H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Keywords: SecBlade, SSL VPN Abstract: This release notes describes the SecBlade SSL VPN release with respect to hardware and software compatibility, released features and functions, software upgrading, and documentation.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Table of Contents Version Information ········································································································································ 5 Version Number ········································································································································· 5 Version History ·····················································································································
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes BootWare Operation Submenu ········································································································ 24 Storage Device Operation Submenu ······························································································· 24 Upgrading the BootWare Program and Applications Through the Serial Interface ································· 25 Introduction to Xmodem ·····························································
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes List of Tables Table 1 Version history ............................................................................................................................... 5 Table 2 Hardware and software compatibility matrix.................................................................................. 5 Table 3 SecPath series hardware features ................................................................................................
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Version Information Version Number List the version number with the command display version. For example: H3C SecBlade SSL VPN Comware Software, Version 3.40, Ess 7111 Note: You can see the version number with the command display version in any view. Please see Note①.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Item Specifications S9500 version S9500-CMW310-R1651P05 SR6600 version SR6600-CMW520-R2507P01 SR8800 version SR8800-CMW520-R3342 SecCenter version SecCenter Firewall Manager E0028 Remarks Sample:To display the host software and Boot ROM version of the SecPath series, perform the following: dis version H3C Comware Software Comware software, Version 3.40, Ess 7111 ------- Note① Copyright (c) 2004-2011 Hangzhou H3C Technologies Co., Ltd.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Feature List Hardware Features Table 3 SecPath series hardware features Item SecBlade SSL VPN Interface 1*Console CF 1* CF slot, without CF card default. Flash 64MB SDRAM 2GB Size(W x D x H) 399.2mm x 346.7mm x 40.1mm Weight 3.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Category Features Web cache Clear cache Cookie Client program and configuration User and user group Dynamic authorization Resource and resource group Security policy URL Authorization granularity File directory IP address and port IP network segment RSA Hardware encrypt MD5, SHA1 RC4, DES, 3DES, AES Custom Logo Personalizati on web Custom Caption Custom first page Web Management Command Line Serial Online Networking Bypass Support switch or route
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Version number Item Description New features: Support HP SSL VPN. Deleted features: None Software feature updates Modified features: 1. Vrrp support track detect-group. 2. The syslog host’s port number can be modified. Hardware feature updates New features: None Deleted features: None New features: None Deleted features: None E7110 Software feature updates Modified features: 3. SSO(Single Sign-On) supports get request.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes MIB Updates Table 7 MIB updates Version number Item MIB file Module Description New None Modified None E7101 Configuration Changes Operation Changes in E7101 First release. List of Resolved Problems Resolved Problems in E7111 Problem 1 l First found-in version: E7110 l Description: CRL-link not support case sensitive.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Problem 2 l First found-in version: E7101 l Description: It can keep the latest login username automatically. l Workaround: None Problem 3 l First found-in version: E7101 l Description: The administrator can watch the detail resource requirement. l Workaround: None Resolved Problems in E7102 Problem 1 l First found-in version: E7101 l Description: The online user information displayed through the Web interface and through CLI is not consistent.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes BootWare program file The BootWare program file on a SecBlade SSL VPN card is used for booting application files and is saved on the Flash of the SecBlade SSL VPN card. The entire BootWare program file contains a basic segment and an extended segment. l The basic segment is used for the basic initialization of the SecBlade SSL VPN card. After the basic initialization, the network interfaces and the CF card are still unavailable.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Configuration files The configuration files store configuration information of SecBlade SSL VPN cards. By default, three configuration files are defined to load configuration information at the SecBlade SSL VPN card boot. l Main configuration file: The file type is M and the file extension is .cfg. By default, the SecBlade SSL VPN card uses the main configuration file to load configuration information.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes l Upgrade applications using TFTP/FTP through an Ethernet interface. For the upgrade procedure, refer to “Upgrading Applications Using TFTP” on page 32 and “Upgrading Applications Using FTP” on page 37. The second and third are called conventional software upgrade methods. l The BootWare program is automatically upgraded when applications are upgraded, that is, you do not need to upgrade the BootWare separately.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Specifying Files Specifying a boot file No matter how you upgrade software, use the boot-loader file file-url { main | backup } command in user view to specify a new boot file for the SecBlade card and then restart the device. In the command, l file file-url: Name of the boot file, consisting of 1 to 64 characters. l main: Main application file. l backup: Backup application file. l A boot file is an application file used to boot the SecBlade card.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Connecting the console interface to a configuration terminal (usually a PC) Plug the DB-9 connector of the console cable into the serial interface on the PC and the RJ-45 connector into the console interface on the SecBlade card.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Figure 3 Select the serial interface for the HyperTerminal connection Step4 Set serial interface parameters. In the COM1 Properties dialog box shown in Figure 4, set the default serial interface properties listed in Table 9.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Figure 4 Set serial interface parameters Step5 Click OK to enter the HyperTerminal window shown in Figure 5. Figure 5 HyperTerminal window Step6 In the HyperTerminal window, select File > Properties > Settings to enter the dialog box shown in Figure 6.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Step7 Set the terminal emulation to VT100 or autodetect and click OK to return to the HyperTerminal window. Figure 6 Set the terminal emulation type Introduction to the BootWare Menu Main Menu After the above configurations are completed and the SecBlade SSL VPN card is powered on, the card first performs system initialization. After system initialization, the following information is displayed on the configuration terminal: System start booting...
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes * * **************************************************************************** Copyright (c) 2004-2008 Hangzhou H3C Technologies Co., Ltd. Compiled Date : Jul 7 2008 CPU Type : OCTEON CN3860 CPU L1 Cache : 128KB CPU Clock Speed : 550MHz Memory Type : DDR2 SDRAM Memory Size : 2048MB Memory Speed : 400MHz BootWare Size : 448KB Flash Size : 64MB CPLD Version : 3.0 PCB Version : Ver.A BootWare Validating...
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes and you need to restart the card to enter the correct password.) After you type the correct BootWare password, the current operating device and the main menu are displayed. On the main menu, you can select 9 to choose a storage device. Note: The current operating device is cfa0 Enter < Storage Device Operation > to select device.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Menu item Description Clear the super user password. The super user password is required in user level switching. <8> Clear Super Password By default, no super user password is set. The setting is valid only for the first reboot of the SecBlade card and the super user password will be restored next time the SecBlade card reboots.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Ethernet Submenu Select 3 on the main menu to enter the Ethernet submenu, where you can upgrade applications using FTP/TFTP.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Table 13 describes the file control submenu items. Table 13 File control submenu Submenu items Description <1> Display All File(s) Display all files. <2> Set Application File type Set the type of an application file. <3> Delete File Delete an application file. <0> Exit To Main Menu Return to the main menu. BootWare Operation Submenu Select 7 on the main menu to enter the BootWare operation submenu.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes | <2> Set The Operating Device | | <3> Set The Default Boot Device | | <0> Exit To Main Menu | ============================================================= Enter your choice(0-3): Table 15 describes the storage device operation submenu items. Table 15 Storage device operation submenu Submenu item Description <1> Display All Available Nonvolatile Storage Device(s) Display all available storage devices.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Modifying Serial Interface Parameters In practice, on the one hand, you need to improve the baud rate of the serial interface to save the upgrade time, and on the other hand, you need to lower it to guarantee the transmission reliability. This section introduces how to modify the baud rate of the serial interface. Step1 Select 2 on the main menu to enter the serial submenu.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Figure 7 Disconnect the HyperTerminal connection Step5 Select File > Properties. Click Configure (F)… in the test Properties dialog box and change the bits per second to 115200. Figure 8 Modify the baud rate on the HyperTerminal Step6 Select Call > Call to re-establish a call connection.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Figure 9 Re-establish a call connection Step7 Press Enter. You can see the current baud rate and return to the upper level menu. The current baud rate is displayed: The current baudrate is 115200 bps After you download files at the modified baud rate to upgrade applications, restore the baud rate on the HyperTerminal to 9600 bps in time, so as to ensure the normal display on the screen when the SecBlade card boots or reboots.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Step3 Select Transfer > Send File in the HyperTerminal window. The following dialog box appears: Figure 10 Send File dialog box Step4 Click Browse… to select the application file to be downloaded, and select Xmodem from the Protocol dropdown list.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes l The size of an application is often over 10 MB. Even if the baud rate is set to 115200 bps, it usually takes about 30 minutes to upgrade the application through the serial interface. Therefore, you are recommended to upgrade applications through an Ethernet interface. l If you want the SecBlade card to use the downloaded file, you need to specify the file for the next boot. For related information, refer to “Specifying Files” on page 15.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Figure 12 Send File dialog box Step4 Click Browse… to select the application file to be downloaded, and select Xmodem from the Protocol dropdown list.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes l The BootWare program is automatically upgraded when applications are upgraded, that is, you do not need to upgrade the BootWare program separately. l The file name, size, and path in the above figures may vary. Check the current BootWare and application versions before upgrading them. l If you upgraded the extended segment, you only upgrade part of the BootWare program.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes 2) Configure Ethernet interface parameters on the BootWare menu. Select 3 on the main menu to enter the Ethernet submenu, where you can select 5 to enter the Ethernet parameter setting interface to configure the Ethernet interface parameters. ===================================== Note: '.' = Clear field. '-' = Go to previous field. Ctrl+D = Quit.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Field Description Set a name for the target file to be saved to the SecBlade card and the extension of the target file needs to be the same as that of the downloaded file. Target File Name l The first “main.bin” is the target file name automatically remembered by the system at the last update. l The second “main.bin” is the target file name set by the user for this update.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes l If the application file name you entered already exists on the CF card, “The file exists, will you overwrite it? [Y/N]” will be prompted. If you enter Y, the application file on the CF card will be directly overwritten. The upgraded application file will become the only main application file. l Make sure that the available space on the CF card is enough. Otherwise, “The free space isn’t enough” will be prompted.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Table 17 dir command output information Field 3) Description Directory of cfa0:/ Name of the current directory 62472 KB total (41855.5 KB free) Used space on the CF card (available space on the CF card) File system type of cfa0 File system type that the CF card supports Upgrade applications.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes File will be transferred in binary mode Sending file to01 remote tftp server. Please wait... TFTP: 10867848 bytes sent in 0.01 second(s). File uploaded successfully. l When you back up an application file, if the file name already exists on the TFTP server, the existing file will directly be overwritten. l You can back up configuration files in the way you back up application files.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes l The FTP server program is not shipped with the SecBlade card and you need to purchase and install it. l When you upgrade application files using FTP on the BootWare menu, use Ethernet interface GigabitEthernet 0/2 on the SecBlade card. For step 2 to step 4, refer to the corresponding steps in “Upgrading Applications Using TFTP on the BootWare Menu” on page 32.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes # Download the main.bin file from the FTP server to the SecBlade card. [ftp] get main.bin main.bin cfa0:/main.bin has been existing. Overwrite it? [Y/N]:y 227 Entering passive mode (192,168,80,200,5,33) 125 Using existing data connection 226 Closing data connection; File transfer successful. FTP: 10867848 byte(s) received in 472.515 second(s), 23.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes The SecBlade card serving as the FTP server and the PC serving as the FTP client 1) Set up an upgrade environment. Connect the PC to an Ethernet interface (for example, GigabitEthernet 0/1) on the SecBlade card and ensure the connectivity between them. l Use a crossover Ethernet cable to connect Ethernet interface GigabitEthernet 0/1 on the SecBlade card to the PC.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes 230 User logged in. 4) Upgrade applications. Using FTP, you can upload application files from the client to overwrite the existing application files on the server (SecBlade card) to implement application upgrade. The upgraded application files take effect at the next boot. # Upload the main_bac.bin file from the PC to the SecBlade card and save it as main.bin. ftp> binary 200 Type set to I. ftp> lcd d:\update Local directory now D:\update. ftp> put main_bac.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes l When you download an application file, if the file name already exists on the PC, you will be prompted whether to overwrite the existing file. You need to enter Y or N to make a confirmation. l You can back up configuration files in the way you back up application files. Maintaining Files You can maintain files on the file control submenu or at the CLI.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes ============================================================= NO. Size(B) Time 1 10129712 Jun/11/2007 05:39:50 B Type 0 Exit Name cfa0:/main.bin ============================================================= Enter file no: Step2 Enter a file number (for example, 1) and press Enter. The following information is displayed.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes 0 drw- - Jun 11 2007 19:09:42 logfile 1 -rw- 10867848 Jun 13 2007 13:21:20 main.bin 2 -rw- 1128 Jun 27 2007 11:07:24 startup.cfg 3 -rw- 558 Jun 11 2007 20:20:38 config.cfg 4 -rw- 558 Jun 11 2007 20:23:10 config_bac.cfg 506336 KB total (506272 KB free) File system type of cfa0: FAT16 Modifying a file type # Change the main.bin file from type B to type M+B. boot-loader file main.bin main This command will set the boot file.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes User Password Loss If you forget your user password, you will be refused to log in to the SecBlade card. In this case, you can ignore the current configuration to boot the SecBlade card and set a new user password as follows: Step1 Select 6 on the main menu to ignore the current configuration in SecBlade card boot. The following information is displayed: Flag Set Successfully. Step2 When the main menu appears again, select 0 to reboot the SecBlade card.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes l After you set a new user password, use the save command to save the password. l You are recommended to save the new user password in the default configuration file. BootWare Password Loss Contact your local dealer if you forget the BootWare password of the SecBlade card. You can modify the BootWare password on the main menu. Step1 Select 5 on the main menu to modify the BootWare password as prompted.
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes | <1> Boot System | | <2> Enter Serial SubMenu | | <3> Enter Ethernet SubMenu | | <4> File Control | | <5> Modify BootWare Password | | <6> Skip Current System Configuration | | <7> BootWare Operation Menu | | <8> Clear Super Password | | <9> Storage Device Operation | | <0> Reboot | ============================================================= Enter your choice(0-9):8 If the following information appears, the super password is successfully
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Will you backup the Extend BootWare? [Y/N] Step3 Enter Y. Begin to backup the Extend BootWare.................... Done! By now, the extended segment has been backed up. Backing up the entire BootWare program file at the CLI You can also use the following command to back up the BootWare program file. bootrom backup Now backuping bootrom, please wait... Backup bootrom! Please wait...
H3C SECBLADESSLVPN-CMW340-E7111 Release Notes Restoring the entire BootWare program file at the CLI You can use the following command to restore the entire BootWare program file. bootrom restore This command will restore bootrom file, Continue? [Y/N]:y Now restoring bootrom, please wait... Restore bootrom! Please wait...