000-S-EI防火墙(以下简称F1000-S-EI)是H3C公司自主研发的、面向大中型企业用户开发的新一代专业千兆防火墙设备。
1.2 F1000-E产品外观
1. 前面板图
图1-1前面板图
交流电源开关(ON/OFF)
1: 电源线卡钩 2:
外置CF卡插槽(CF CARD)3: RPS电源输入插座(RPS) 4:
USB0(0)
5: USB1(1) 6:
:备份口(AUX)
7: 配置口(CONSOLE) 8
9: 交流电源插座(~100-240V;50/60Hz;2.5A)
2. 后面板图
图1-2后面板图
Combo口(0~3)
1: 接地端子和标识 2:
接口模块插槽(1)
3: 接口模块插槽(2) 4:
?Combo口由一个10/100/1000Mbps的电口和一个1000Mbps的光口组成。同一时刻下,Combo只能工作在电口模式或者光口模式。缺省情况下,Combo口工作在电口模式,可以在
接口视图下使用combo enable { copper | fiber }命令在光口和电口两种工作模式中进行切换。
?防火墙出厂时,光口会带上一个防尘帽,以免灰尘进入光口。
1.3 F1000-S-EI产品外观
1. 前面板图
图1-3前面板图
1: 以太网电口0~5(10/100/1000Base-T) 2:
配置口(CONSOLE)
外置CF卡插槽
3: USB口 4:
2. 后面板图
图1-4后面板图
接口模块插槽(2)
1:“OPEN BOOK”标识 2:
交流电源插座
3: 接口模块插槽(1) 4:
接地端子和标识
5: 交流电源开关(ON/OFF) 6:
1.4 接口模块
接口模块不随机提供,请用户根据需要自行选购。
1.4.1 4GBE/8GBE
4GBE/8GBE是H3C公司开发的10Base-T/100Base-TX/1000Base-T自适应以太网接口模块。该接口模块提供4/8个RJ-45接口,并且所有接口都具备三层路由功能,满足用户对不同接口密度的需求。每个接口都由一个双色指示灯来表示接口当前的运行状态。4GBE/8GBE通过10Gbps的高速总线和处理器连接,能够为用户提供高性能的三层以太网接口的全部功能。
图1-54GBE前面板图
扳手
1: 松不脱螺丝 2:
以太网电口(GE0~GE3) 3: 图1-68GBE前面板图
板手
以太网电口(GE0~GE7) 3:
1: 松不脱螺丝 2:
1.4.2 1EXP
1EXP是H3C公司开发的万兆以太网接口模块,提供1个XFP(10 Gigabit Small Form-Factor Pluggable,万兆小型封装可插拔)接口。1EXP接口模块支持LAN/WAN PHY模式的切换。
图1-7 1EXP 前面板
1: 松不脱螺丝 2: 10GE 光接口 3: 扳手
1.4.3 4GBP
4GBP 是H3C 公司开发的高速三层千兆以太网接口模块。该接口模块提供4个SFP (Small Form-Factor Pluggable ,小封装可插拔)接口,并且所有接口都具备三层路由功能。每个接口都由一个双色指示灯表示接口当前的运行状态。4GBP 通过SPI4高速总线和处理器连接,能够为用户提供高性能的三层以太网接口的全部功能。 图1-8 4GBP 前面板
1: 松不脱螺丝 2:
以太网光口(SFP 0~SFP 3) 3: 扳手
1.4.4 NSQ1GT2UA0
NSQ1GT2UA0是H3C 公司开发的高速三层千兆以太网接口模块。该模块提供2个RJ-45电口,并且所有接口都具备三层路由功能。
图1-9NSQ1GT2UA0前面板
拉手
以太网电口(GE0~GE1) 3: 1: 松不脱螺丝 2:
1.4.5 NSQ1GP4U0
NSQ1GP4U0是H3C公司开发的高速三层千兆以太网接口模块。该模块提供4个SFP光口,并且所有接口都具备三层路由功能。
图1-10NSQ1GP4U0前面板
拉手
以太网光口(SFP0~SFP3) 3:
1: 松不脱螺丝 2:
1.5 接口模块与设备适配关系
表1-1接口模块与设备适配关系表
2 安装前准备工作
2.1 安全注意事项
2.1.1 安全标志
基于防火墙的广泛应用,及其在数据通信网络中所起的重要作用,再次强调,阅读过程中请注意如下标志:
:表明该项操作不正确,可能给防火墙或防火墙操作者的人身安全带来极大危险,操作者必须严格遵守正确的操作规程。
:表示在安装、使用防火墙的过程中需要注意的操作。如果操作不正确,可能影响防火墙的正常使用。
2.1.2 通用安全建议
?请将设备放置在干燥、平整的地方,做好防滑措施,注意不要将机箱和安装工具放在行走区域内,避免无关人员随意接触设备。
?确保安装环境具有良好的接地和防雷设施,做好防静电措施。
?确保由专业人员来进行设备的安装和维护工作。
?避免设备在安装过程中受到损坏或丢失重要的配件、安装工具及配套资料。
?请安装人员在安装过程中注意自身安全,避免受到砸伤、划伤等伤害,禁止直视光纤接头以及徒手触碰通有高压电的接头。
?安装完成后应及时清理设备的包装材料,以免引起火灾。
2.1.3 用电安全
?找到外置电源开关,以备在安装和维护设备时,若发生紧急事故,可以及时切断电源;必要时,应立即拔掉设备的电源线。
?请确认防火墙正确接地。
?建议使用UPS(Uninterrupted Power Supply,不间断电源)。
?尽量不要一个人进行带电维护。
?在进行安装拆卸等操作时,尽量确保电源为关闭状态。
2.1.4 激光安全
如果光接口处于工作状态,请勿直视光接口。
防火墙属于1类激光设备。
光接口发出的激光束具有很高的能量,直视光纤内部的激光束,可能会伤害您的眼睛,因此在进行光纤链路施工时,请勿直视光纤接口。在测试光纤链路是否连通及各种参数时,建议使用专业的光纤测试设备,禁止使用显微镜、放大镜等工具观察工作中的光纤和接口。
2.1.5 搬运安全
搬运设备时需注意:
?设备出厂的包装材料可以抵御一定程度的碰撞和振动,但剧烈的撞击和跌落仍可能造成设备损坏,请确保在设备运输和拆卸包装的过程中做到轻抬轻放。
?搬运多个设备时,请使用推车等工具进行搬运。
?设备初次安装到位后,如需将设备转场,请确保在运输之前拔掉与该设备连接的所有外部电缆和挂耳。
?长距离搬运时,请拆除设备上的各种可插拔组件(如接口模块等),并使用防静电袋分别独立包装,妥善运输。在设备运输前,应将设备出厂时提供的槽位面板恢复原位,避免在运输途
中掉入异物,造成设备损坏。短距离搬运时,请确保各种可插拔组件牢固的安装在设备上,
并拧紧紧固螺丝。
?搬运过程中请确保设备随机附件的齐全,避免遗失或损坏。
2.2 安装场所要求
F1000-E/F1000-S-EI必须在室内使用,为保证防火墙正常工作并延长使用寿命,使用场所应该满足下列要求。
2.2.1 承重要求
请根据安装设备及其附件(如机柜、接口模块等)的实际重量来估计地面承重要求,并确保安装场所地面的承重能力满足此需求。有关重量的规格参数请参见“附录A 设备硬件规格”。
2.2.2 温度/湿度要求
机房内需要维持一定的温度和湿度。
?若机房内长期相对湿度过高,容易造成绝缘材料绝缘不良甚至漏电,还可能发生材料机械性能变化、金属部件锈蚀等现象。
?若机房内长期相对湿度过低,绝缘垫片会干缩并且容易引起紧固螺丝松动,在干燥的气候环境下,还容易产生静电,危害防火墙上的CMOS电路。
?温度过高危害更大,因为高温会加速绝缘材料的老化过程,使防火墙的可靠性大大降低,严重影响其使用寿命。
防火墙对温度、湿度的要求见下表。
表2-1机房温度/湿度要求
项目说明
工作环境温度0℃~45℃
存储环境温度 -40℃~70℃
表2-2机房湿度要求
项目说明
工作环境湿度 10%~95%(非凝露)
存储环境湿度 5%~95%(非凝露)
2.2.3 洁净度要求
灰尘对于防火墙的运行也是一大危害,因为室内灰尘落在机体上会造成静电吸附,使金属接插件或金属接点接触不良,不但会影响设备寿命,而且容易造成通信故障。当室内相对湿度偏低时,更易产生这种静电吸附。
防火墙对机房内的灰尘含量及粒径要求如表2-3所示。
表2-3机房灰尘含量要求
机械活性物质单位含量灰尘粒子粒/m3≤3×104(3天内桌面无可见灰尘)
注:灰尘粒子直径≥5μm
除灰尘外,防火墙机房对空气中所含的盐、酸和硫化物也有严格的要求,因为这些有害气体会加速金属的腐蚀和某些部件的老化过程。
机房内对SO2、H2S、NH3和Cl2等有害气体的具体限制值如表2-4所示。
表2-4机房有害气体限值
气体最大(mg/m3)二氧化硫SO20.2
硫化氢H2S 0.006
氨NH3 0.05 氯气Cl2 0.01
2.2.4 通风要求
防火墙采用了左进风、右出风的散热方式。为了保证防火墙具有良好的通风散热效果,要求:
?确认防火墙的入风口及通风口处留有空间(建议大于10cm),以利于防火墙机箱的散热。
?确认安装场所有良好的通风散热系统。
图2-1防火墙的散热方式(以F1000-E为例)
2.2.5 防静电要求
1. 防静电措施
为防止静电损伤,应做到:
?设备及地板良好接地。
?室内应铺设防静电地板并良好接地,确保室内防尘及温度/湿度条件满足安装要求,温度/湿度要求请参见2.2.2 温度/湿度要求。
?接触防火墙的接口模块和光模块时,应戴防静电手套或者带防静电手腕和穿防静电工作服。
?将拆卸下来的CF卡和接口模块等,以电路板面朝上的方式放置在抗静电的工作台上或者放入防静电袋中。
?观察或转移已拆卸的CF卡和接口模块时,应用手接触电路板的外边缘,避免用手直接触摸电路板上的元器件。
2. 佩戴防静电手腕
防静电手腕的使用方法如下:
(1) 将手伸进防静电手腕。
(2) 拉紧锁扣,并确认防静电手腕与皮肤接触良好。
(3) 将防静电手腕上的锁扣与鳄鱼夹上的锁扣相扣合。
(4) 将鳄鱼夹夹在设备所在的机架上。
(5) 确认机架良好接地。
佩戴防静电手腕示意图如下,以F1000-E为例:
图2-2防静电手腕示意图
锁扣 3:
防静电手腕
1: 鳄鱼夹 2:
?为了安全起见,请使用万用表检查防静电手腕的阻值。人体与地之间的电阻应该在1M~10M欧姆之间。
?防火墙不随机提供防静电手腕,需要用户自行准备。
2.2.6 电磁环境要求
防火墙使用过程中,干扰源无论是来自设备内部还是来自应用系统的外部,都是以电容耦合、电感耦合、电磁波辐射和公共阻抗(包括接地系统)耦合的传导方式对设备产生影响。为了达到更好的抗干扰效果,应做到:
?对供电系统采取有效的防电网干扰措施。
?防火墙工作地最好不要与电力设备的接地装置或者防雷接地装置合用,并尽可能相距远一些。
?远离强功率无线电发射台、雷达发射台和高频大电流设备。
?必要时采取电磁屏蔽的措施。
2.2.7 防雷击要求
尽管防火墙在设计之初,在防雷击方面作了大量的工作,但雷击强度超过一定范围时,仍有可能对防火墙造成损害。为达到更好的防雷效果,需要满足以下几点要求:
?保证机箱的保护地用保护地线与大地保持良好接触。连接保护地线的方法,请参见“3.6 连接保护地线”。
?保证交流电源插座的接地点与大地良好接触。
?可以考虑在电源的输入前端加入电源避雷器,这样可大大增强电源的抗雷击能力。安装电源避雷器的方法,请参见“4.5 安装交流电源避雷器(防雷接线排)”。
2.2.8 空间要求
?为了便于设备的安装和维护,请在用于安装设备的机柜前后预留足够的空间,建议机柜前后与墙面或其它设备的距离不小于1米。
?为了便于设备通风散热,建议机房的净高不小于3米并安装专用的空调。
2.2.9 供电要求
请确保安装场所的供电系统稳定,并能够满足电源模块额定输入电压等参数的要求。有关电源模块的规格参数请参见“附录A 设备硬件规格”。
2.3 安装工具
下表所示为安装过程中可能会使用到的工具,这些工具不随机提供,需要用户自己准备:
2.4 安装附件
交流电源线
2.5 安装前的Checklist
表2-5防火墙安装前的Checklist
项目要求
安装场所要求承重要求地面的承重能力满足设备及其附件(如机柜、接口模块等)的实际重量
工作环境温度0℃~45℃
工作环境湿度 10%~95%(非凝露)
洁净度要求灰尘粒子≤3×104粒/m3(三日内桌面无可见灰尘)
通风散热
?设备入风口及通风口处留有大于10cm的空间
?安装场所有良好的通风散热系统
防静电要求
?设备及地板良好接地
?室内防尘
?满足温度、湿度要求
?接触电路板时,戴防静电手套或者防静电手腕,穿防静电工作服
?将拆卸下来的CF卡和接口模块等,以电路板面朝上的方式放在抗静电的工作台上或者放入防静电袋中
?观察或者转移已拆卸的CF卡和接口模块时,应用手接触电路板的外边缘
电磁环境要求
?对供电系统采取有效的防电网干扰措施
?防火墙工作地不要与电力设备的接地装置或防雷接地装置合用,并尽可能相距远一些
?远离强功率无线电发射台、雷达发射台和高频大电流设备
?采取电磁屏蔽的措施
防雷击要求
?机箱的保护地良好接地
?交流电源插座的接地点良好接地
?加电源避雷器(可选)
空间要求
?设备的入风口及通风口处留有空间(建议大于10cm)
?安装场所有良好的通风散热系统
供电要求
?建议使用UPS(Uninterrupted Power Supply,不间断电源)
?明确外置电源开关位置,以备在操作设备发生事故时切断电源
项目要求
安装台?安装台足够牢固?良好接地
机柜安装要求?尽量把防火墙安装在敞开的机柜内。如果安装在密闭的机柜内,请确认机柜有良好的通风散热系统
?机柜足够牢固,能够支撑防火墙及其安装附件的重量
?机柜的尺寸适合防火墙的安装
?防火墙机柜前后与墙面或其它设备的距离不应小于0.8米
安装工具和设备?设备自带安装套件?用户自备安装套件
参考文档?设备的随机资料?网上资料
3 防火墙的安装
3.1 防火墙的安装流程
图3-1F1000-E/F1000-S-EI的安装流程
连接保护地线
安装CF卡
3.2 安装前的确认
?请确认已经仔细阅读2 安装前准备工作,并按要求完成准备工作。
?请确认已经准备好19英寸标准机柜。
?请检查机柜的接地与平稳性,并确保机柜内有足够大的位置放置待安装的机箱,机柜内部和周围没有影响机箱安装的障碍物。
?请确认已经准备好待安装的防火墙,并搬运到离机柜较近,方便安装的位置。
如果要在机柜上安装多台设备,请将重量较大的设备安装于机柜下方,并且保证机箱之间的垂直距离,以利于机箱的散热。
3.3 打开包装箱
图3-2打开包装箱
3.4 安装防火墙到工作台
在用户没有19英寸标准机柜的情况下,常用的方法就是将防火墙放置在干净的工作台上,安装过程如下:
(1) 小心地将防火墙倒置。用干燥的软布清洁机箱底板上的圆形压印区域,确保没有油污或灰尘
吸附。
(2) 将四个脚垫分别从粘贴纸上取下,粘贴到机箱底板上的四个圆形压印区域内。
(3) 将防火墙正置,放在工作台上。
操作中需要注意如下事项:
?保证工作台的平稳性与良好接地。
?防火墙四周留出10cm的散热空间。
?不要在防火墙上放置重物。
3.5 安装防火墙到19英寸机柜
3.5.1 安装F1000-E到机柜
(1) 标记浮动螺母的位置:使用前挂耳分别在机柜的两个前立柱方的孔条上标记出安装浮动螺母
的位置,然后在同一水平线上,使用后挂耳在机柜后立柱的方孔条上标记出安装浮动螺母的
位置。
图3-3标记浮动螺母的安装位置
(2) 安装浮动螺母:先将浮动螺母一端的弹片卡在机柜立柱的方孔上,使用一字螺丝刀用力顶住
另一端的弹片,将浮动螺母固定在方孔上。
图3-4安装浮动螺母
图3-5浮动螺母安装后的效果
(3) 安装后挂耳:用M6螺钉将两个后挂耳分别固定在机柜的后立柱上。
(4) 安装前挂耳到防火墙:先将挂耳上的螺钉孔与机箱侧面板上的螺钉孔对齐,并使用十字螺丝
刀顺时针拧紧螺钉,将挂耳固定到设备上。
图3-7安装前挂耳到F1000-E的两侧
(5) 安装承重螺钉到防火墙:F1000-E随机配带了2颗承重螺钉,在设备上机柜前,还需要将承
重螺钉固定到防火墙靠近后面板的两侧,以便架在后挂耳上,支撑F1000-E的后部重量。
图3-8安装承重螺钉
(6) 安装防火墙到机柜:左手托住设备的底部,右手握住设备前部,将设备水平推入机柜,并使
后挂耳恰好能够支撑柱设备的后部。用满足机柜安装尺寸要求的盘头螺钉(螺钉型号最大不得超过国标M6,表面经过防锈处理)将防火墙通过左、右前挂耳固定在机柜上,并保证位置水平和牢固。