1 / 61

StoneBeat™ FullCluster Labs Installation Files

StoneBeat™ FullCluster Labs Installation Files. Lab. Installation Files on Windows NT:. Create installation folders: C:InstallSbfc C:InstallSbgui Use WinZip to unzip files to installation folders: CDROM:sbfc_fw1_20<br>tsbfc_xxx.zip to folder c:installsbfc

barb
Download Presentation

StoneBeat™ FullCluster Labs Installation Files

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. StoneBeat™ FullCluster LabsInstallation Files Lab

  2. Installation Files on Windows NT: • Create installation folders: • C:\Install\Sbfc • C:\Install\Sbgui • Use WinZip to unzip files to installation folders: • CDROM:\sbfc_fw1_20\nt\sbfc_xxx.zip to folder c:\install\sbfc • CDROM:\sbgui_42\nt\sbgui_xxx.zip to folder c:\install\sbgui

  3. Installation Files on Solaris: • Create installation folder: • mkdir /install • Copy files from the cdrom to the installation folder: • cp /cdrom/cdrom0/sbfc_fw1_20/solaris/sbfc_xxx.gz /install • cp /cdrom/cdrom0/sbgui_42/solaris/sbgui_xxx.gz /install • Unzip files: • /cdrom/cdrom0/Zip/gunzip.bin /install/sbfc_xxx.gz • /cdrom/cdrom0/Zip/gunzip.bin /install/sbgui_xxx.gz • Untar files: • tar xvf /install/sbfc_xxx • tar xvf /install/sbgui_xxx

  4. StoneBeat™ FullCluster LabsNetwork Topology Lab

  5. StoneBeat FullCluster Lab Network Topology Site #1 FTP-SERVER 204.32.38.254 204.32.38.101 204.32.38.1 204.32.38.102 204.32.38.1 SBFC101 192.168.1.101 SBFC102 192.168.1.102 10.0.1.110.0.1.101 10.0.1.1 10.0.1.102 FTP-CLIENT1 10.0.1.254

  6. Site #1: /etc/hosts 127.0.0.1 localhost #Ftp-server for all the sites 204.32.38.254 ftp-server #Site 1 192.168.1.101 sbfc101 #Control 192.168.1.102 sbfc102 204.32.38.1 site1-external #External 204.32.38.101 sbfc101-external 204.32.38.102 sbfc102-external 10.0.1.1 site1-internal #Internal 10.0.1.101 sbfc101-internal 10.0.1.102 sbfc102-internal 10.0.1.254 ftp-client1 #Ftp-client

  7. StoneBeat FullCluster Lab Network Topology Site #2 FTP-SERVER 204.32.38.254 204.32.38.103 204.32.38.2 204.32.38.104 204.32.38.2 SBFC103 192.168.1.103 SBFC104 192.168.1.104 10.0.2.110.0.2.103 10.0.2.1 10.0.2.104 FTP-CLIENT2 10.0.2.254

  8. Site #2: /etc/hosts 127.0.0.1 localhost #Ftp-server for all the sites 204.32.38.254 ftp-server #Site 2 192.168.1.103 sbfc103 #Control 192.168.1.104 sbfc104 204.32.38.2 site1-external #External 204.32.38.103 sbfc103-external 204.32.38.104 sbfc104-external 10.0.2.1 site1-internal #Internal 10.0.2.103 sbfc103-internal 10.0.2.104 sbfc104-internal 10.0.2.254 ftp-client2 #Ftp-client

  9. StoneBeat FullCluster Lab Network Topology Site #3 FTP-SERVER 204.32.38.254 204.32.38.105 204.32.38.3 204.32.38.106 204.32.38.3 SBFC105 192.168.1.105 SBFC106 192.168.1.106 10.0.3.110.0.3.105 10.0.3.1 10.0.3.106 FTP-CLIENT3 10.0.3.254

  10. Site #3: /etc/hosts 127.0.0.1 localhost #Ftp-server for all the sites 204.32.38.254 ftp-server #Site 3 192.168.1.105 sbfc105 #Control 192.168.1.106 sbfc106 204.32.38.3 site3-external #External 204.32.38.105 sbfc105-external 204.32.38.106 sbfc106-external 10.0.3.1 site3-internal #Internal 10.0.3.105 sbfc105-internal 10.0.3.106 sbfc106-internal 10.0.3.254 ftp-client3 #Ftp-client

  11. StoneBeat FullCluster Lab Network Topology Site #4 FTP-SERVER 204.32.38.254 204.32.38.107 204.32.38.4 204.32.38.108 204.32.38.4 SBFC107 192.168.1.107 SBFC108 192.168.1.108 10.0.4.110.0.4.107 10.0.4.1 10.0.4.108 FTP-CLIENT4 10.0.4.254

  12. Site #4: /etc/hosts 127.0.0.1 localhost #Ftp-server for all the sites 204.32.38.254 ftp-server #Site 4 192.168.1.107 sbfc107 #Control 192.168.1.108 sbfc108 204.32.38.4 site4-external #External 204.32.38.107 sbfc107-external 204.32.38.108 sbfc108-external 10.0.4.1 site4-internal #Internal 10.0.4.107 sbfc107-internal 10.0.4.108 sbfc108-internal 10.0.4.254 ftp-client4 #Ftp-client

  13. StoneBeat™ FullCluster LabInstallation on Sun Solaris(FireWall-1) Lab

  14. Installation: Step 1 - Operating System • Install Solaris 7 - DONE  • Install Solaris 7 suggested patches - DONE  • Check the hostname - DONE  • Check the /etc/hosts and /etc/netmasks files - DONE  • Configure the Control Interfaces - DONE  • Connect the Control Network Cables - DONE 

  15. Installation: Step 2 - FireWall-1 • Install FireWall-1 4.1 - DONE  • Install FireWall-1 Policy - DONE  • Check the /.profile - DONE  • Configure Operative Interfaces • Edit /etc/hostname.qfe files:qfe0 External Dedicated IP: 204.32.38.yyy/255.255.255.0qfe0:1 External Cluster IP: 204.32.38.x/255.255.255.0qfe1 Internal Dedicated IP: 10.0.x.yyy/255.255.255.0qfe1:1 Internal Cluster IP: 10.0.x.1/255.255.255.0 • Delete the directly connected route from the alias interface/etc/rc3.d/S99staticroutes: route delete net 204.32.38.0 204.32.38.x route delete net 10.0.x.0 10.0.x.1 • x=site number, yyy=node number and zzz=partner node number

  16. Installation: Step 2 - FireWall-1 • Enable FireWall-1 Synchronization • Edit $FWDIR/conf/sync.conf192.168.1.zzz • $FWDIR/bin/fwstop • $FWDIR/bin/fw putkey 192.168.1.zzz • $FWDIR/bin/fwstart • Edit /etc/fw.boot/ifdev • Add row: sbif accept • Reboot

  17. Installation: Step 3 - FullCluster • Install FullCluster • cd /install • pkgadd -d . • Choose all packages: SBFCbase, SBFCconf, SBFCdrv,SBFCgui, SBFCmod and SBFCsnmp • Create the SBFCHOME environment variable • Edit /.profile:SBFCHOME=/opt/fullclusterPATH=$SBFCHOME/bin:$PATHexport PATH SBFCHOME • Use Web Configuration GUI Wizard: • hotjava http://localhost:3003/install/ • $SBFCHOME/bin/sbfcwebconfig install

  18. Installation: Step 3 - FullCluster node #2

  19. Installation: Step 3 - FullCluster node #2 #reboot

  20. Installation: Step 3 - FullCluster node #1

  21. Installation: Step 3 - FullCluster node #1 • How many nodes: 2 • How many operative interfaces: 2 • Configuration type: multicast • Heartbeat IP addresses: 192.168.1.yyy and 192.168.1.zzz • Cluster mode: balancing • Is this machine FireWall-1 management station: Yes • Username: fwadmin • Password: password • Policy name: Standard • Remember to download and rename the GUI certificate files to • /install/guikey.pem and /install/guicerts.pem • Check the node.conf file!

  22. Installation: Step 3 - FullCluster node #1 #reboot

  23. Installation: Step 4 - StoneBeat GUI • Install StoneBeat GUI version 4.2 • pkgadd -d /install/SBFCgui - DONE  • Copy Key and Certificate Files:From /install/gui*.pem to /stonebeat/etc

  24. Installation: Step 4 - StoneBeat GUI • Create and connect a new FullCluster Site • Run: /opt/stonebeat/gui/bin/sbgui • Select: Site->New->FullCluster • Enter Site Name and Password • Enter ID, Hostname, IP address and SSL port (3002) • Retrieve • Select: Site->Connect

  25. Installation: Step 5 - Testing • Connect the Operative Network Cables • Configure Ftp-Server • Control Panel->Network->Protocols->TCP/IP Protocol->Properties • IP Address 204.32.38.254/255.255.255.0 • Add routes to internal networks: 10.0.x.0 • Configure Ftp-Client • Control Panel->Network->Protocols->TCP/IP Protocol->Properties • IP Address 10.0.x.254/255.255.0.0 - Default Gateway: 10.0.x.1 • Test Programs in Ftp-Client • Run: \\ftp-server\avi\forest.avi • Run: telnet ftp-server 19 • Run: ftp ftp-server (configure filter.conf)

  26. Installation: Additional Step 6 • Install StoneBeat GUI in FTP-Client • Create installation folder: • C:\Install\Sbgui • Use WinZip to unzip files to installation folder: • CDROM:\sbgui_42\nt\sbgui_xxx.zip to folder c:\install\sbgui • Install StoneBeat GUI • Run from C:\Install\Sbgui\Setup.exe • Copy Key and Certificate Files • Run: Start->Programs->StoneBeat->StoneBeat GUI • Create and connect a new FullCluster Site

  27. StoneBeat™ FullCluster LabInstallation on Windows NT(FireWall-1) Lab

  28. Installation: Step 1 - Operating System • Install WindowsNT 4.0 Server - DONE  • Install the network - DONE  • Only TCP/IP Protocol • Only SNMP Service • Enable IP Forwarding • Install WindowsNT 4.0 Service Pack 6a - DONE  • Check the Computer name and the Hosts file - DONE  • Configure the Control Interfaces - DONE  • Connect the Control Network Cables - DONE 

  29. Installation: Step 2 - FireWall-1 • Install FireWall-1 4.1 - DONE  • Install FireWall-1 Policy - DONE  • Configure Operative Interfaces • Do you want to install Windows NT Networking now? NO • Control Panel->Network->->Protocols->TCP/IP Protocol->Properties->AdvancedExternal Dedicated IP: 204.32.38.yyy/255.255.255.0External Cluster IP: 204.32.38.x/255.255.255.0 (alias)Internal Dedicated IP: 10.0.0.yyy/255.255.255.0 Internal Cluster IP: 10.0.x.1/255.255.255.0 (alias) • x=site number, yyy=node number and zzz=partner node number

  30. Installation: Step 2 - FireWall-1 • Enable FireWall-1 Synchronization • Edit %FWDIR%\conf\sync.conf192.168.1.zzz • %FWDIR%\bin\fwstop • %FWDIR%\bin\fw putkey 192.168.1.zzz • %FWDIR%\bin\fwstart

  31. Installation: Step 3 - FullCluster • Install FullCluster Driver • Control Panel->Network->Protocols • Add StoneBeat Driver from C:\Install\Sbfc • Reboot • Install FullCluster Module • Run from C:\Install\Sbfc\Setup.exe • Use SNMP Agent • Destination Folder: C:\Program Files\FullCluster • Use WEB Configuration GUI wizard:The browser will be started automatically

  32. Installation: Step 3 - FullCluster node #2

  33. Installation: Step 3 - FullCluster node #2

  34. Installation: Step 3 - FullCluster node #1

  35. Installation: Step 3 - FullCluster node #1 • How many nodes: 2 • How many operative interfaces: 2 • Configuration type: multicast • Heartbeat IP addresses: 192.168.1.yyy and 192.168.1.zzz • Cluster mode: balancing • Is this machine FireWall-1 management station: Yes • Username: fwadmin • Password: password • Policy name: Standard • Remember to download and rename the GUI certificate files to • C:\Install\guikey.pem and C:\install\guicerts.pem • Check the node.conf file!

  36. Installation: Step 3 - FullCluster node #1

  37. Installation: Step 4 - StoneBeat GUI • Install StoneBeat GUI version 4.2 • Run from C:\Install\Sbgui\Setup.exe • Destination Folder: C:\Program Files\StoneBeat • Program Folder: Start->Programs->StoneBeat • Copy Key and Certificate Files:From C:\Install\gui*.pem to C:\StoneBeat\etc

  38. Installation: Step 4 - StoneBeat GUI • Create and connect a new FullCluster Site • Run: Start->Programs->StoneBeat->StoneBeat GUI • Select: Site->New->FullCluster • Enter Site Name and Password • Enter ID, Hostname, IP address and SSL port (3002) • Retrieve • Select: Site->Connect

  39. Installation: Step 5 - Testing • Connect the Operative Network Cables • Configure Ftp-Server • Control Panel->Network->Protocols->TCP/IP Protocol->Properties • IP Address 204.32.38.254/255.255.255.0 • Add routes to internal networks: 10.0.x.0 • Configure Ftp-Client • Control Panel->Network->Protocols->TCP/IP Protocol->Properties • IP Address 10.0.x.254/255.255.0.0 - Default Gateway: 10.0.x.1 • Test Programs in Ftp-Client • Run: \\ftp-server\avi\forest.avi • Run: telnet ftp-server 19 • Run: ftp ftp-server (configure filter.conf)

  40. Installation: Additional Step 6 • Install StoneBeat GUI in FTP-Client • Create installation folder: • C:\Install\Sbgui • Use WinZip to unzip files to installation folder: • CDROM:\sbgui_42\nt\sbgui_xxx.zip to folder c:\install\sbgui • Install StoneBeat GUI • Run from C:\Install\Sbgui\Setup.exe • Copy Key and Certificate Files • Run: Start->Programs->StoneBeat->StoneBeat GUI • Create and connect a new FullCluster Site

  41. StoneBeat™ FullCluster LabFilter.conf settings Lab

  42. Filter.conf settings • Configure in filter.conf • Tunnel statement • Hide NAT statement • Ignore port statement for FTP • Note! • Edit filter.conf in all nodes • Reread configuration files

  43. StoneBeat™ FullCluster LabFetching NAT rules(FireWall-1) Lab

  44. Fetching NAT rules • Create a simple NAT rule in your FireWall-1 rule base • Fetch NAT rules using FullCluster Web Configuration GUI • Check the filter-nat.conf file!

  45. StoneBeat™ FullCluster LabTest Subsystem Lab

  46. Test Subsystem • Configure a multiping test that commands node to offline in case of failure for external unicast addresses 204.32.38.254 • Test multi-ping (configure filter.conf) • Edit $SBFCHOME/etc/checklist:multiping 30 online offline 2 1000 multi-ping 204.32.38.254 • sbfc reconfigure • sbfc restart • disconnect cable from external interface (blue)

  47. Test Subsystem • Test firewall functionality with • fw-module-running (Check Point’s FireWall-1) • servicerunning (Network Associate’s Gauntletand Axent’s Raptor) • Test fw-module-running • Edit $SBFCHOME/etc/checklist:firewall-module-on 60 online offline 1 1 fw-module-running • sbfc reconfigure • sbfc restart • fwstop

  48. StoneBeat™ FullCluster LabManagement GUI and sbfc Command Line Interface Lab

  49. GUI and Command Line Interface • Try do following things on both StoneBeat GUI and command line interface • Command one node first to offline state and to online state • Restart all nodes • Check the status of FullCluster site

  50. StoneBeat™ FullCluster LabTen problems Lab

More Related