Clavister Lynx X8 Getting Started Guide Clavister AB Sjögatan 6J SE-89160 Örnsköldsvik SWEDEN Phone: +46-660-299200 www.clavister.
Clavister Lynx X8 Getting Started Guide Published 2015-04-07 Copyright © 2015 Clavister AB Copyright Notice This publication, including all photographs, illustrations and software, is protected under international copyright laws, with all rights reserved. Neither this manual, nor any of the material contained herein, may be reproduced without the written consent of Clavister. Disclaimer The information in this document is subject to change without notice.
Table of Contents Preface ................................................................................................................ 5 1. X8 Product Overview ......................................................................................... 7 1.1. Unpacking the X8 .................................................................................... 7 1.2. Interfaces and Ports ................................................................................. 9 2. Registering with Clavister .......
List of Figures 1.1. An Unpacked Clavister X8 Appliance .................................................................. 7 1.2. Front View of the Clavister X8 ............................................................................ 9 1.3. X8 Status LEDs ............................................................................................... 10 3.1. The X8 Rear Showing DIN Attachment ............................................................... 19 3.2. The X8 Local Console Port ...............
Preface Target Audience The target audience for this guide is the administrator who has taken delivery of a packaged Clavister X8 appliance and is setting it up for the first time. The guide takes the user from unpacking and installation of the device through to power-up, including network connections and initial cOS Core configuration. Text Structure The text is divided into chapters and subsections. Numbered subsections are shown in the table of contents at the beginning of the document.
Preface Text links Where a "See section" link is provided in the main text, this can be clicked on to take the reader directly to that reference. For example, see Section 4.6, “Setup Troubleshooting ”. Web links Web links included in the document are clickable. For example, http://www.clavister.com. Trademarks Certain names in this publication are the trademarks of their respective owners. cOS Core is the trademark of Clavister AB.
Chapter 1: X8 Product Overview • Unpacking the X8, page 7 • Interfaces and Ports, page 9 The Clavister Lynx X8 is a ruggedized hardware platform for cOS Core with no moving parts and long MTBF. The X8 is designed for industrial applications where there is a need for extreme durability and performance. It is fanless, dustproof, has no interior wires and can tolerate a large range of operating temperatures as well as being DIN rail mountable. 1.1. Unpacking the X8 Figure 1.1.
Chapter 1: X8 Product Overview • RS-232 local console cable. • Power cable. • Euroblock (Phoenix) plug for optional power rail connection. Note: If any items are missing If any items are missing from the X8 package, please contact the reseller or distributor. All relevant documentation in PDF format can be downloaded from the Clavister website and is included in the ZIP file distributions of new cOS Core versions.
Chapter 1: X8 Product Overview 1.2. Interfaces and Ports This section is an overview of the X8 product's external design. Figure 1.2. Front View of the Clavister X8 The X8 features a number of connection ports on the front panel: • 4 x RJ45 Gigabit Ethernet interfaces. These have the logical cOS Core names G1, G2, G3 and G4. The names are written by the side of each interface. They function independently of each other and are not connected by a switch fabric.
Chapter 1: X8 Product Overview • The left hand LED indicates cOS Core status and can be either of the following colors: i. Green - cOS Core is operating normally. ii. Red - An error condition has occurred and cOS Core is not fully functioning. This is usually a result of cOS Core entering lockdown mode because there is no valid software license. Figure 1.3.
Chapter 1: X8 Product Overview 11
Chapter 2: Registering with Clavister Before applying power to the X8 and starting cOS Core, it is important to understand the the customer and product registration procedures. There are two types of registration: • Registering as a Clavister Customer This involves registering basic contact and company information on the Clavister website and establishing login credentials.
Chapter 2: Registering with Clavister 2. The customer login page is presented. It is assumed that a new customer is accessing the site for the first time so they should press the Register button. If already registered, log in and skip to step 8. 3. The registration webpage is now presented. The required information should be filled in. In the example below, a user called John Smith registers. It is important to enter the administrator's company details as well.
Chapter 2: Registering with Clavister 5. Below is an example of the email that John Smith would receive. 6. When the confirmation link in the email is clicked, the new customer is taken to a webpage to indicate that confirmation has been successful. They should now log in to the Clavister website with the credentials they have submitted during registration. 7. After logging in, the website toolbar will show the name of the currently logged in customer.
Chapter 2: Registering with Clavister B. Registration of the X8 Hardware Unit These steps describe manual registration of the X8 hardware unit. Alternatively, if the X8 is connected to the Internet then this registration can be also be performed automatically by the cOS Core Setup Wizard which will appear as a browser popup window in the Web Interface when cOS Core starts for the first time. 1. Log in to the Clavister website and select the Register License option. 2. The registration page is displayed.
Chapter 2: Registering with Clavister The image above shows an example label which illustrates the typical layout of identification labels found on Clavister hardware products. After Successful Hardware Registration Once the X8 hardware unit is registered, a cOS Core license for the unit becomes available for download and installation from Clavister servers. This installation can be done automatically through the cOS Core Setup Wizard which is described in Section 4.2, “Web Interface and Wizard Setup”.
Chapter 3: X8 Installation • General Installation Guidelines, page 17 • DIN Rail Installation, page 19 • Local Console Port Connection, page 20 • Connecting Power, page 22 3.1. General Installation Guidelines Follow these geneneral guidelines when installing your Clavister X8 appliance: • Safety Take notice of the safety guidelines laid out in Chapter 7, Safety Precautions. These are specified in multiple languages.
Chapter 3: X8 Installation a means to prevent electrical surges reaching the appliance. This is mentioned again in Section 3.4, “Connecting Power”. • Temperature Do not install the appliance in an environment where the ambient temperature during operation might fall outside the specified operating range. This range is documented in Appendix A, X8 Specifications. The intended operating temperature range is "room temperature".
Chapter 3: X8 Installation 3.2. DIN Rail Installation The X8 is designed for DIN rail mounting only and comes delivered with a rotatable DIN bracket at the back for mounting. This DIN bracket can be rotated in 90 degree increments and can be easily removed if not needed. The DIN bracket is shown in the image below. Figure 3.1.
Chapter 3: X8 Installation 3.3. Local Console Port Connection The local console port is a physical RS-232 port on the X8 hardware. Figure 3.2. The X8 Local Console Port This local console port allows direct management connection to the appliance, either from a separate computer running console emulation software or from a console terminal. Local console access can then be used for both management of cOS Core with CLI commands or to enter the boot menu in order to access X8 firmware loader options.
Chapter 3: X8 Installation • A terminal or a computer with a serial port and the ability to emulate a terminal (for example, the open source puTTY software). • The terminal console should have the following settings: • i. 9600 bps. ii. No parity. iii. 8 bits. iv. 1 stop bit. v. No flow control. An RS-232 cable with appropriate terminating connectors. Connection Steps To connect a terminal to the local console port, perform the following steps: 1.
Chapter 3: X8 Installation 3.4. Connecting Power This section describes connecting power. As soon as power is applied, the X8 will boot-up and cOS Core will start. Important Please review the electrical safety information in Chapter 7, Safety Precautions. Connecting AC Power To connect power, follow these steps: 1. Plug the end of the power adapter's power cord into the power inlet socket on the X8. The X8 uses a Euroblock power connection (also known as a Phoenix connection).
Chapter 3: X8 Installation 3. With the supplied power cable, plug the other end of the power cord into a power outlet. There is no On/Off switch. If using a power rail to supply power, switch on the power. 4. The X8 will boot up and cOS Core will start. After a brief period of time, cOS Core will be initialized and the X8 appliance is ready for configuration from a management workstation using either the Web Interface or the Command Line Interface (CLI) as the management interface.
Chapter 3: X8 Installation 24
Chapter 4: cOS Core Configuration • Management Workstation Connection, page 25 • Web Interface and Wizard Setup, page 28 • Manual Web Interface Setup, page 36 • CLI Setup, page 52 • License Installation Methods, page 60 • Setup Troubleshooting , page 62 • Going Further with cOS Core, page 64 4.1. Management Workstation Connection cOS Core Starts After Power Up It is assumed that the X8 unit is now unpacked, positioned correctly and powered is applied.
Chapter 4: cOS Core Configuration A standard web browser running on a standalone computer (also referred to as the management workstation) can be used to access the cOS Core Web Interface. This provides an intuitive graphical interface for cOS Core management. When this interface is accessed for the first time, a setup wizard runs automatically to guide a new user through key setup steps. The wizard can be closed if the administrator wishes to go directly to the Web Interface to perform setup manually.
Chapter 4: cOS Core Configuration unused interface could be used instead. Direct Connection to the Management Interface Connection to the management interface G1 from the workstation can be done directly without a switch. This could be done using a crossover cable. However, all the RJ45 interfaces on the X8 support Automatic MDI-X and a crossover cable is not necessary.
Chapter 4: cOS Core Configuration 4.2. Web Interface and Wizard Setup This chapter describes the setup when accessing cOS Core for the first time through a web browser. The user interface accessed in this way is called the Web Interface. It assumes that a physical network connection has been set up from a management computer to the default management Ethernet interface as described in Section 4.1, “Management Workstation Connection”.
Chapter 4: cOS Core Configuration It is possible to configure cOS Core to use a CA signed certificate instead of self-signed certificate for the management login and doing this is described in the cOS Core Administration Guide. The Login Dialog cOS Core will next respond like a web server with the initial login dialog page as shown below. The available Web Interface language options are selectable at the bottom of this dialog.
Chapter 4: cOS Core Configuration the Clavister Security Gateway is being used in Transparent Mode between two internal networks, then the configuration setup is best done with manual Web Interface steps or through the CLI instead of through the wizard and these are explained in the two sections that follow. Advantages of the Wizard The wizard makes setup easier because it automates what would otherwise be a more complex set of individual setup steps.
Chapter 4: cOS Core Configuration Wizard step 3: Select the WAN interface Next, you will be asked for the WAN interface that will be used to connect to an ISP for Internet access. Wizard step 4: Select the WAN interface settings This step selects how the WAN connection to the Internet will function. It can be one of Manual configuration, DHCP, PPPoE or PPTP as shown below.
Chapter 4: cOS Core Configuration These four different connection options are discussed next in the subsections 4A to 4D that follow. • 4A. Static - manual configuration Information supplied by the ISP should be entered in the next wizard screen. All fields need to be entered except for the Secondary DNS server field. • 4B. DHCP - automatic configuration All required IP addresses will automatically be retrieved from the ISP's DHCP server with this option.
Chapter 4: cOS Core Configuration DNS servers are set automatically after connection with PPPoE. • 4D. PPTP settings The username and password supplied by an ISP for PPTP connection should be entered. If DHCP is to be used with the ISP then this should be selected, otherwise Static should be selected followed by entering the static IP address supplied by the ISP. DNS servers are set automatically after connection with PPTP.
Chapter 4: cOS Core Configuration Wizard step 6: Helper server settings Optional NTP and Syslog servers can be enabled here in the wizard or configured later. Network Time Protocol servers keep the system date and time accurate. Syslog servers can be used to receive and store log messages sent by cOS Core. For the default gateway, it is recommended to specify the IPv4 address assigned to the internal network interface. In this setup, this corresponds to 192.168.1.1.
Chapter 4: cOS Core Configuration Wizard step 7: Activate setup The final step for the configuration is to save and activate it by pressing the Activate button. After this step the Web Interface returns to its normal appearance and the administrator can continue to configure the system. Wizard step 8: License Activation This optional step is to install a license which is fetched automatically from Clavister servers.
Chapter 4: cOS Core Configuration 4.3. Manual Web Interface Setup This section describes initial cOS Core configuration performed directly through the Web Interface, without using the setup wizard. Configuration is done as a series of individual steps, giving the administrator more direct control over the process. Even if the wizard is used, this section can also be read as a good introduction to using the Web Interface for configuring key aspects of cOS Core.
Chapter 4: cOS Core Configuration Important: The time server URL requires the "dns:" prefix When specifying a URL in cOS Core for the time server, it must have the prefix "dns:". Once the values are set correctly, we can press the OK button to save the values while we move on to more steps in cOS Core configuration. Although changed values like this are saved by cOS Core, they do not become active until the entire saved configuration becomes the current and active configuration.
Chapter 4: cOS Core Configuration Reconfiguration is a process that the cOS Core administrator may initiate often. Normally, reconfiguration takes a brief amount of time and causes only a slight delay in traffic throughput. Active user connections through the Clavister Security Gateway should rarely be lost. Tip: How frequently to commit configuration changes It is up to the administrator to decide how many changes to make before activating a new configuration.
Chapter 4: cOS Core Configuration The initial step is to set up a number of IPv4 address objects in the cOS Core Address Book. Let us assume for this section that the interface used for Internet connection is G2 and that the static IPv4 address for this interface is to be 10.5.4.35, the ISP's gateway IPv4 address is 10.5.4.1, and the network to which they both belong is 10.5.4.0/24.
Chapter 4: cOS Core Configuration object is named by combining the interface name with the suffix "_net" and this is the network to which the interface belongs. Tip: Creating address book folders New folders can be created when needed and provide a convenient way to group together related IP address objects. The folder name can be chosen to indicate the folder's contents. Now click the Add button at the top left of the list and choose the IP4 Address option to add a new address to the folder.
Chapter 4: cOS Core Configuration Click on the interface in the list which is to be connected to the Internet. The properties for this interface will now appear and the settings can be changed including the default gateway. Press OK to save the changes. Although changes are remembered by cOS Core, the changed configuration is not yet activated and won't be activated until cOS Core is told explicitly to use the changed configuration.
Chapter 4: cOS Core Configuration The properties for the new IP rule will appear. In this example, we will call the rule lan_to_wan. The rule Action is set to NAT (this is explained further below) and the Service is set to http-all which is suitable for most web browsing (it allows both HTTP and HTTPS connections). The interface and network for the source and destinations are defined in the Address Filter section of the rule.
Chapter 4: cOS Core Configuration this is needed. This could be done with a single IP rule or IP policy that uses a custom service which combines the HTTP and DNS protocols but the recommended method is to create an entirely new IP rule that mirrors the above rule but specifies the service as dns-all. This method provides the most clarity when the configuration is examined for any problems. The screenshot below shows a new IP rule called lan_to_wan_dns being created to allow DNS.
Chapter 4: cOS Core Configuration B. DHCP - automatic configuration All the required IP addresses for Internet connection can, alternatively, be automatically retrieved from an ISP's DHCP server by enabling the DHCP Client option for the interface connected to the ISP. This option is enabled by first selecting Network > Interfaces and VPN > Ethernet to display a list of all the interfaces.
Chapter 4: cOS Core Configuration For PPPoE connection, we must create a PPPoE tunnel interface associated with the physical Ethernet interface. Assume that the physical interface is G2 and the PPPoE tunnel object created is called wan_pppoe. Go to Network > Interfaces and VPN > PPPoE and select Add > PPPoE Tunnel. These values can now be entered into the PPPoE Tunnel properties dialog. An ISP will supply the correct values for pppoe_username and pppoe_password in the dialog above.
Chapter 4: cOS Core Configuration An ISP will supply the correct values for pptp_username, pptp_password and the remote endpoint. An interface is not specified when defining the tunnel because this is determined by cOS Core looking up the Remote Endpoint IP address in its routing tables. The PPTP client tunnel interface can now be treated exactly like a physical interface by the policies defined in cOS Core rule sets.
Chapter 4: cOS Core Configuration An example IP pool range might be 196.168.1.10 - 192.168.1.20 with a netmask of 255.255.0.0. In addition, it is important to specify the Default gateway for the server. This will be handed out to DHCP clients on the internal networks so that they know where to find the public Internet. The default gateway is always the IPv4 address of the interface on which the DHCP server is configured, in this case, G3_ip. Select the Options tab to set this.
Chapter 4: cOS Core Configuration Tip: Address book object naming The cOS Core address book is organized alphabetically so when choosing names for IP address objects it is best to have the descriptive part of the name first. In this case, use syslog_ip as the name and not ip_syslog. Allowing ICMP Ping Requests As a further example of setting up IP rules, it can be very useful to allow ICMP Ping requests to flow through the Clavister Security Gateway.
Chapter 4: cOS Core Configuration The IP rule again has the NAT action and this is necessary if the protected local hosts have private IPv4 addresses. The ICMP requests will be sent out from the Clavister Security Gateway with the IP address of the interface connected to the ISP as the source interface. Responding hosts will send back ICMP responses to this single IP and cOS Core will then forward the response to the correct private IPv4 address.
Chapter 4: cOS Core Configuration Logging can now be enabled on this rule with the desired severity. Click the Log Settings tab, and click the Enable logging box. All log messages generated by this rule will be given the selected severity and which will appear in the text of the log messages. It is up to the administrator to choose the severity and depends on how they would like to classify the messages.
Chapter 4: cOS Core Configuration Doing this is described in Section 4.5, “License Installation Methods”.
Chapter 4: cOS Core Configuration 4.4. CLI Setup This chapter describes the setup steps using CLI commands instead of the setup wizard. The CLI is accessible using either one of two methods: • Using an SSH (Secure Shell) client, across a network connection to the IPv4 address 192.168.1.1 on the default management Ethernet interface. The physical network connection setup to the computer running the client is described in Section 4.
Chapter 4: cOS Core Configuration The new username/password combination should be remembered and the password should be composed in a way which makes it difficult to guess. The next step is to return the CLI to the default context which is the top level of object categories. Device:/AdminUsers> cc Device:/> Setting the Date and Time Many cOS Core functions, such as event logging and certificate handling, rely on an accurate date and time.
Chapter 4: cOS Core Configuration Note: Private IPv4 addresses are used for example only Each installation's IP addresses will be different from the example IP addresses but they are used here only to illustrate how setup is done. Also, these addresses are private IPv4 addresses and in reality an ISP would use public IPv4 addresses instead. We first add the gateway IPv4 address object which we will call wan_gw: Device:/> add Address IP4Address wan_gw Address=10.5.4.
Chapter 4: cOS Core Configuration EthernetDevice: AutoSwitchRoute: AutoInterfaceNetworkRoute: AutoDefaultGatewayRoute: ReceiveMulticastTraffic: MemberOfRoutingTable: Comments: 0:G2 1: No Yes Yes Auto All Setting the default gateway on the interface has the additional effect that cOS Core automatically creates a route in the default main routing table that has the network all-nets routed on the interface. This means that we do not need to explicitly create this route.
Chapter 4: cOS Core Configuration Device:/> set DNS DNSServer1=dns1_address Assuming a second IP object called dns2_address has been defined, the second DNS server is specified with: Device:/> set DNS DNSServer2=dns2_address B. DHCP - automatic configuration Alternatively, all required IP addresses can be automatically retrieved from the ISP's DHCP server by enabling DHCP on the interface connected to the ISP.
Chapter 4: cOS Core Configuration source interface and source network (in this example, the network G3_net and interface G3) to flow to the destination network all-nets and the destination interface which is the PPPoE tunnel that has been defined. D. PPTP setup For PPTP connection, first create the PPTP tunnel interface. It is assumed below that we will create a PPTP tunnel object called wan_pptp with the remote endpoint 10.5.4.
Chapter 4: cOS Core Configuration DHCP Server Setup If the Clavister Security Gateway is to act as a DHCP server then this can be set up in the following way: First define an IPv4 address object which has the address range that can be handed out. Here, we will use the IPv4 range 192.168.1.10 - 192.168.1.20 as an example and this will be available on the G3 interface which is connected to the protected internal network G3_net. Device:/> add Address IP4Address dhcp_range Address=192.168.1.10-192.168.1.
Chapter 4: cOS Core Configuration Add an IP rule called allow_ping_outbound to allow ICMP pings to pass: Device:/> add IPRule name=allow_ping_outbound Action=NAT SourceInterface=G3 SourceNetwork=InterfaceAddresses/G3_net DestinationInterface=G2 DestinationNetwork=all-nets Service=ping-outbound The IP rule again has the NAT action and this is necessary if the protected local hosts have private IPv4 addresses.
Chapter 4: cOS Core Configuration 4.5. License Installation Methods Without a valid license installed, cOS Core will run in demo mode (demonstration mode) which means that it will cease to function after two hours of operation. Restarting cOS Core will re-enable cOS Core for another two hours. To remove this 2 hour restriction, a valid license must be installed.
Chapter 4: cOS Core Configuration v. Download a license from the license list to the computer's local disk. vi. The license file is uploaded to the security gateway through the cOS Core Web Interface by going to Status > Maintenance > License and pressing the Upload button to select the license file. Following upload, cOS Core will install the file. Alternatively, the license file can be uploaded using SCP.
Chapter 4: cOS Core Configuration 4.6. Setup Troubleshooting This appendix deals with connection problems that might occur when connecting a management workstation to a Clavister Security Gateway. If the management interface does not respond after the Clavister Security Gateway has powered up and cOS Core has started, there are a number of simple steps to troubleshoot basic connection problems: 1. Check that the correct interface is being used.
Chapter 4: cOS Core Configuration This will display console messages that show all the ARP packets being received on the different interfaces and confirm that the correct cables are connected to the correct interfaces.
Chapter 4: cOS Core Configuration 4.7. Going Further with cOS Core After initial setup is complete, the administrator is ready to go further with configuring cOS Core to suit the requirements of a particular networking scenario. All X8 resources can be downloaded from the X8 product page which can be found at http://www.clavister.com/start.
Chapter 4: cOS Core Configuration Included with the quick start section is a checklist for troubleshooting and advice on how best to deal with the networking complications that can arise with certificates. Log Messages By default, certain events will generate log messages and at least one log server should be configured in cOS Core to capture these messages, although a feature called memlog will capture recent log messages in local cOS Core memory.
Chapter 4: cOS Core Configuration 66
Chapter 5: Resetting to Factory Defaults In some circumstances, it may be necessary to reset the X8 hardware to the state it was in when it left the factory. This is known as a reset to factory defaults. With the X8, a factory reset is only possible via the software boot menu. There is no manual reset button on the hardware itself. The boot menu can only be accessed through the local CLI console after the X8 is powered up and can be entered by pressing any console key before cOS Core has fully started.
Chapter 5: Resetting to Factory Defaults Warning: Current configuration and cOS Core upgrades are lost The factory defaults will include the default configuration and the original version of cOS Core that the product left the factory with. This means: • The current cOS Core configuration will be lost but can be restored if a backup is available. • Any cOS Core upgrades that have been performed since the product left the factory will be lost. An upgrade to a newer cOS Core version must be repeated.
Chapter 6: Warranty Service Limitation of Warranty Clavister warrants to the customer of the X8 Appliance that the Hardware components will be free from defects in material and workmanship under normal use for a period of two (2) years from the Start Date (as defined below).
Chapter 6: Warranty Service Clavister AB Sjögatan 6J 891 60 Örnsköldsvik SWEDEN If the product has not yet been registered with the Clavister through its client web, a proof of purchase (such as a copy of the dated purchase invoice) must be provided with the shipped product. Important: An RMA Number must be obtained before shipping! Any package returned to Clavister without an RMA number will be rejected and shipped back to the Purchaser at the Purchaser's expense.
Chapter 7: Safety Precautions Safety Precautions Clavister X8 devices are Safety Class I products and have protective ground terminals. There must be an uninterrupted safety earth ground from the main power source to the product’s input wiring terminals, power cord, or supplied power cord set. Whenever it is likely that the protection has been impaired, disconnect the power cord until the ground has been restored.
Chapter 7: Safety Precautions Informations concernant la sécurité Cet appareil est un produit de classe I et possède une borne de mise à la terre. La source d’alimentation principale doit être munie d’une prise de terre de sécurité installée aux bornes du câblage d’entree, sur le cordon d’alimentation ou le cordon de raccordement fourni avec le produit. Lorsque cette protection semble avoir été endommagée, débrancher le cordon d’alimentation jusqu’à ce que la mise à la terre ait été réparée.
Chapter 7: Safety Precautions • se la vostra LAN copre un’area servita da più di un sistema di distribuzione elettrica, accertatevi che i collegamenti a terra di sicurezza siano ben collegati fra loro; • i cavi LAN possono occasionalmente andare soggetti a pericolose tensioni transitorie (ad esempio, provocate da lampi o disturbi nella griglia d’alimentazione della società elettrica); siate cauti nel toccare parti esposte in metallo della rete.
Appendix A: X8 Specifications Dimensions, Weight and MTBF Height x Width x Depth (mm) 170 x 60 x 126 (without DIN) Height x Width x Depth (mm) 170 x 60 x 147 (with DIN) Hardware Weight 1.2 kg Packaged Weight 2.
Appendix B: Declarations of Conformity 75
Appendix B: Declarations of Conformity 76
Appendix C: Windows XP IP Setup If a PC running Microsoft XP™ is being used as the cOS Core management workstation, the computer's Ethernet interface connected to the Clavister Security Gateway must be configured with an IPv4 address which belongs to the network 192.168.1.0/24 and is different from the security gateway's address of 192.168.1.1. The IPv4 address 192.168.1.30 will be used for this purpose and the steps to set this up with Windows XP are as follows: 1. Click the Start button. 2.
Appendix C: Windows XP IP Setup Note: DNS addresses can be entered later To browse the Internet from the management workstation via the security gateway, it is possible to go back to the last step's properties dialog later and enter DNS server IP addresses. For now, they are not required.
Appendix D: Windows Vista IP Setup If a PC running Microsoft Vista™ is being used as the cOS Core management workstation, the computer's Ethernet interface connected to the Clavister Security Gateway must be configured with an IPv4 address which belongs to the network 192.168.1.0/24 and is different from the security gateway's address of 192.168.1.1. The IPv4 address 192.168.1.30 will be used for this purpose and the steps to set this up with Vista are as follows: 1. Press the Windows Start button. 2.
Appendix D: Windows Vista IP Setup Select and display the properties for Internet Protocol Version 4 (TCP/IPv4). 7. In the properties dialog, select the option Use the following IP address and enter the following values: • IP Address: 192.168.1.30 • Subnet mask: 255.255.255.0 • Default gateway: 192.168.1.1 DNS addresses can be entered later once Internet access is established. 8. Click OK to close this dialog and close all the other dialogs opened since step (1).
Appendix E: Windows 7 IP Setup If a PC running Microsoft Windows 7™ is being used as the cOS Core management workstation, the computer's Ethernet interface connected to the Clavister Security Gateway must be configured with an IPv4 address which belongs to the network 192.168.1.0/24 and is different from the security gateway's address of 192.168.1.1. The IPv4 address 192.168.1.30 will be used for this purpose and the steps to set this up with Windows 7 are as follows: 1. Press the Windows Start button. 2.
Appendix E: Windows 7 IP Setup Select and display the properties for Internet Protocol Version 4 (TCP/IPv4). 7. In the properties dialog, select the option Use the following IP address and enter the following values: • IP Address: 192.168.1.30 • Subnet mask: 255.255.255.0 • Default gateway: 192.168.1.1 DNS addresses can be entered later once Internet access is established. 8. Click OK to close this dialog and close all the other dialogs opened since step (1).
Appendix F: Windows 8 IP Setup If a PC running Microsoft Windows 7 is being used as the cOS Core management workstation, the computer's Ethernet interface connected to the Clavister Security Gateway must be configured with an IPv4 address which belongs to the network 192.168.1.0/24 and is different from the security gateway's address of 192.168.1.1. The IPv4 address 192.168.1.30 will be used for this purpose and the steps to set this up with Windows 7 are as follows: 1. Open the Windows 8 Control Panel.
Appendix F: Windows 8 IP Setup 6. The properties for the selected interface will appear. Select and display the properties for Internet Protocol Version 4 (TCP/IPv4). 7. In the properties dialog, select the option Use the following IP address and enter the following values: • IP Address: 192.168.1.30 • Subnet mask: 255.255.255.0 • Default gateway: 192.168.1.1 DNS addresses can be entered later once Internet access is established. 8.
Appendix G: Apple Mac IP Setup An Apple Mac can be used as the management workstation for initial setup of a Clavister Security Gateway. To do this, a selected Ethernet interface on the Mac must be configured correctly with a static IP. The setup steps for this with Mac OS X are: 1. Go to the Apple Menu and select System Preferences. 2. Click on Network. 3. Select Ethernet from the left sidebar menu. 4. Select Manually in the Configure pull down menu.
Appendix G: Apple Mac IP Setup 5. 6. Now set the following values: • IP Address: 192.168.1.30 • Subnet Mask: 255.255.255.0 • Router: 192.168.1.1 Click Apply to complete the static IP setup.
Clavister AB Sjögatan 6J SE-89160 Örnsköldsvik SWEDEN Phone: +46-660-299200 www.clavister.