310 likes | 404 Views
Implementation Training. Initial Configuration: Connecting the appliance. Power on the hardware appliance . Plug cable into Green network port of the appliance.
E N D
Initial Configuration: Connecting the appliance • Power on the hardware appliance. • Plug cable into Green network port of the appliance. The Green (LAN) interface for every hardware unit is always Ethernet port 1. You can always use this port to initially access and configure the device via the web interface. Default IP address of Green (LAN) interface is always 192.168.0.15. Make sure that there is no other machine in the network using this same IP address already before switching on the appliance, otherwise disconnect that machine from the network. Connect a computer to the Green (LAN) interface via patch cable (for a switch connection) or crossover cable (for a direct connect).
Initial Configuration: Access GatedefendereSeries • Manually configure a local IP on your PC in the 192.168.0.x/24 range. • Access the web interface of GD eSeries on https://192.168.0.15:10443 (or http://192.168.0.15 which will redirect).
Initial Configuration: InitialConfiguration • Use the initial configuration wizard to setup the essentials of the device • Set the Language & Timezone
InitialConfiguration • Accept the License Agreement
InitialConfiguration • Restore from Backup. This option allows you to restore a previous backup configuration to the device. If you have one and want to use it, then select Yes and choose the backup file (.tgz); otherwise, you can select No and click the Forward button to continue. • Set Web / SSH Passwords. Using strong secure passwords is recommended
InitialConfiguration • GateDefendereSeriescoloured network schema. GREEN local network (LAN) This is the safe area where your trustedcomputers are located. ORANGE network for servers connected to the Internet (DMZ) It is meant for the servers that have to provide services on RED (Internet). This way, even if the security of one of these servers has been compromised, the GREEN area will remain safe. RED externalnetwork (WAN) Usually this is the interface connectedtothe Internet. BLUE wireless network This can be used for your wireless network and is the default network for the Panda Hotspot feature. This kind of network is usually not as safe as a wiredone.
InitialConfiguration • GateDefendereSeries Network configuration modes: Router Mode In Router mode you will be able to fully manage different network zones through eSeries and implement routing between them. Gateway Mode In Gateway mode you will be able to intercept traffic between multiple physical interfaces in the same network zone without the need of any routing mechanism.
InitialConfiguration: RouterConfigurationMode • Choose the conection type of your primary WAN interface, in this case Gateway
InitialConfiguration: RouterConfigurationMode • Add Network Zones The next option will allow you to select any additional network zone you wish to have configured on your GD eSeriesappliance. The available options will depend on the total number of available Ethernet NIC's on the device. Your options could include adding the Blue zone (Wifi) or Orange zone (DMZ) or both. Click the Forward button to continue.
InitialConfiguration: RouterConfigurationMode • Configure GREEN Zone IP address It’s recommended to always use RFC 1918 Private IP address subnets when configuring the internal network zones of the GD eSeries: Green, Orange, Blue. Official RFC1918 Private LAN Address Networks: 10.0.0.0/8 (255.0.0.0) 172.16.0.0/12 (255.240.0.0) 192.168.0.0/16 (255.255.0.0)
InitialConfiguration: RouterConfigurationMode • Configure the RED zone Now you can configure the Red (WAN) interface according to your ISP connection type (as selected during Step 1). The configuration is identical to the previous step where you must configure the IP, subnet, and gateway (if necessary), select the appropriate physical interface to use for the Red (WAN) connection, and fill out any other ISP connection specific fields.
InitialConfiguration: RouterConfigurationMode • Configure DNS This option is only required if you are not using some form of DHCP for your Red (WAN) connection. You should fill in your ISP-provided or preferred public DNS servers in these fields. Click the Forward button to continue.
InitialConfiguration: RouterConfigurationMode • Setup Email Information (Optional) Here you can provide the administrator (recipient) email account along with the GD eSeries (sender) address you want to use for notifications. Also you may specify the address of an email smarthostif you require one. Click the Forward button to continue.
InitialConfiguration: RouterConfigurationMode • Apply Configuration • The last step is to apply the configuration to the device. • Keep in mind, the changes you made may take up to 20 seconds to be fully applied to the device and for dependent services to be restarted so this may impact any internal device(s) ability to access the device or pass traffic through it. You must access the administration interface of the GD eSeriesdevice using the new IP settings either manually or using the link provided in the Web UI.
InitialConfiguration: Gateway ConfigurationMode • Choose the conection type of your primary WAN interface, in this case “Gateway”
InitialConfiguration: Gateway ConfigurationMode • Add Network Zones The next option will allow you to select any additional network zone you wish to have configured on your GD eSeriesappliance. The available options will depend on the total number of available Ethernet NIC's on the device. Your options could include adding the Blue zone (Wifi) or Orange zone (DMZ) or both. Click the Forward button to continue.
InitialConfiguration: Gateway ConfigurationMode • Configure GREEN Zone with two interfaces A network zone with multiple network interfaces will act as a “bridge” and simulate the behavior of a switch.
InitialConfiguration: Gateway ConfigurationMode • Configure the Internet Gateway as if you were configuring any GREEN Zone client This option will allow you to deploy the GD eSeriesinto a network using the Green (LAN) interface as your primary network connection and using an existing default gateway that lives within the Green network.
InitialConfiguration: Gateway ConfigurationMode • Configure DNS In this case you should fill in your primary and secondary DNS servers in these fields.
InitialConfiguration: Gateway ConfigurationMode • Setup Email Information (Optional) Here you can provide the administrator (recipient) email account along with the GD eSeries (sender) address you want to use for notifications. Also you may specify the address of an email smarthost if you require one. Click the Forward button to continue.
InitialConfiguration: Gateway ConfigurationMode • Apply Configuration • The last step is to apply the configuration to the device. • Keep in mind, the changes you made may take up to 20 seconds to be fully applied to the device and for dependent services to be restarted so this may impact any internal device(s) ability to access the device or pass traffic through it. You must access the administration interface of the GD eSeriesdevice using the new IP settings either manually or using the link provided in the Web UI.
InitialConfiguration: ConsoleAccess • To use the local console plug a monitor to the VGA port of the appliance and a keyboard to USB port. • You can check the management URL and the Green (zone) IP address • You can choose Option #0 “Shell” • You can choose Option #1 “Reboot” • You can choose Option #2 “Change Root Password” from the menu. • You can choose Option #3 “Change Admin Password” from the menu. • If you forgot both Web and CLI/Console passwords you will need to reset to factory defaults by choosing Option #4 “Restore Factory Defaults” from the menu.
Panda Perimetral Management Consoleregistration
InitialConfiguration: Panda Perimetral Management Consoleregistration • Registering a device for the very first time is a two-step process: (1) Create user account on Perimetral management console using provided activation code. (2) Register your GD eSeriesdevice. Once this is done you can register all subsequent devices using your existing Perimetral management console account information.
InitialConfiguration: Panda Perimetral Management Consoleregistration • Enter the activation code created • Enter the following information • Company: INNET CustomerID • Login: INNET Login • Password: INNET Password • Account Description: Company Name
InitialConfiguration: RegisterGateDefendereSeriesdevice • Enter the following information: • Account credentials previously created • Enter the activation code • Enter the additional relevant information