Clavister Eagle E5 Spécifications

Clavister Eagle E5Getting Started GuideClavister ABSjögatan 6JSE-89160 ÖrnsköldsvikSWEDENPhone: +46-660-299200www.clavister.comPublished 2015-04-07Cop

• The top-left flashes green to indicate data traffic.• The top-right light is green if the link is 10 or 100 Mb.• The top-right light is amber if the

Chapter 1: E5 Product Overview11

Chapter 2: Registering with ClavisterBefore applying power to the E5 and starting cOS Core, it is important to understand the thecustomer and product

2. The customer login page is presented. It is assumed that a new customer is accessing thesite for the first time so they should press the Register b

5. Below is an example of the email that John Smith would receive.6. When the confirmation link in the email is clicked, the new customer is taken to

B. Registration of the E5 Hardware UnitThese steps describe manual registration of the E5 hardware unit.Alternatively, if the E5 is connected to the I

The image above shows an example label which illustrates the typical layout of identificationlabels found on Clavister hardware products.After Success

Chapter 3: E5 Installation• General Installation Guidelines, page 17• Flat Surface Installation, page 19• Rack Mounting, page 20• Local Console Port C

A third party surge protection device should be considered and is strongly recommended asa means to prevent electrical surges reaching the appliance.

3.2. Flat Surface InstallationThe E5 can be mounted on any appropriate stable, flat, level surface that can safely support theweight of the appliance

Clavister Eagle E5Getting Started GuidePublished 2015-04-07Copyright © 2015 Clavister ABCopyright NoticeThis publication, including all photographs, i

3.3. Rack MountingA Rack Mount Kit is supplied with the E5 for mounting the product in a 19-inch rack. Includedwith the kit is the following:• 2 x sid

Repeat this for each side of the E5 so the brackets are mounted as shown below.The E5 is now ready to be rack mounted. No rear support is required.Cha

3.4. Local Console Port ConnectionThe local console port is the physical RJ45 RS-232 port on the far right-hand side front panel ofthe E5.Figure 3.1.

i. 9600 bps.ii. No parity.iii. 8 bits.iv. 1 stop bit.v. No flow control.• An RS-232 cable with appropriate terminating connectors.Connection StepsTo c

3.5. Connecting PowerThis section describes connecting power. The E5 has a single internal 12V/2.5A AC to DC poweradaptor. As soon as power is applied

Chapter 3: E5 Installation25

Chapter 4: cOS Core Configuration• Management Workstation Connection, page 26• Web Interface and Wizard Setup, page 29• Manual Web Interface Setup, pa

• Through a web browser.A standard web browser running on a standalone computer (also referred to as themanagement workstation) can be used to access

For connection to the public Internet, another E5 Ethernet interface should be connected to anISP and this is referred to in the setup wizard as the W

4.2. Web Interface and Wizard SetupThis chapter describes the setup when accessing cOS Core for the first time through a webbrowser. The user interfac

Table of ContentsPreface ... 51. E5 Produ

It is possible to configure cOS Core to use a CA signed certificate instead of self-signed certificatefor the management login and doing this is descr

the Clavister Security Gateway is being used in Transparent Mode between two internal networks,then the configuration setup is best done with manual W

Wizard step 3: Select the WAN interfaceNext, you will be asked for the WAN interface that will be used to connect to an ISP for Internetaccess.Wizard

These four different connection options are discussed next in the subsections 4A to 4D thatfollow.• 4A. Static - manual configurationInformation suppl

DNS servers are set automatically after connection with PPPoE.• 4D. PPTP settingsThe username and password supplied by an ISP for PPTP connection shou

Wizard step 6: Helper server settingsOptional NTP and Syslog servers can be enabled here in the wizard or configured later. NetworkTime Protocol serve

Wizard step 7: Activate setupThe final step for the configuration is to save and activate it by pressing the Activate button. Afterthis step the Web I

4.3. Manual Web Interface SetupThis section describes initial cOS Core configuration performed directly through the WebInterface, without using the se

Important: The time server URL requires the "dns:" prefixWhen specifying a URL in cOS Core for the time server, it must have the prefix &quo

Reconfiguration is a process that the cOS Core administrator may initiate often. Normally,reconfiguration takes a brief amount of time and causes only

List of Figures1.1. An Unpacked Clavister E5 Appliance ... 71.2. Clavister E5 Connectio

The initial step is to set up a number of IPv4 address objects in the cOS Core Address Book. Let usassume for this section that the interface used for

Tip: Creating address book foldersNew folders can be created when needed and provide a convenient way to grouptogether related IP address objects. The

interface will now appear and the settings can be changed including the default gateway.Press OK to save the changes. Although changes are remembered

The destination network in the IP rule is specified as the predefined IP4 Address object all-nets.This is used since it cannot be known in advance to

Like the IP rule for HTTP, this rule also specifies that the action for DNS requests is NAT so all DNSrequest traffic is sent out by cOS Core with the

B. DHCP - automatic configurationAll the required IP addresses for Internet connection can, alternatively, be automatically retrievedfrom an ISP'

For PPPoE connection, we must create a PPPoE tunnel interface associated with the physicalEthernet interface. Assume that the physical interface is G2

An ISP will supply the correct values for pptp_username, pptp_password and the remoteendpoint. An interface is not specified when defining the tunnel

An example IP pool range might be 196.168.1.10 - 192.168.1.20 with a netmask of 255.255.0.0.In addition, it is important to specify the Default gatewa

Tip: Address book object namingThe cOS Core address book is organized alphabetically so when choosing names for IPaddress objects it is best to have t

PrefaceTarget AudienceThe target audience for this guide is the administrator who has taken delivery of a packagedClavister E5 appliance and is settin

The IP rule again has the NAT action and this is necessary if the protected local hosts have privateIPv4 addresses. The ICMP requests will be sent out

Logging can now be enabled on this rule with the desired severity. Click the Log Settings tab,and click the Enable logging box. All log messages gener

Doing this is described in Section 4.5, “License Installation Methods”.Chapter 4: cOS Core Configuration52

4.4. CLI SetupThis chapter describes the setup steps using CLI commands instead of the setup wizard.The CLI is accessible using either one of two meth

The new username/password combination should be remembered and the password should becomposed in a way which makes it difficult to guess. The next ste

Note: Private IPv4 addresses are used for example onlyEach installation's IP addresses will be different from the example IP addresses but theyar

EthernetDevice: 0:G2 1:<empty>AutoSwitchRoute: NoAutoInterfaceNetworkRoute: YesAutoDefaultGatewayRoute: YesReceiveMulticastTraffic: AutoMemberOf

Device:/> set DNS DNSServer1=dns1_addressAssuming a second IP object called dns2_address has been defined, the second DNS server isspecified with:D

source interface and source network (in this example, the network G1_net and interface G1 toflow to the destination network all-nets and the destinati

DHCP Server SetupIf the Clavister Security Gateway is to act as a DHCP server then this can be set up in the followingway:First define an IPv4 address

Text linksWhere a "See section" link is provided in the main text, this can be clicked on to take the readerdirectly to that reference. For

Add an IP rule called allow_ping_outbound to allow ICMP pings to pass:Device:/> add IPRule name=allow_ping_outboundAction=NATSourceInterface=G1Sour

4.5. License Installation MethodsWithout a valid license installed, cOS Core will run in demo mode (demonstration mode) whichmeans that it will cease

v. Download a license from the license list to the computer's local disk.vi. The license file is uploaded to the security gateway through the cOS

4.6. Setup TroubleshootingThis appendix deals with connection problems that might occur when connecting amanagement workstation to a Clavister Securit

This will display console messages that show all the ARP packets being received on the differentinterfaces and confirm that the correct cables are con

4.7. Going Further with cOS CoreAfter initial setup is complete, the administrator is ready to go further with configuring cOS Coreto suit the require

Included with the quick start section is a checklist for troubleshooting and advice on how best todeal with the networking complications that can aris

Chapter 4: cOS Core Configuration67

Chapter 5: Resetting to Factory DefaultsIn some circumstances, it may be necessary to reset the E5 hardware to the state it was in when itleft the fac

Administrators Guide.Performing a Reset ManuallyAs an alternative to resetting using the boot menu, the E5 can be reset manually.. The steps for amanu

Chapter 1: E5 Product Overview• Unpacking the E5, page 7• Interfaces and Ports, page 91.1. Unpacking the E5Figure 1.1. An Unpacked Clavister E5 Applia

Chapter 6: Warranty ServiceLimitation of WarrantyClavister warrants to the customer of the E5 Appliance that the Hardware components will befree from

Clavister ABSjögatan 6J891 60 ÖrnsköldsvikSWEDENIf the product has not yet been registered with the Clavister through its client web, a proofof purcha

Chapter 7: Safety PrecautionsSafety PrecautionsClavister E5 devices are Safety Class I products and have protective ground terminals. There mustbe an

Informations concernant la sécuritéCet appareil est un produit de classe I et possède une borne de mise à la terre. La sourced’alimentation principale

• se la vostra LAN copre un’area servita da più di un sistema di distribuzione elettrica,accertatevi che i collegamenti a terra di sicurezza siano ben

Appendix A: E5 SpecificationsBelow are the key hardware specifications for the Clavister E5 product.Dimensions, Weight and MTBFHeight x Width x Depth

Appendix B: Declarations of Conformity76

Appendix B: Declarations of Conformity77

Appendix C: Port Based VLAN SetupVLAN support on the E5 is divided into two types:• On the Ethernet interfaces G1 and G2, VLANs are created by configu

2. Associate the VLANs with GESW interfacesGo to Network > Interfaces and VPN > VLAN > Switch Management, enable port based VLANand set each

Note: If any items are missingIf any items are missing from the E5 package, please contact the reseller or distributor.All relevant documentation in P

Clavister ABSjögatan 6JSE-89160 ÖrnsköldsvikSWEDENPhone: +46-660-299200www.clavister.com

1.2. Interfaces and PortsThis section is an overview of the E5 product's external design.Figure 1.2. Clavister E5 Connection PortsThe E5 features