HILLSTONE NETWORKS SG6000-G5150 FIREWALL APPLIANCE User Manual

HILLSTONE NETWORKS, INC. FIREWALL APPLIANCE Users Manual

Users Manual

      Hillstone SG-6000 Series Firewall Appliance Installation Manual       Hillstone Networks Inc. SG-6000-IM0511-4.0R4E-03
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual Name and Concentration of Toxic or Hazardous Substances and Elements in Products Toxic or hazardous substances and elements Component  Lead  Mercury  Cadmium  Cr6+  PBB  PDBE Metal parts (including fasteners)  ² | | | | | Printed circuit board assemblies and components  ² | | | | | Cables and cable assemblies  ² | | | | | Plastics and Polymers  ² | | | ² ² Electric components other than circuit boards  ² | | | | |  |: Indicates that the specified substance in the component is below the limit defined in the Requirements for Concentration Limits for Certain Hazardous Substances in Electronic Information Products (SJ/T11363-2006) issued by the Ministry of Information Industry of PRC. ²:  Indicates that the substance in one or more components exceeds the limits specified in the Requirements for Concentration Limits for Certain Hazardous Substances in Electronic Information Products (SJ/T11363-2006) issued by the Ministry of Information Industry of PRC. Note: Not all components above are included in one product. This symbol indicates the environmental cycles of all products and components. This cycle applies only to the normal operation conditions specified in this manual.
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual Preface About This Manual Thanks for choosing the network security products from Hillstone Networks, Inc. This document is an installation manual for Hillstone SG-6000 Series firewall appliance to help you install the Hillstone SG-6000 Series firewall appliance properly.   This manual includes the following chapters: • Chapter 1. Introduction • Chapter 2. Pre-installation Preparations • Chapter 3. Installation • Chapter 4. Boot and Configuration • Chapter 5. Hardware Maintenance and Replacement • Chapter 6. Troubleshooting Document Conventions This manual uses the following conventions for your convenience to read and understand: • Warning: Indicates improper operation that may cause serious damage to equipment or injury to operators. Thus, operators must strictly follow the operating rules. • Caution: Indicates incorrect operation that may affect the normal use of the equipment. Operators should be careful. • Note: Indicates information that may help readers understand the content.
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual Table of Contents Chapter 1 Introduction .................................................................................. 1 Overview .......................................................................................................... 1 Features ........................................................................................................... 1 Innovative Multi-core Plus®G2 Security Architecture ............................................ 1 Modularized Design ........................................................................................ 2 Hardware Overview ............................................................................................ 2 Front Panel.................................................................................................... 2 Back Panel .................................................................................................... 8 LED Indicators ............................................................................................. 11 System Parameters ...................................................................................... 13 Ports .......................................................................................................... 17 CLR Button.................................................................................................. 21 Expansion Slot ............................................................................................. 22 SD Card Slot................................................................................................ 22 Power Supply............................................................................................... 23 Expansion Module ............................................................................................ 25 Chapter 2 Pre-installation Preparations....................................................... 26 Introduction .................................................................................................... 26 Cleanness Requirements ................................................................................... 26 Electrostatic Discharge Prevention ...................................................................... 26 Electromagnetic Interference Prevention ............................................................. 26 Grounding Requirements................................................................................... 27 Workbench Requirements.................................................................................. 27 Other Safety Recommendations ......................................................................... 27 Unpacking....................................................................................................... 28 Installation Devices, Tools, and Cables ................................................................ 28 Chapter 3 Installation.................................................................................. 29 Before Installation............................................................................................ 29 Installing the Appliance on a Workbench.............................................................. 29 Installing the Appliance on a Rack ...................................................................... 30 Connecting Cables............................................................................................ 31 Connecting the Ground Wire .......................................................................... 31 Connecting the Console Cable ........................................................................ 31 Connecting the Ethernet Cable ....................................................................... 32 Connecting AC Power Cable ........................................................................... 33 Connecting DC Power Cable ........................................................................... 33 Verifying Installation......................................................................................... 34 Chapter 4 Boot and Configuration................................................................ 35 Introduction .................................................................................................... 35 Establishing a Configuration Environment ............................................................ 35 Console (CON) Connection............................................................................. 35 - I-
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual WebUI ........................................................................................................ 36 Ten et  an d SS H ............................................................................................. 37 Basic Configuration .......................................................................................... 37 Chapter 5 Hardware Maintenance and Replacement .................................... 38 Introduction .................................................................................................... 38 Installing and Removing the Power Supply Module ................................................ 38 Installing and Removing the X5100/G6100 Power Supply Module ........................ 38 Installing and Removing the G5150/G3150 Power Supply Module........................ 39 Installing and Removing the Expansion Module..................................................... 39 Installing and Removing the Fan Tray.................................................................. 40 Chapter 6 Troubleshooting........................................................................... 42 Introduction .................................................................................................... 42 Losing the Administrator Password ..................................................................... 42 Troubleshooting Power System........................................................................... 42 Troubleshooting the Configuration System ........................................................... 42 - II-
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual List of Figures Figure 1-1: SG-6000-X5100 Front Panel.................................................................... 2 Figure 1-2: SG-6000-G6100 Front Panel ................................................................... 3 Figure 1-3: SG-6000-G5150/SG-6000-G3150 Front Panel............................................ 4 Figure 1-4: SG-6000-G3100 Front Panel ................................................................... 4 Figure 1-5: SG-6000-G2120 Front Panel ................................................................... 5 Figure 1-6: SG-6000-G2110 (single power supply) Front Panel..................................... 5 Figure 1-7: SG-6000-M6115 (single power supply) Front Panel .................................... 6 Figure 1-8: SG-6000-M6110 (single power supply) Front Panel .................................... 6 Figure 1-9: SG-6000-M3108 (single power supply) Front Panel .................................... 7 Figure 1-10: SG-6000-M3105 (single power supply) Front Panel................................... 7 Figure 1-11: SG-6000-M3100 Front Panel ................................................................. 7 Figure 1-12: SG-6000-M2105 Front Panel ................................................................. 8 Figure 1-13: SG-6000-M2100 Front Panel ................................................................. 8 Figure 1-14: SG-6000-X5100/SG-6000-G6100 Back Panel........................................... 9 Figure 1-15: SG-6000-G5150/SG-6000-G3150 Back Panel .......................................... 9 Figure 1-16: SG-6000-G3100 Back Panel .................................................................. 9 Figure 1-17: SG-6000-G2120/SG-6000-G2110 (dual power supply) Back Panel ............ 10 Figure 1-18: SG-6000-M6115 (single power supply)/SG-6000-M6110 (single power supply) Back Panel.......................................................................................................... 10 Figure 1-19: SG-6000-M3108 (single power supply)/SG-6000-M3105 (single power supply) Back Panel.......................................................................................................... 10 Figure 1-20: SG-6000-M3100 Back Panel ................................................................ 10 Figure 1-21: SG-6000-M2105 Back Panel ................................................................ 11 Figure 1-22: SG-6000-M2100 Back Panel ................................................................ 11 Figure 1-23: AC Power Module for SG-6000-X5100 and SG-6000-G6100 ..................... 24 Figure 1-24: DC Power Module for SG-6000-X5100 and SG-6000-G6100 ..................... 24 Figure 1-25: AC Power Module for SG-6000-G5150 and SG-6000-G3150 ..................... 24 Figure 1-26: DC Power Module for SG-6000-G5150 and SG-6000-G3150..................... 25 Figure 3-1: Installing the Feet Plaster ..................................................................... 29 Figure 3-2: Installing the Rack-mounting Ears (1U Chassis as example) ...................... 30 Figure 3-3: Installing the Appliance in a Rack (1U Chassis as example) ....................... 31 Figure 4-1: Console Port Configuration.................................................................... 35 Figure 4-2: Setting Parameters for the Terminal Session ........................................... 36 Figure 5-1: Installing Power Supply Module of SG-6000-X5100/G6100 ........................ 38 Figure 5-2: Installing Power Supply Module of SG-6000-G5150/G3150 ........................ 39 - I-
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual List of Tables Table 1-1: SG-6000-X5100 Front Panel Description .................................................... 3 Table 1-2: SG-6000-G6100 Front Panel Description .................................................... 3 Table 1-3: SG-6000-G5150/SG-6000-G3150 Front Panel Description ............................ 4 Table 1-4: SG-6000-G3100 Front Panel Description .................................................... 4 Table 1-5: SG-6000-G2120 Front Panel .................................................................... 5 Table 1-6: SG-6000-G2110 (single power supply) Front Panel Description ..................... 5 Table 1-7: SG-6000-M6115 (single-power-supply) Front Panel Description..................... 6 Table 1-8: SG-6000-M6110 (single power supply) Front Panel Description ..................... 6 Table 1-9: SG-6000-M3108 (single power supply) Front Panel Description ..................... 7 Table 1-10: SG-6000-M3105 (single power supply) Front Panel Description ................... 7 Table 1-11: SG-6000-M3100 Front Panel................................................................... 8 Table 1-12: SG-6000-M2105 Front Panel Description .................................................. 8 Table 1-13: SG-6000-M2100 Front Panel Description .................................................. 8 Table 1-14: Hillstone Firewall Appliance Front Panel LED Descriptions.......................... 13 Table 1-15: Hillstone Firewall Appliance System Parameters ...................................... 17 Table 1-16: Console Port Attributes ........................................................................ 18 Table 1-17: Auxiliary Port Attributes....................................................................... 18 Table 1-18: USB Port Attributes ............................................................................. 18 Table 1-19: Gigabit Electrical Ethernet Port Attributes ............................................... 19 Table 1-20: SFP Port Attributes.............................................................................. 19 Table 1-21: SFP Optical Module Attributes ............................................................... 20 Table 1-22: SFP Electric Module Attributes............................................................... 20 Table 1-23: XFP Port Attributes.............................................................................. 21 Table 1-24: XFP Optical Module Attributes ............................................................... 21 Table 1-25: LED Indicators of SG-6000-G5150 and SG-6000-G3150 ........................... 25 Table 2-1: Dust Concentration Requirements in the Equipment Room.......................... 26  - II-
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual Chapter 1 Introduction Overview The SG-6000 Series firewall appliance is a new generation of firewall appliance developed by Hillstone Networks. With Multi-core Plus® G2 architecture and role-based deep application inspection technology, the SG-6000 Series can provide network security much better beyond the IP and port based defense of traditional firewalls. The SG-6000 Series applies hardware modular design, offering performance extensibility in order to solve the performance weakness of the existing UTM products when AV and IPS protections are turned on. SG-6000 Series has a processing ability from 100 megabytes to 10 gigabytes, making it suitable for various network environments, including networks of SMEs, governments, large enterprises, ISPs and IDCs, etc. The software of SG-6000 Series provides abundant features, such as role and application based security service, IPSec/SSL VPN, application QoS, AV and content security, etc. Hillstone SG-6000 Series product models include SG-6000-X5100, SG-6000-G6100, SG-6000-G5150, SG-6000-G3150, SG-6000-G3100, SG-6000-G2120, SG-6000-G2110, SG-6000-M6115, SG-6000-M6110, SG-6000-M3108, SG-6000-M3105, SG-6000-M3100, SG-6000-M2105 and SG-6000-M2100. SG-6000-G5150, SG-6000-G3150, SG-6000-G2120, SG-6000-G2110, SG-6000-M6115 and SG-6000-M6110 adopt modular design of pluggable circuit boards. For more information about extensible modules, please refer to Hillstone SG-6000 Series Firewall Appliance Expansion Module Manual. Features This section describes the main features of the SG-6000 Series firewall appliances. Innovative Multi-core Plus®G2 Security Architecture StoneOS®, Hillstone’s proprietary 64-bit real-time operating system, has a powerful parallel processing capability. Compared to Layer 3 security processing of the ordinary multi-core and NP/ASIC processors, StoneOS®  achieves real multi-core parallel processing from Network Layer to Application Layer with its patent parallel architecture. Thus, SG-6000 series firewall appliances have an up to 5 times performance elevation in application processing compared to other appliances with similar hardware configuration. The StoneOS® performance ability creates a strong foundation for an integrated security product, solving the performance limit faced by traditional appliances when multiple functionalities are running simultaneously. - 1 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual Modularized Design Some models of Hillstone SG-6000 Series support expansion modules. There are three kinds of pluggable hardware expansion modules: interface module, application processing module and storage module. The modularized design greatly protects customer’s investment. • The interface module enhances the connectivity of the device, so that the device will not be obsolete when the network develops. • The application processing module increases the security processing capability of the appliance, removing the bottleneck of application security. • The storage module is used to store logs and statistics collected by the device. Hardware Overview Hillstone firewall appliances are designed to fit in standard 19-inch cabinets/racks. A firewall appliance can be installed in a cabinet/rack or placed on a workbench. Front Panel The front panel of SG-6000-X5100 consists of 1 Gigabit Ethernet port, 12 SFP ports, 2 XFP ports, 2 USB ports, 1 Console port, 1 Auxiliary port, 1 CLR button, some status LEDs and a fan tray. Figure 1-1 illustrates the front panel of SG-6000-X5100.  Figure 1-1: SG-6000-X5100 Front Panel - 2 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual No. Label & Description  No. Label & Description  No. Label & Description 1  PWR: Power LED  6  PS1: Power PS1 LED  11 USB0-USB1: USB Ports 2  STA: Status LED  7  FAN: Fan tray LED  12 e0/0: Ethernet ports 3  ALM: Alarm LED  8  CLR: CLR button  13 e0/1-e0/12: SFP ports 4  HA:HA status LED  9  CON: Console port  14 xe0/13-xe0/14: XFP ports 5  PS0: Power PS0 LED  10  AUX: Auxiliary port  15 Fan tray Table 1-1: SG-6000-X5100 Front Panel Description The front panel of SG-6000-G6100 consists of 1 Gigabit Ethernet port, 12 SFP ports, 2 USB ports, 1 Console port, 1 Auxiliary port, 1 CLR button, some status LEDs and a fan tray. Figure 1-2 illustrates the front panel of SG-6000-G6100.  Figure 1-2: SG-6000-G6100 Front Panel No. Label & Description No. Label & Description No. Label & Description 1  PWR: Power LED  6  PS1: Power PS1 LED 11 USB0-USB1: USB Ports 2  STA: Status LED  7  FAN: Fan tray LED 12 e0/0: Ethernet port 3  ALM: Alarm LED  8  CLR: CLR button  13 e0/1-e0/12: SFP ports 4  HA:HA status LED  9  CON: Console port  14 Fan tray 5  PS0: Power PS0 LED  10  AUX: Auxiliary port  - - Table 1-2: SG-6000-G6100 Front Panel Description The front panel of SG-6000-G6100/SG-6000-G3150 consists of 4 Gigabit Ethernet ports, 8 SFP ports, 1 USB port, 1 Console port, 1 Auxiliary port, 1 CLR button, 4 general expansion slots, some status LEDs and a fan tray. Figure 1-3 illustrates the front panel of SG-6000-G5150/SG-6000-G3150. - 3 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual  Figure 1-3: SG-6000-G5150/SG-6000-G3150 Front Panel No. Label & Description  No. Label & Description  No. Label & Description 1  PWR: Power LED  7  FAN: Fan tray LED 13 e0/0-e0/3: Ethernet ports 2  STA: Status LED  8  CLR: CLR button  14 e0/4-e0/11:SFP ports 3  ALM: Alarm LED  9  CON: Console port  15 Slot 1: General expansion slot 4  HA:HA status LED  10  AUX: Auxiliary port  16 Slot 2: General expansion slot 5  PS0: Power PS0 LED  11  Fan tray  17 Slot 3: General expansion slot 6  PS1: Power PS1 LED 12  USB: USB port  18 Slot 4: General expansion slot Table 1-3: SG-6000-G5150/SG-6000-G3150 Front Panel Description The front panel of SG-6000-G3100 consists of 6 Gigabit Ethernet ports, 6 Gigabit Combo ports (SFP port + Ethernet port), 2 USB ports, 1 Console port, 1 Auxiliary port, 1 CLR button and some status LEDs. Figure 1-4 illustrates the front panel of SG-6000-G3100.  Figure 1-4: SG-6000-G3100 Front Panel No. Label & Description  No. Label & Description  No. Label & Description 1  PWR: Power LED  5  PS0: Power PS0 LED  9 AUX: Auxiliary port 2  STA: Status LED  6  PS1: Power PS1 LED 10 USB0-USB1: USB ports 3  ALM: Alarm LED  7  CLR: CLR button  11 e0/0-e0/5: Ethernet ports 4  HA:HA status LED  8  CON: Console port  12 e0/6-e0/11: Combo ports Table 1-4: SG-6000-G3100 Front Panel Description The front panel of SG-6000-G2120 consists of 4 Gigabit Ethernet ports, 4 SFP ports, 1 USB port, 1 Console port, 1 Auxiliary port, 1 CLR button, 2 general expansion slots and some status LEDs. Figure 1-5 illustrates the front panel of SG-6000-G2120. - 4 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual  Figure 1-5: SG-6000-G2120 Front Panel No. Label & Description  No. Label & Description  No. Label & Description 1  PWR: Power LED  6  PS1: Power PS1 LED 11 e0/0-e0/3: Ethernet ports 2  STA: Status LED  7  CLR: CLR button  12 e0/4-e0/7: SFP ports 3  ALM: Alarm LED  8  CON: Console port  13 Slot 1: General expansion slot 4  HA:HA status LED  9  AUX: Auxiliary port  14 Slot 2: General expansion slot 5  PS0: Power PS0 LED  10  USB: USB port  - - Table 1-5: SG-6000-G2120 Front Panel The front panel of SG-6000-G2110 consists of 16 Gigabit Ethernet ports, 1 USB port, 1 Console port, 1 CLR button, 1 general expansion slot, 1 storage expansion slot and some status LEDs. The standard power supply for SG-6000-G2110 is single power supply, and the dual power supply product is also available. Figure 1-6 illustrates the front panel of SG-6000-G2110 (single power supply).  Figure 1-6: SG-6000-G2110 (single power supply) Front Panel No. Label & Description  No. Label & Description  No. Label & Description 1  PWR: Power LED  5  CLR: CLR button  9 Slot 1: General expansion slot 2  STA: Status LED  6  CON: Console port  10 Slot 2: Storage expansion slot 3  ALM: Alarm LED  7  USB: USB port  - - 4  HA:HA status LED  8  e0/0-e0/15: Ethernetports  - - Table 1-6: SG-6000-G2110 (single power supply) Front Panel Description The front panel of SG-6000-M6115 consists of 4 Gigabit Ethernet ports, 8 SFP ports, 1 USB port, 1 Console port, 1 Auxiliary port, 1 CLR button, 1 storage expansion slot and some status LEDs. The standard power supply for SG-6000-M6115 is single power supply, and the dual power supply product is also available. Figure 1-7 illustrates the front panel of SG-6000-M6115 (single power supply). - 5 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual  Figure 1-7: SG-6000-M6115 (single power supply) Front Panel No. Label & Description  No. Label & Description  No. Label & Description 1  PWR: Power LED  5  CLR: CLR button  9 e0/0-e0/3: Ethernet ports 2  STA: Status LED  6  CON: Console port  10 e0/4-e0/7: SFP ports 3  ALM: Alarm LED  7  AUX: Auxiliary port  11 e0/8-e0/11: SFP ports 4  HA:HA status LED  8  USB: USB port  12 Slot1: Storage expansion slot Table 1-7: SG-6000-M6115 (single-power-supply) Front Panel Description The front panel of SG-6000-M6110 consists of 8 Gigabit Ethernet ports, 4 SFP ports, 1 USB port, 1 Console port, 1 Auxiliary port, 1 CLR button, 1 storage expansion slot and some status LEDs. The standard power supply for SG-6000-M6110 is single power supply, and the dual power supply product is also available. Figure 1-8 illustrates the front panel of SG-6000-M6110 (single power supply).  Figure 1-8: SG-6000-M6110 (single power supply) Front Panel No. Label & Description  No. Label & Description  No. Label & Description 1  PWR: Power LED  5  CLR: CLR button  9 e0/0-e0/3: Ethernet ports 2  STA: Status LED  6  CON: Console port  10 e0/4-e0/7: SFP ports 3  ALM: Alarm LED  7  AUX: Auxiliary port  11 e0/8-e0/11: Ethernet ports 4  HA:HA status LED  8  USB: USB port  12 Slot1: Storage expansion slot Table 1-8: SG-6000-M6110 (single power supply) Front Panel Description The front panel of SG-6000-M3108 consists of 8 Gigabit Ethernet ports, 2 Combo ports (Ethernet port + SFP port), 1 USB port, 1 SD card slot, 1 Console port, 1 CLR button and some status LEDs. The standard power supply for SG-6000-M3108 is single power supply, and the dual power supply product is also available. Figure 1-9 illustrates the front panel of SG-6000-M3108 (single power supply). - 6 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual  Figure 1-9: SG-6000-M3108 (single power supply) Front Panel No. Label & Description  No. Label & Description  No. Label & Description 1  PWR: Power LED  5  CLR: CLR button  9 SD: SD card LED 2  STA: Status LED  6  CON: Console port  10 e0/0-e0/1: Combo ports 3  ALM: Alarm LED  7  USB: USB port  11 e0/2-e0/9: Ethernet ports 4  HA:HA status LED  8  SD Card: SD card slot  - - Table 1-9: SG-6000-M3108 (single power supply) Front Panel Description The front panel of SG-6000-M3105 consists of 10 Gigabit Ethernet ports, 1 USB port, 1 SD card slot, 1 Console port, 1 CLR button and some status LEDs. The standard power supply for SG-6000-M3105 is single power supply, and the dual power supply product is also available. Figure 1-10 illustrates the front panel of SG-6000-M3105 (single power supply).  Figure 1-10: SG-6000-M3105 (single power supply) Front Panel No. Label & Description  No. Label & Description  No. Label & Description 1  PWR: Power LED  5  CLR: CLR button  9 SD: SD card LED 2  STA: Status LED  6  CON: Console port  10 e0/0-e0/9: Ethernet ports 3  ALM: Alarm LED  7  USB: USB port  - - 4  HA:HA status LED  8  SD Card: SD card slot  - - Table 1-10: SG-6000-M3105 (single power supply) Front Panel Description The front panel of SG-6000-M3100 consists of 8 Gigabit Ethernet ports, 1 USB port, 1 USB port, 1 Console port, 1 CLR button and some status LEDs. Figure 1-11 illustrates the front panel of SG-6000-M3100.  Figure 1-11: SG-6000-M3100 Front Panel - 7 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual No. Label & Description  No. Label & Description  No. Label & Description 1  PWR: Power LED  4  HA:HA status LED  7 USB: USB port 2  STA: Status LED  5  CLR: CLR button  8 e0/0-e0/7: Ethernet ports 3  ALM: Alarm LED  6  CON: Console port  - - Table 1-11: SG-6000-M3100 Front Panel The front panel of SG-6000-M2105 consists of 5 Gigabit Ethernet ports, 1 USB port, 1 Console port, 1 CLR button and some status LEDs. Figure 1-12 illustrates the front panel of SG-6000-M2105.  Figure 1-12: SG-6000-M2105 Front Panel No. Label & Description  No. Label & Description  No. Label & Description 1  PWR: Power LED  4  VPN: VPN status LED  7 USB: USB port 2  STA: Status LED  5  CLR: CLR button  8 e0/0-e0/4: Ethernet ports 3  ALM: Alarm LED  6  CON: Console port  - - Table 1-12: SG-6000-M2105 Front Panel Description The front panel of SG-6000-M2100 consists of 5 Gigabit Ethernet ports, 1 USB port, 1 Console port, 1 CLR button and some status LEDs. Figure 1-13 illustrates the front panel of SG-6000-M2100.  Figure 1-13: SG-6000-M2100 Front Panel No. Label & Description  No. Label & Description  No. Label & Description 1  PWR: Power LED  4  VPN: VPN status LED  7 USB: USB port 2  STA: Status LED  5  CLR: CLR button  8 e0/0-e0/4: Ethernet ports 3  ALM: Alarm LED  6  CON: Console port  - - Table 1-13: SG-6000-M2100 Front Panel Description Back Panel SG-6000-X5100 and SG-6000-G6100 adopt dual power supply and they have the same back panel layout, which consists of 2 sets of power supply socket and switch, 1 grounding screw and several vents. Figure 1-14 illustrates the back panel layout of SG-6000-X5100 and - 8 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual SG-6000-G6100.  Figure 1-14: SG-6000-X5100/SG-6000-G6100 Back Panel SG-6000-G5150 and SG-6000-G3150 have the same back panel layout, which consists of 2 power supply slots and 1 grounding screw. The standard product of SG-6000-G5150 is dual power supply and that of SG-6000-G3150 is single power supply. Figure 1-15 illustrates the back panel layout of SG-6000-G5150 and SG-6000-G3150.  Figure 1-15: SG-6000-G5150/SG-6000-G3150 Back Panel SG-6000-G3100 adopts dual power supply. The back panel consists of 2 power supply sockets, 2 power supply switches, 1 grounding screw and several vents. Figure 1-16 illustrates the back panel layout of SG-6000-G3100.  Figure 1-16: SG-6000-G3100 Back Panel SG-6000-G2120 and SG-6000-G2110 have the same back panel layout, which consists of 2 power supply sockets, 2 power supply switches and 1 grounding screw. SG-6000-G5150 adopts dual power supply. The standard product of SG-6000-G3150 is single power supply and it is also available in dual power supply. Figure 1-17 illustrates the back panel layout of SG-6000-G2120 and SG-6000-G2110 (dual power supply). - 9 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual  Figure 1-17: SG-6000-G2120/SG-6000-G2110 (dual power supply) Back Panel SG-6000-M6115 and SG-6000-M6110 have the same back panel layout. The standard products are single power supply and they are also available in dual power supply. The back panel of single power supply product has 1 power supply socket, 1 power supply switch and 1 grounding screw. Figure 1-18 illustrates the back panel layout of single power supply product of SG-6000-M6115 and SG-6000-M6110.  Figure 1-18: SG-6000-M6115 (single power supply)/SG-6000-M6110 (single power supply) Back Panel SG-6000-M3108 and SG-6000-M3105 have the same back panel layout. The standard products are single power supply and they are also available in dual power supply. The back panel of single power supply product has 1 power supply socket, 1 power supply switch and 1 grounding screw. Figure 1-19 illustrates the back panel layout of single power supply product of SG-6000-M3108 and SG-6000-M3105.  Figure 1-19: SG-6000-M3108 (single power supply)/SG-6000-M3105 (single power supply) Back Panel SG-6000-M3100 adopts single power supply. The back panel of SG-6000-M3100 has 1 power supply socket, 1 power supply switch and 1 grounding screw. Figure 1-20 illustrates the back panel layout of SG-6000-M3100.  Figure 1-20: SG-6000-M3100 Back Panel The back panel of SG-6000-M2105 has 1 power supply socket, 1 power supply switch and 1 grounding screw. Figure 1-21 illustrates the back panel of SG-6000-M2105. - 10 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual  Figure 1-21: SG-6000-M2105 Back Panel SG-6000-M2110 uses a power adapter to connect to power supply. The back panel of SG-6000-M2100 has 1 power supply socket, 1 grounding screw and 1 security lock. Figure 1-22 illustrates the back panel of SG-6000-M2100.  Figure 1-22: SG-6000-M2100 Back Panel LED Indicators Table 1-14 describes the meanings of LED indicators on the front panels of Hillstone firewall appliances. - 11 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual LED  Color/Status  Description Green/On steadily  The system power is running normally. Orange/On steadily The system power is running abnormally. Red/On steadily  The system power is not running normally, and the system is in the off mode. PWR Off  The system is not powered on. Green/On steadily  The system is booting Green/Blinking The system is operating normally. STA Red/On steadily  The system has failed to boot or is running abnormally. Red/On steadily  System is sending alarm(s). Green/Blinking The system is waiting. Off  The system is functioning normally. Orange/Blinking  The system is using a trial license. ALM Orange/On steadily The trial license expires and the system has not legitimate license. Green/On steadily  Power Supply PS0 is running normally. Orange/On steadily Power Supply PS0 is running normally, but the power supply fan is malfunctioning. Change the power supply immediately. PS0 Off  Power Supply PS0 is not powered on or it is lf i i Green/On steadily  Power Supply PS1 is running normally. Orange/On steadily Power Supply PS1 is running normally, but the power supply fan is malfunctioning. Change the power supply immediately. PS1 Off  Power Supply PS0 is not powered on or it is malfunctioning. Green/On steadily  Only one appliance is available, running as the Master. Green/Blinking  Both master and slave devices are present. This appliance is working as the Master. Orange/Blinking  Both master and slave devices are present. This appliance is working as the Slave. HA Red/Blinking  High Availability is malfunctioning. Green/On steadily  The cooling system is running normally. Orange/On steadily One of the fans has broken down, but the cooling system can still fully function. Change the fan tray as soon as possible. FAN Red/On steadily The cooling system has a serious fault or the fan tray is not fully inserted. The system will automatically shut down in 15 seconds. Green/On steadily  The VPN tunnel is connected. Orange/On steadily VPN is turned on but no tunnel is connected. VPN Off  VPN is not turned on. - 12 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual Green/On steadily  SD card is inserted and in normal status. Green/Blinking  SD card is inserted and being read or written. SD Off  No SD card is inserted. Green/On steadily  The link between this port and its peer device is in normal status. LNK Off  The link between this port and its peer device is disconnected or has failed. Yellow/Blinking  The port is transferring or receiving data. ACT  Off  No data is transmitted on this port. Table 1-14: Hillstone Firewall Appliance Front Panel LED Descriptions Notes: • The STA and ALM LEDs will both turn red when there is a boot failure caused by OS software damage. Contact your sales representative if this occurs. • As LED indicators vary due to different product model, please refer to the real product. System Parameters Table 1-15 lists the system parameters of Hillstone firewall appliances of all models. Item  Description Fixed Ports  SG-6000-X5100 1 Gigabit Ethernet port 12 SFP ports 2 XFP ports 2 USB 2.0 Host ports 1 Console port 1 Auxiliary port - 13 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual SG-6000-G6100 1 Gigabit Ethernet port 12 SFP ports 2 USB 2.0 Host ports 1 Console port 1 Auxiliary port SG-6000-G5150 SG-6000-G3150 4 Gigabit Ethernet ports 8 SFP ports 1 USB 2.0 Host port 1 Console port 1 Auxiliary port SG-6000-G3100 6 Gigabit Ethernet ports 6 Gigabit Combo ports 2 USB 2.0 Host ports 1 Console port 1 Auxiliary port SG-6000-G2120 4 Gigabit Ethernet ports 4 SFP ports 1 USB 2.0 Host port 1 Console port 1 Auxiliary port SG-6000-G2110 16 Gigabit Ethernet ports 1 USB 2.0 Host port 1 Console port SG-6000-M6115 4 Gigabit Ethernet ports 8 SFP ports 1 USB 2.0 Host port 1 Console port 1 Auxiliary port SG-6000-M6110 8 Gigabit Ethernet ports 4 SFP ports 1 USB 2.0 Host port 1 Console port 1 Auxiliary port SG-6000-M3108 8 Gigabit Ethernet ports 2 Gigabit Combo ports 1 USB 2.0 Host port 1 SD card slot 1 Console port SG-6000-M3105 10 Gigabit Ethernet ports 1 USB 2.0 Host port 1 SD card slot 1 Console port - 14 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual SG-6000-M3100 8 Gigabit Ethernet ports 1 USB 2.0 Host port 1 Console port SG-6000-M2105 5 Gigabit Ethernet ports 1 USB 2.0 Host port 1 Console port SG-6000-M2100 5 Gigabit Ethernet ports 1 USB 2.0 Host port 1 Console port CPU  Dedicated 64-bit multi-core processor SG-6000-X5100 SG-6000-G6100  8GB SG-6000-G5150 SG-6000-G3150 SG-6000-G3100 4GB SG-6000-G2120 2GB SG-6000-G2110 2GB SG-6000-M6115 SG-6000-M6110  2GB SG-6000-M3108 SG-6000-M3105 SG-6000-M3100 1GB DDR2 SDRAM SG-6000-M2105 SG-6000-M2100  512MB Flash Memory SG-6000-X5100 SG-6000-G6100 SG-6000-G5150 SG-6000-G3150 SG-6000-G2120 SG-6000-G2110 SG-6000-M6115 SG-6000-M6110 SG-6000-M3108 SG-6000-M3105 SG-6000-G3100 SG-6000-M3100 SG-6000-M2105 SG-6000-M2100 512MB SG-6000-X5100 SG-6000-G6100 SG-6000-G5150 SG-6000-G3150 440.0mm x 520.0mm x 88.0mm Dimensions (W×D×H) SG-6000-G3100  442.0mm x 366.7mm x 44.0mm - 15 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual SG-6000-G2120 SG-6000-G2110 SG-6000-M6115 SG-6000-M6110 436.0mm x 365.5mm x 44.0mm SG-6000-M3108 SG-6000-M3105 SG-6000-M3100 442.0mm x 240.7mm x 44.0mm SG-6000-M2105  300.0mm x 165.0mm x 44.0mm SG-6000-M2100  221.0mm x 142.4mm x 32.6mm SG-6000-X5100 SG-6000-G6100 Net weight: 11.1kg Gross weight: 14.5kg (accessories and packages included) SG-6000-G5150 Net weight: 12.3kg Gross weight: 16.8kg (accessories and packages included) SG-6000-G3150 Net weight: 11.1kg Gross weight: 15.6kg (accessories and packages included) SG-6000-G3100 Net weight: 5.5kg Gross weight: 7.7kg (accessories and packages included) SG-6000-G2120 Net weight: 5.6kg Gross weight: 9.1kg (accessories and packages included) SG-6000-G2110 Net weight: 5.2kg Gross weight: 8.4kg (accessories and packages included) SG-6000-M6115 Net weight: 5.7kg Gross weight: 9.3kg (accessories and packages included) SG-6000-M6110 Net weight: 5.7kg Gross weight: 9.3kg (accessories and packages included) SG-6000-M3108 Net weight: 2.9kg Gross weight: 5.7kg (accessories and packages included) SG-6000-M3105 Net weight: 2.9kg Gross weight: 5.7kg (accessories and packages included) Weight SG-6000-M3100 Net weight: 2.8kg Gross weight: 5.6kg (accessories and packages included) - 16 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual SG-6000-M2105 Net weight: 1.5kg Gross weight: 1.9kg (accessories and packages included) SG-6000-M2100 Net weight: 0.85kg Gross weight: 1.9kg (accessories and packages included) SG-6000-X5100 SG-6000-G6100  200W x 2 SG-6000-G5150 SG-6000-G3150  450W x 2 SG-6000-G3100  150W x 2 SG-6000-G2120  150W x 2 SG-6000-G2110 SG-6000-M6115 SG-6000-M6110 150W SG-6000-M3108 SG-6000-M3105 SG-6000-M3100 45W Power Rating SG-6000-M2105 SG-6000-M2100  15W products other than SG-6000-M2100  100-240V AC,50/60Hz SG-6000-X5100 SG-6000-G6100 AC supply module: 100-240V AC,50/60Hz DC supply module: -36 - -72V DC SG-6000-G5150 SG-6000-G3150 AC supply module: 100-240V AC,50/60Hz DC supply module: -40 - -60V DC Input Voltage SG-6000-M2100 5V DC Temperature  0℃-40℃ Relative Humidity  10%-95% (noncondensing) Table 1-15: Hillstone Firewall Appliance System Parameters Note: DDR2 SDRAM is the random access memory to store the communication data for the CPU. Flash Memory is used for storing the operating system firmware, configuration and application files. Ports The ports available for Hillstone firewall appliances are Console port, Auxiliary port, USB port, Gigabit Ethernet port, SFP port and XFP ports. This section explains the attributes of each port. Console Port Hillstone firewall appliance provides an RS-232C asynchronous serial console port for you to configure the appliance. Attributes for the Console port are shown in Table 1-16. - 17 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual Attribute  Description Connector RJ-45 Port Standard  RS-232C Baud Rate  9600/19200/38400/57600/115200 bit/s Services Supported Connecting to a terminal with a serial interface;   Configuring the product by running a terminal emulation program on the terminal. Transmission Medium Console Cable Table 1-16: Console Port Attributes Auxiliary Port Hillstone firewall appliance provides an RS-232C asynchronous serial auxiliary port. Attributes for the auxiliary port are shown in Table 1-17. Attribute  Description Connector RJ-45 Port Standard  RS-232C Baud Rate  9600/19200/38400/57600/115200 bit/s Services Supported  Debugging aid Table 1-17: Auxiliary Port Attributes USB Port Hillstone firewall appliance provides two USB Host ports at most. Attributes for the USB port are shown in Table 1-18. Attribute  Description Connector  USB Type-A interface Port Standard  USB 2.0 Host interface Negotiation Mode  1.1/2.0 autosensing Table 1-18: USB Port Attributes Gigabit Ethernet Electrical Port Hillstone firewall appliance provides several fixed Gigabit Ethernet electrical ports; the Gigabit Ethernet Combo port also supports the electrical connection. Attributes for the Gigabit Ethernet electrical port are shown in Table 1-19. - 18 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual Attribute  Description Connector RJ-45 Port Standard  Auto-MDIX Frame Format  Ethernet_II Ethernet_SNAP Negotiation Mode  10/100/1000Mbps autosensing Full / half-duplex Table 1-19: Gigabit Electrical Ethernet Port Attributes SFP Port Hillstone firewall appliance supports SFP ports. The Table 1-20 describes the attributes of SFP port. Attribute  Description Connector SFP Frame Format  Ethernet_II Ethernet_SNAP SFP optical module  1000Mbps Negotiation Mode  SFP electric module 10/100/1000Mbps autosensing (some onlysupports 1000Mbps) Full / half-duplex   Table 1-20: SFP Port Attributes Caution: To avoid dust falling into the SFP socket, you should place a rubber dust cap (originally in the accessory box) over the SFP port. The SFP port has two types of interface transceiver module for you to choose: • SFP optical module • SFP electric module If SFP optical module is applied to SFP port, you should use LC-Type optical connector. Hillstone firewall appliance supports five types of 1000Base-FX SFP optical module. All optical modules are hot-swappable. - 19 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual Description Attribute Short-haul Multimode Optical Module (850nm) Medium-haul Single-mode Optical Module (1310nm) Long-haul Optical Module (1310nm) Long-haul Optical Module (1550nm) Ultra-long Haul OpticalModule (1550nm) Connector LC Fiber Type  62.5/125μm multimode fiber 9/125μm single-mode fiber 9/125μm single-mode fiber 9/125μm single-mode fiber 9/125μm single-mode fiber Maximum Transmission Distance 0.55km 10km 40km 40km 70km Central Wavelength  850nm  1310nm 1310nm 1550nm 1550nm Table 1-21: SFP Optical Module Attributes If SFP electric module is applied on SFP port, you should use crossover or straight-through cable (i.e. standard Ethernet cable). Table 1-22 describes the attributes of SFP electric module. Attribute  Description Connector RJ-45 Port Standard  Auto-MDI/MDIX (crossover cable and straight-through cableautosensing)  Maximum TransmissionDistance  100m Negotiation Mode  10/100/1000Mbps autosensing (some only supports 1000Mbps) Full / half-duplex Table 1-22: SFP Electric Module Attributes Cautions: • The SFP electric modules of SG-6000-X5100 and SG-6000-G6100 support 10/100/1000Mbps autosensing, and the SFP electric modules of other platform    just support 1000Mbps. • Before performing switchover between the optical and electrical connection on Combo ports, you need to first clear the rate and duplex mode configurations in the current operating mode (electrical or optical), and re-configure the port after the switchover. XFP Port Hillstone firewall appliances support XFP ports which use XFP optical modules. - 20 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual Attribute  Description Connector XFP Frame Format  Ethernet_II Ethernet_SNAP Negotiation Mode  XFP optical module  10Gbps Table 1-23: XFP Port Attributes Hillstone firewall appliance supports five types of 10GBase-FX XFP optical module. All optical modules are hot-swappable. Description Attribute Short-haul Multimode Optical Module (850nm) Short-haul Multimode Optical Module (850nm) Medium-haul Single-mode Optical Module (1310nm) Long-haul Single-mode Optical Module (1550nm) Ultra-long Haul Single-mode Optical Module (1550nm) Connector LC Fiber Type 50/125μm multimode fiber 62.5/125μm multimode fiber 9/125μm single-mode fiber 9/125μm single-mode fiber 9/125μm single-mode fiber Maximum Transmission Distance 0.3km(984.3ft) 0.033km(108.3ft) 10km 40km 80km Central Wavelength  850nm 850nm 1310nm 1550nm 1550nm Table 1-24: XFP Optical Module Attributes Caution: To avoid dust falling into the XFP socket, you should place a rubber dust cap (in the accessory box) over the XFP port. CLR Button The CLR button is the pinhole of the front panel and is used to reset the appliance back to the factory default settings. You can restore access to the appliance with this button if the login password is lost. Warning: Use this button carefully. Resetting the appliance clears all existing configurations. To restore the factory default settings, perform the following steps: 1. Turn off the power of the appliance. - 21 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual 2. Press the CLR button in the pinhole and turn on the power supply simultaneously. 3. Keep pressing till the STA and ALM LEDs turn to constantly red, then stop pressing. The appliance begins to restore to the original factory settings. 4. The system reboots after the default settings restored. Expansion Slot The chassis height of SG-6000-G5150 and SG-6000-G3150 is 2U with four half-U expansion slots (Slot1-4); SG-6000-G2120 and SG-6000-G2110 are 1U height with two half-U expansion slots (Slot1-2). SG-6000-M6115 and SG-6000-M6110 are 1U height with one expansion slot. Follow the rules below when inserting the expansion modules into expansion slots. • Half-U expansion slot fits in any slot. • 1U height expansion modules can only be installed in Slot2 and Slot4. • For SG-6000-G2120, expansion module FEC-HD-160 can only be inserted in Slot1. • SG-6000-G2110, SG-6000-M6115 and SG-6000-M6110 can only accommodate storage expansion modules (in Slot1). • Some appliances support more than one expansion modules of the same type. Cautions: • Cover the expansion slot with blank panel if the slot has no expansion module installed. • For detailed information of expansion modules, refer to Hillstone SG-6000 Series Firewall Appliance Expansion Module Manual. SD Card Slot SG-6000-M3108 and SG-6000-M3105 have a SD card slot for SD storage card on the front panel. SD card stores the data of the Network Behavior Control logs. Hillstone firewall appliances can support SD card of 32 GB at most so far. To install SD storage card: 1. Ensure that the write protection switch is off so that it can be written. - 22 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual 2. Face the front panel of the appliance. 3. Insert the SD card with the metal contact side facing down and push it slightly into the card slot. Do not push too hard with force to avoid damage to the slot or the card. 4. Stick the seal label on the SD card slot to warn others not to eject the SD card freely. Caution: You need to backup the card data before inserting it into the slot, as the system will automatically format the card in one minute. To remove the SD storage card: 1. Run exec detach sd0 command on the CLI interface. 2. Face the front panel of the appliance 3. Rip off the label stuck on the slot. 4. Push the SD card slightly and it will pop out. Note: Hillstone recommends Kingston and SanDisk SD cards of 16GB and 32GB. To ensure the storage writing speed, the SD card should have a speed of Class 4 at least.   Power Supply SG-6000-X5100, SG-6000-G6100, SG-6000-G5150, SG-6000-G3150, SG-6000-G3100 and SG-6000-G2120 support dual power supply, i.e. utilizing two power sources as power inputs in case one fails, the other power can instantaneously provides power input and protect the appliance from unexpected power disconnection. The two powers back up for each other. SG-6000-G2110, SG-6000-M6115, SG-6000-M6110, SG-6000-M3108 and SG-6000-M3105 have both single power input and dual power input products. You can choose the power type based on your own needs. SG-6000-M3100, SG-6000-M2105 and SG-6000-M2100 use single power supply. SG-6000-M2100 utilizes DC-Power input and the input voltage is 5V DC. Other products of SG-6000 Series use AC power supplies and the input voltage is 100-240V AC, 50/60Hz. Power Module SG-6000-X5100, SG-6000-G6100, SG-6000-G5150 and SG-6000-G3150 can use either AC power module or DC power module as the power input. You should choose the power type based on your own needs. The AC power module of SG-6000-X5100 and SG-6000-G6100 is shown in Figure 1-23; the DC power module for the two products is shown in Figure 1-24. - 23 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual  Figure 1-23: AC Power Module for SG-6000-X5100 and SG-6000-G6100  Figure 1-24: DC Power Module for SG-6000-X5100 and SG-6000-G6100 The AC power module of SG-6000-G5150 and SG-6000-G3150 is shown in Figure 1-25; the DC power module for the two products is shown in Figure 1-26.  Figure 1-25: AC Power Module for SG-6000-G5150 and SG-6000-G3150 - 24 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual  Figure 1-26: DC Power Module for SG-6000-G5150 and SG-6000-G3150 LED  Color/Status  Description Green/On steadily  Power module is functioning normally. OK  Off  No power input. Yellow/On steadily  Power module has fault.  Off  Power module is functioning normally. Green/On steadily  AC power module is functioning normally AC  Off  AC power module has no power input or has fault. Green/On steadily  DC power module is functioning normally DC  Off  DC power module has no power input or has fault. Table 1-25: LED Indicators of SG-6000-G5150 and SG-6000-G3150 For information on power module installation and replacement, refer to Installing and Removing the Power Supply Module. Expansion Module SG-6000-G5150, SG-6000-G3150, SG-6000-G2120 and SG-6000-G2110 support three types of expansion modules, which are interface module, storage module and application processing module. SG-6000-M6115 and SG-6000-M6110 support only storage modules. The main functions are: • Interface module: expands the number of port. • Storage module: enlarges the hardware space used to store logs. • Application processing module: improves AV performance. For detailed information about expansion modules, refer to Hillstone SG-6000 Firewall Appliance Expansion Module Manuel. - 25 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual Chapter 2 Pre-installation Preparations Introduction To prevent personnel injury and equipment damage, please carefully read all the safety warnings and cautions in this chapter before the installation. Hillstone products are designed for indoor use. To ensure the normal operation and to prolong the service lifetime, the installation site must meet the following requirements: Cleanness Requirements Table 2-1 lists the dust concentration requirements in the equipment room. Mechanical Active Material  Unit  Content Dust particle  particle/m3 ≤3×104 (No visible dust on the table in 3 days) Note:Diameter of dust particle≥5μm Table 2-1: Dust Concentration Requirements in the Equipment Room Electrostatic Discharge Prevention To prevent Electrostatic Discharge (ESD) damage, ensure that: • The appliance is well grounded. The grounding screw is properly grounded. • Take dustproof measures for the equipment room. • Maintain the humidity and temperature at a proper level. • Do not disassemble the equipment without permission from the equipment vendor, or you may cause danger and void your warranty. Electromagnetic Interference Prevention All possible Electromagnetic Interference (EMI) sources, external or internal, affect the firewall appliance in the way of capacitance coupling, inductance coupling, electromagnetic radiation, and common impedance (including the grounding system) coupling.   To prevent or reduce EMI: • Take effective measures to protect the power system from the interference of the power grid. - 26 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual • Separate the protection ground of the firewall appliance from the grounding device or lighting protection grounding device of the power supply equipment as far as possible. • Keep the firewall appliance far away from radio stations, radar, and other high-frequency and high-current devices. • Use electromagnetic shielding when necessary. Grounding Requirements To ensure safer use of the firewall appliance: • Ensure that the grounding screw of the chassis is well grounded via the grounding wire. • Ensure that the grounding pin of the power plug is well grounded. Workbench Requirements Before the installation, ensure your workbench is properly prepared as follows: • Make sure that you provide adequate space near the intake and exhaust vents of the appliance for heat dissipation. • Make sure the rack is equipped with a good ventilation system. • Make sure the rack is strong enough to support the weight of a fully equipped appliance. • Make sure the rack is well grounded. Other Safety Recommendations For the safe installation and operation of the firewall appliance, it is recommended to follow these directions: • Keep the appliance far away from a moist area and heat sources. • Wear an ESD-preventive wrist strap correctly when handling the appliance. • Be careful with laser emission. Do not directly stare into apertures of fiber-optic connectors that emit laser radiation. • Use uninterrupted power supply (UPS). - 27 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual Unpacking Verify the parts received according to your purchasing contract and packing list to ensure that you have received all items necessary. If you have any problem, please contact your sales representative. Installation Devices, Tools, and Cables A Hillstone firewall appliance is shipped with a power cable and a console cable, and you should have the following items before the installation: • Terminal: Configuration terminal (an ordinary PC is sufficient). • Tools: Philips screwdrivers and ESD-preventive wrist strap. • Cables: Power cable, console cable, and Ethernet cable. - 28 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual Chapter 3 Installation Before Installation A yellow seal with dark ink characters is stuck on a mounting screw of the chassis. Keep the seal intact. The sales representative will check this seal before performing maintenance operation. Please get the permission of your sales representative before opening the chassis yourself. Warranty will be void if you open the chassis without authorization. Before installation, make sure that: • You have read Chapter 2 Pre-installation Preparations carefully. • The requirements referred in Chapter 2 Pre-installation Preparations are satisfied. Hillstone products can be installed:   • On a workbench • On a standard 19-inch rack Installing the Appliance on a Workbench You can simply place the Hillstone product on a stable and clean workbench. For skid prevention, perform the following steps to fit anti-skid feet on the appliance before installing: Step 1: Tear off the sticker from the feet plaster. Step 2: Press the sticky side of the feet to the right-angle die-pressed mark on the bottom panel of the chassis. See Figure 3-1.  Figure 3-1: Installing the Feet Plaster - 29 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual Check the following specifications when installing the appliance on a workbench: • Make sure the workbench is stable and well grounded. • Make sure the intake and the exhaust vents are unblocked, and keep the appliance well ventilated.   • Do not place any heavy object on the top of the chassis. Installing the Appliance on a Rack Before mounting the appliance on a rack, ensure that the power is off, and the rack is stable enough and well grounded. Hillstone firewall appliances are designed for a 19-inch standard rack.  To rack-mount the chassis: Note: SG-6000-M2100 requires a plate under it to fit in a rack.   Step 1: Attach rack-mounting ears to the left and right side panels of the chassis respectively, and then fasten the rack-mounting ears with suitable screws, as shown in Figure 3-2.  Figure 3-2: Installing the Rack-mounting Ears (1U Chassis as example) Step 2: Take out screws from the accessory box and fasten the rack-mounting ears of the chassis in the rack with the screws. Keep the center of rack-mounting ear and the center of the rack hole horizontally even, as shown in Figure 3-3. - 30 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual  Figure 3-3: Installing the Appliance in a Rack (1U Chassis as example) Cautions: • The rack-mounting ears cannot bear weight. Make sure the chassis is supported by the platform under it when mounted into a rack. • For better ventilation, there should be a clearance space between two equipments. • If the rack accommodates only one device, put the device on the bottom. • The floating nuts in the accessory box can only fit in the 9mm x 9 mm squared holes of standard racks and they can be used when no original rack nuts available. Connecting Cables This section describes how to connect cables to the appliance, including connecting the ground wire, the console cable, the Ethernet cable and the power cable. Connecting the Ground Wire To meet safety requirements, you must correctly connect the grounding screw on the chassis to the earth ground by a grounding wire. The grounding resistance should be less than 5Ω. Warning: The correct connection of the ground wire on the chassis is an essential safeguard against lightning shocks and interference. You must properly connect the ground wire when installing and using the appliance. Connecting the Console Cable Hillstone firewall appliance provides a RS-232C asynchronous serial console (CON) port, through which you can configure the appliance. The console cable is an 8-core shielded cable, which has a RJ-45 connector that can be connected to the Console port of the appliance and a DB-9 (female) connector that can be connected to the serial port of a console terminal. - 31 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual Perform the following steps to connect the appliance and the console terminal: 1. Select a console terminal. You may choose an ordinary PC or a standard ASCII terminal with an RS-232C serial port. 2. Connect the console cable. Connect the RJ-45 end of the cable to the Console port of the appliance, and then connect the DB-9 connector of the cable to the console terminal. Connecting the Ethernet Cable Hillstone products provide Ethernet Electrical ports, SFP ports, XFP ports and Ethernet Combo ports (Electrical port + Optical port). The electrical Ethernet port can be connected by a straight-through cable (also called standard cable) or a crossover cable. The SFP port should use a SFP optical module, which can be connected with crossover cable or straight-through cable, or use a SFP electric module connected by a single-mode or multi-mode cable. The XFP port uses single-mode or multi-mode cables to access Ethernet. All SFP and XFP optical modules of Hillstone products use LC-type optical connector; therefore, you should connect the optical modules using optical fiber ended with LC-type connector. Follow the guidelines below when connecting cables to the ports: • Be careful not to connect the Ethernet port to the wrong ports. Read the label above the port carefully. • For electrical Ethernet connection, use crossover cable or straight-through cable. • For SFP port connection, the optical module should be inserted into SFP port first, and install the LC-type connector to the optical module; the electric module should be connected by crossover cable or straight-through cable. • For XFP ports, insert the XFP optical module into the XFP port first, and then connect the LC-type connector to the module. • Note the following items when connecting fiber cables. • The curvature radius should be greater than 10cm. Avoid excessive bending of the cable. • Ensure the Tx and Rx ends are connected correctly. • Keep the connector of the optical cable clean. Warning: Laser danger! To protect your eyes from radiation harm, do not stare into a cable - 32 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual connector connected to a laser. Connecting AC Power Cable The AC power cable is shipped with the chassis. Prepare a single-phase three-terminal power socket with a ground contact in advance. Normally, the ground contact of the power supply system in a building was buried during construction and cabling. Before connecting the AC input power cable, you must make sure that the power socket is well grounded. To connect the AC power cable: 1. Make sure the ground wire is reliably connected to the earth ground. 2. Make sure the power switch of the appliance is in the OFF position. 3. Connect the AC power socket of the power source using the AC power cable. To connect more cables, repeat this step. 4. Power on the switch of the appliance. 5. Check PWR LED on the front panel. A shining LED indicates correct connection. Note: If a product does not have a power switch, you can skip Step2 and Step4. Connecting DC Power Cable To power the appliance with DC power source, use DC power cables to connect the appliance and the external DC power source. Hillstone does not provide DC power cables. Warning: Before performing the procedure, ensure that the cable is not connected with any power source and make sure the cables will not be powered on during the process. To connect the DC power cable to the appliance: 1. Ensure that the power source voltage is in accordance with required voltage specified in System Parameters. 2. Switch off the power source. 3. If the terminal on the power supply module has a plastic cover, remove the cover and keep it. 4. Connect the grounding screw (labeled with “ ”) to the ground contact point using a grounding wire. - 33 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual 5. Use DC cables to connect the “+” terminal of the appliance to the “+” terminal of the power source, and “-” terminal to the “-” terminal of the source. 6. Verify the connection is correct and fasten the cables using a screwdriver. 7. Recover the plastic cover(s) to the original terminal(s). 8. To connect more DC power cables, repeat Step3 to Step7. 9. Switch on the power supply module. 10. Switch on the power source and check if the PWR LED is on. A shining LED indicates correct connection. Verifying Installation After you complete the installation with all the above steps, you still need to verify the following items. • All the cables are properly connected. • The grounding wire of the appliance is correctly connected. • The air vents on both side panel of the appliance are unblocked, and there is enough space around for heat dissipation. • The expansion modules, power supply modules and fan tray are correctly installed (for some products). • The power source meets the requirements of the appliance. • If the appliance is rack-mounted, make sure the rack is stable enough. If the appliance is placed on a workbench, make sure the workbench is stable and clean. - 34 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual Chapter 4 Boot and Configuration Introduction This chapter describes the initial system boot and basic configuration of Hillstone SG-6000 Series, using a PC as the console terminal. Establishing a Configuration Environment Hillstone firewall appliances support both local configuration and remote configuration. Administrators can use the following configuration methods. • Console (CON) connection • WebUI • Telnet and SSH Console (CON) Connection For initial system configuration, you have to establish a Console connection environment (connect the device to a configuration terminal through its Console port).   Perform the following steps to establish a Console connection: 1. Set up a local configuration environment. Connect the Console port to the serial port of a PC through a console cable, as shown in Figure 4-1:  Figure 4-1: Console Port Configuration 2. Run the terminal emulation program on the PC (e.g. hyper terminal of Windows XP/Windows 2000) to set up a connection. Set the parameters of the terminal session to 9600bps, 8 data bits, 1 stop bit, none parity, and none flow control, as - 35 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual shown in Figure 4-2:  Figure 4-2: Setting Parameters for the Terminal Session 3. Switch on the power supply, and the appliance performs self-test and initializes the configuration automatically. If the booting succeeds, the system will display the command line prompt “login”. Enter the default administrator name and password “hillstone” at the “login” and “password” prompts, press “Enter”. And now you are successfully logged in and accessing the CLI. 4. Enter commands to configure or view running status. Enter a question mark “?” to get help on commands whenever you want. WebUI The ethernet0/0 (e0/0) port has a default IP address of 192.168.1.1/24, and all the management functions of this port are enabled by default. Administrators can access the WebUI through e0/0.   Perform the following steps to log in the appliance’s WebUI: 1. Set up the IP address of the management PC on the same subnetwork as 192.168.1.1/24. Connect the management PC to the e0/0 port through an Ethernet cable. - 36 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual 2. Launch a Web browser of the management PC, enter the URL “http://192.168.1.1” in the address bar, and then press Enter. 3. Enter the default administrator name and password “hillstone” in both the <Login> and <Password> text boxes. 4. Click the “Login” button to enter WebUI main page. Then you can set other configurations to the appliance. Tenet and SSH You can also establish Telnet and SSH configuration environments. For more information, please refer to Hillstone SG-6000 Series Firewall Appliance User Guide. Basic Configuration Before configuration, you should be familiar with the functionalities of the appliance and how it will be deployed in your network. Next, based on the appliance’s position in the network, network management requirements and network security design requirements, you can design a reasonable topology, choose proper operation mode of the ports, set security zones and perform the network and security policy configuration.   The basic configuration steps may include: 1. Create security zones, including the link layer (L2) and network layer (L3). Bind different interfaces to correct security zones respectively. 2. Assign IP addresses to interfaces. 3. Configure the management functions of the interfaces and create the security policy rules. 4. Figure out the distribution solutions of the network address and configure the network address translation rules as needed. 5. Keep network connectivity by configuring routes. 6. Configure security policy rules between security zones. 7. Configure network parameters, such as DHCP and DNS agent, etc. Note: For more information, please refer to Hillstone SG-6000 Series Firewall Appliance User Guide. - 37 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual Chapter 5 Hardware Maintenance and Replacement Introduction This chapter explains how to install and remove the power supply module, the expansion module and the fan tray. Installing and Removing the Power Supply Module This section describes how to install and remove the power supply module of SG-6000-X5100, SG-6000-G6100, SG-6000-G5150 and SG-6000-G3150. Installing and Removing the X5100/G6100 Power Supply Module To install a power supply module to SG-6000-X5100 or SG-6000-G6100: 1. Ensure that the power supply module to be used is not connected to any power source. 2. Face the back panel of the appliance. 3. If the power supply slot is covered by blank plate, remove the plate first (unscrew the screws on the blank plate and take it down). Skip this step if the slot is not covered. 4. Slide the power supply module all the way into the slot cage until you feel resistant. 5. Tighten the screws on the flatplate.  Figure 5-1: Installing Power Supply Module of SG-6000-X5100/G6100 To remove the power supply module: 1. Make sure the power supply module to be used is not connected to any supply source. - 38 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual 2. Face the back panel of the appliance. 3. Loosen the screws on the flatplate. 4. Pull the power supply straight out of the chassis by holding the provided handle. Installing and Removing the G5150/G3150 Power Supply Module To install a power supply module to SG-6000-G5150 or SG-6000-G3150: 1. Ensure that the power supply module to be used is not connected to any power source. 2. Face the back panel of the appliance. 3. If the power supply slot is covered by blank plate, remove the plate first (unscrew the screws on the blank plate and take it down). Skip this step if the slot is not covered. 4. Slide the power supply module all the way into the slot cage until you feel resistant.  Figure 5-2: Installing Power Supply Module of SG-6000-G5150/G3150 To remove the power supply module: 1. Make sure the power supply module to be used is not connected to any supply source. 2. Face the back panel of the appliance. 3. Pull the power supply straight out of the chassis using the provided handle. Installing and Removing the Expansion Module SG-6000-G5150, SG-6000-G3150, SG-6000-G2120, SG-6000-G2110, SG-6000-M6115 and - 39 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual SG-6000-M6110 can accommodate expansion modules. This section describes how to install and remove the expansion module. To install an expansion module: 1. Make sure the power is switched off and you should wear the ESD strap properly. 2. Face the front panel of the appliance. 3. Remove the blank plate on the expansion slot if necessary. 4. Slide the expansion module to be used into the slot until you feel resistant. 5. Tighten the screws on the expansion module. To remove an expansion module: 1. Make sure the power is switched off and you should wear the ESD strap properly. 2. Face the front panel of the appliance. 3. Loosen the screws on the expansion module. 4. Pull the expansion module straight out of the chassis by holding the screws. Note: Apply a blank plate to cover the slot where no expansion module is installed. Installing and Removing the Fan Tray SG-6000-X5100, SG-6000-G6100, SG-6000-G5150 and SG-6000-G3150 have hot-insertabel and hot-removable fan trays. To install a fan tray: 1. Hold the fan tray and insert it straight into the chassis until you feel resistant. 2. Tighten the screws on the fan tray. Note: Check the FAN LED indicator when the appliance is powered on. A constant green shining light indicates that the fan is functioning normally. To remove a fan tray: 1. Loosen the screws on the fan tray. - 40 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual 2. Pull the fan tray out of the chassis by holding the provided handle. Note: To avoid over heating, insert a replacement fan tray immediately after removing the existing one. - 41 -
                                   Hillstone SG-6000 Series Firewall Appliance Installation Manual Chapter 6 Troubleshooting Introduction This chapter provides solutions to some common problems of Hillstone firewall appliances. Losing the Administrator Password If you lose the administrator password, please contact your local sales representative. Troubleshooting Power System Check the PWR LED on the front panel of the appliance. If the power supply is functioning normally, the PWR LED lights steadily in green color. If the LED is off, perform the following steps: • Make sure the power supply cable is connected correctly. • Ensure that the voltage of the power source conforms with the required voltage. For the PWR LED information, refer to LED Indicators. Troubleshooting the Configuration System The Console configuration terminal shows system booting message when the appliance is powered on. If the configuration system has failed, it displays error information or nothing at all. If the configuration terminal shows no information, perform the following steps: • Make sure the power supply is correctly connected and powered on. • Check if the console cable is connected properly. • See if the terminal configuration settings are correct. If the steps are performed and no error found, it may be the console cable failure. - 42 -
FCC STATEMENT 1. This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference. (2) This device must accept any interference received, including interference that may cause undesired operation. 2. Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.  NOTE: This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:    Reorient or relocate the receiving antenna.    Increase the separation between the equipment and receiver.    Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.    Consult the dealer or an experienced radio/TV technician for help.

Navigation menu