HP ProCurve Services zl Module Firewall ZL1 Installation and Getting Started Guide www.procurve.com www.vantronix.com Version 1.
© Copyright 2008 Hewlett-Packard Development Company, L.P. © Copyright 2008 .vantronix | secure systems GmbH Software Credits and Notices SSL on HP ProCurve Switches is based on the OpenSSL software toolkit. This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. For more information on OpenSSL, visit www.openssl.org. Open Source Software Acknowledgement This software incorporates open source components that are governed by the GNU General Public License (GPL).
Table of Contents Overview..................................................................................................................................................... 4 Step-by-step instructions ...................................................................................................................... 4 1. Install the Services zl Module hardware.................................................................................... 4 2.
Overview The HP ProCurve Services zl Module is shipped from the factory ready for the .vantronix Firewall ZL1 software image to be downloaded and installed. It does not have any specific application software or an application-related operating system already installed. Instead, a resident Service OS provides the ability to download, install and activate a complete operating system image that includes the Firewall ZL1 application.
Next, install the Services zl Module following directions and safety precautions in the HP ProCurve Services zl Module Installation and Getting Started Guide. Verify the module is installed successfully. When the module is installed, it undergoes a self test that takes a few seconds. The LEDs on the front panel of the module help determine if the module has passed the self test. For more information, see the HP ProCurve Services zl Module Installation and Getting Started Guide. 2.
Insert the USB flash drive with the Firewall ZL1 image into the USB slot on the front of the Services zl Module. IMPORTANT: The USB flash drive must be inserted into the USB slot on the front of the Services zl Module, NOT into the USB slot on the switch chassis.
is the IP address of the FTP server to which the product image directory was copied, and is the optional login ID for the FTP server (enter this login ID only if it’s required for FTP server login). 3.
Module. For instructions on how to install the license key, see the HP ProCurve Services zl Module Installation and Getting Started Guide. The following commands install the license key on the Services zl Module: ProCurve# services b 1 ProCurve(services-module-B:HD)# licenses install activation SG0000GG000-A0123456-ABCDEFG-0123456-ABCDEFG ProCurve(services-module-B:HD)# boot product Changing boot from Service OS to Product OS. System will be rebooted.
5. Access the Firewall ZL1 CLI Type "services" in the switch CLI to list the services installed on the Services zl Module: ProCurve# services Installed Services Slot Index Description B 1. Services Module B 2. .vantronix Firewall ZL1 Name services-module firewall-module The Firewall ZL1 service is now activated in Slot B at index 2 and has the name Firewall ZL1.
The VLAN configuration in the switch can be seen using: ProCurve# show vlans Status and Counters – VLAN Information Maximum VLANs to support : 256 Primary VLAN : DEFAULT_VLAN Management VLAN : VLAN ID ------1 123 Name -------------------DEFAULT_VLAN VLAN_123 | + | | Status ---------Port-based Port-based Voice ----No No Jumbo ----No No For this example, the ports assigned to the default VLAN can be seen using: ProCurve# show vlan 1 Status and Counters – VLAN Information – VLAN 1 VLAN ID : 1 N
7. Install the Firewall ZL1 .vantronix license key An additional license from .vantronix is required to enable the product functionality. It is important to distinguish between the ProCurve ONE activation key to install the product image and the .vantronix license key to register and unlock the vendor product. Please register at https://my.vantronix.com/ or contact .vantronix support and submit the hardware key including product name to request a valid license key.
The first step is to change the login password. The default password of the “manager” user is “admin” and should be changed after installation with the following command: ProCurve(firewall-module-B:config)# user password Changing local password for manager. New password: xxxxxxxx Retype new password: xxxxxxxx Configure an initial IPv4 or IPv6 address to access to module over the network. The internal ports of t he module appear as ix0 and ix1 on the Firewall ZL1.
ix1 vlan123 vlan123 fe80:.../64 fe80:.../64 192.168.1.2/24 ProCurve(firewall-module-B)# show time % Current date and time: Wed Jan 14 12:07:18 CET 2009 ProCurve(firewall-module-B)# show ... (list of more show commands) ... 8. Access the Firewall ZL1 Web interface The Firewall ZL1 provides a secure SSL-based Web interface. It is required to generate a new SSL certificate before activating the Web interface for the first time.
You can also access the Firewall ZL1 Web interface by clicking on the [Details] link associated with the Services zl Module on the Device View of the ProCurve switch web management interface.
9. Configure Firewall ZL1 using the Web interface Use the Firewall ZL1 web interface to configure basic operation. Log in with the user “manager” and the password that was configured on the CLI before (the default password is “admin”): 10. Installing the .vantronix Firewall Manager The .vantronix Firewall Manager is the extended graphical user interface of the Firewall ZL1. It is runs as an add-on for the open source Mozilla Firefox web browser. Please visit http://www.mozilla.
After successful installation, the Firewall Manager will appear with a small red .vantronix logo in the lower right corner of the browser window and in the “Tools -> .vantronix | Firewall Manager” menu. 11. Rebooting the Services zl Module Rebooting should not normally be required and can potentially result in data loss.
12. Technical Support The Services zl Module is a hardware platform that allows application vendors to make minor changes in their existing application software to run in a switch chassis. With a wide variety of applications available from several vendors, HP is committed to providing an "initial point of contact" for technical support. During this process, HP will verify the installation, configuration, activation licensing, and warranty claims on the Services zl Module.
