Clavister Lynx X8 Spécifications

Clavister Lynx X8Getting Started GuideClavister ABSjögatan 6JSE-89160 ÖrnsköldsvikSWEDENPhone: +46-660-299200www.clavister.comPublished 2015-04-07Copy

• The left hand LED indicates cOS Core status and can be either of the following colors:i. Green - cOS Core is operating normally.ii. Red - An error c

Chapter 1: X8 Product Overview11

Chapter 2: Registering with ClavisterBefore applying power to the X8 and starting cOS Core, it is important to understand the thecustomer and product

2. The customer login page is presented. It is assumed that a new customer is accessing thesite for the first time so they should press the Register b

5. Below is an example of the email that John Smith would receive.6. When the confirmation link in the email is clicked, the new customer is taken to

B. Registration of the X8 Hardware UnitThese steps describe manual registration of the X8 hardware unit.Alternatively, if the X8 is connected to the I

The image above shows an example label which illustrates the typical layout of identificationlabels found on Clavister hardware products.After Success

Chapter 3: X8 Installation• General Installation Guidelines, page 17• DIN Rail Installation, page 19• Local Console Port Connection, page 20• Connecti

a means to prevent electrical surges reaching the appliance. This is mentioned again inSection 3.4, “Connecting Power”.• TemperatureDo not install the

3.2. DIN Rail InstallationThe X8 is designed for DIN rail mounting only and comes delivered with a rotatable DIN bracketat the back for mounting. This

Clavister Lynx X8Getting Started GuidePublished 2015-04-07Copyright © 2015 Clavister ABCopyright NoticeThis publication, including all photographs, il

3.3. Local Console Port ConnectionThe local console port is a physical RS-232 port on the X8 hardware.Figure 3.2. The X8 Local Console PortThis local

• A terminal or a computer with a serial port and the ability to emulate a terminal (for example,the open source puTTYsoftware).• The terminal console

3.4. Connecting PowerThis section describes connecting power. As soon as power is applied, the X8 will boot-up andcOS Core will start.ImportantPlease

3. With the supplied power cable, plug the other end of the power cord into a power outlet.There is no On/Off switch. If using a power rail to supply

Chapter 3: X8 Installation24

Chapter 4: cOS Core Configuration• Management Workstation Connection, page 25• Web Interface and Wizard Setup, page 28• Manual Web Interface Setup, pa

A standard web browser running on a standalone computer (also referred to as themanagement workstation) can be used to access the cOS Core Web Interfa

unused interface could be used instead.Direct Connection to the Management InterfaceConnection to the management interface G1 from the workstation can

4.2. Web Interface and Wizard SetupThis chapter describes the setup when accessing cOS Core for the first time through a webbrowser. The user interfac

It is possible to configure cOS Core to use a CA signed certificate instead of self-signed certificatefor the management login and doing this is descr

Table of ContentsPreface ... 51. X8 Produ

the Clavister Security Gateway is being used in Transparent Mode between two internal networks,then the configuration setup is best done with manual W

Wizard step 3: Select the WAN interfaceNext, you will be asked for the WAN interface that will be used to connect to an ISP for Internetaccess.Wizard

These four different connection options are discussed next in the subsections 4A to 4D thatfollow.• 4A. Static - manual configurationInformation suppl

DNS servers are set automatically after connection with PPPoE.• 4D. PPTP settingsThe username and password supplied by an ISP for PPTP connection shou

Wizard step 6: Helper server settingsOptional NTP and Syslog servers can be enabled here in the wizard or configured later. NetworkTime Protocol serve

Wizard step 7: Activate setupThe final step for the configuration is to save and activate it by pressing the Activate button. Afterthis step the Web I

4.3. Manual Web Interface SetupThis section describes initial cOS Core configuration performed directly through the WebInterface, without using the se

Important: The time server URL requires the "dns:" prefixWhen specifying a URL in cOS Core for the time server, it must have the prefix &quo

Reconfiguration is a process that the cOS Core administrator may initiate often. Normally,reconfiguration takes a brief amount of time and causes only

The initial step is to set up a number of IPv4 address objects in the cOS Core Address Book. Let usassume for this section that the interface used for

List of Figures1.1. An Unpacked Clavister X8 Appliance ... 71.2. Front View of the Clav

object is named by combining the interface name with the suffix "_net" and this is the network towhich the interface belongs.Tip: Creating a

Click on the interface in the list which is to be connected to the Internet. The properties for thisinterface will now appear and the settings can be

The properties for the new IP rule will appear. In this example, we will call the rule lan_to_wan.The rule Action is set to NAT (this is explained fur

this is needed. This could be done with a single IP rule or IP policy that uses a custom servicewhich combines the HTTP and DNS protocols but the reco

B. DHCP - automatic configurationAll the required IP addresses for Internet connection can, alternatively, be automatically retrievedfrom an ISP'

For PPPoE connection, we must create a PPPoE tunnel interface associated with the physicalEthernet interface. Assume that the physical interface is G2

An ISP will supply the correct values for pptp_username, pptp_password and the remoteendpoint. An interface is not specified when defining the tunnel

An example IP pool range might be 196.168.1.10 - 192.168.1.20 with a netmask of 255.255.0.0.In addition, it is important to specify the Default gatewa

Tip: Address book object namingThe cOS Core address book is organized alphabetically so when choosing names for IPaddress objects it is best to have t

The IP rule again has the NAT action and this is necessary if the protected local hosts have privateIPv4 addresses. The ICMP requests will be sent out

PrefaceTarget AudienceThe target audience for this guide is the administrator who has taken delivery of a packagedClavister X8 appliance and is settin

Logging can now be enabled on this rule with the desired severity. Click the Log Settings tab,and click the Enable logging box. All log messages gener

Doing this is described in Section 4.5, “License Installation Methods”.Chapter 4: cOS Core Configuration51

4.4. CLI SetupThis chapter describes the setup steps using CLI commands instead of the setup wizard.The CLI is accessible using either one of two meth

The new username/password combination should be remembered and the password should becomposed in a way which makes it difficult to guess. The next ste

Note: Private IPv4 addresses are used for example onlyEach installation's IP addresses will be different from the example IP addresses but theyar

EthernetDevice: 0:G2 1:<empty>AutoSwitchRoute: NoAutoInterfaceNetworkRoute: YesAutoDefaultGatewayRoute: YesReceiveMulticastTraffic: AutoMemberOf

Device:/> set DNS DNSServer1=dns1_addressAssuming a second IP object called dns2_address has been defined, the second DNS server isspecified with:D

source interface and source network (in this example, the network G3_net and interface G3) toflow to the destination network all-nets and the destinat

DHCP Server SetupIf the Clavister Security Gateway is to act as a DHCP server then this can be set up in the followingway:First define an IPv4 address

Add an IP rule called allow_ping_outbound to allow ICMP pings to pass:Device:/> add IPRule name=allow_ping_outboundAction=NATSourceInterface=G3Sour

Text linksWhere a "See section" link is provided in the main text, this can be clicked on to take the readerdirectly to that reference. For

4.5. License Installation MethodsWithout a valid license installed, cOS Core will run in demo mode (demonstration mode) whichmeans that it will cease

v. Download a license from the license list to the computer's local disk.vi. The license file is uploaded to the security gateway through the cOS

4.6. Setup TroubleshootingThis appendix deals with connection problems that might occur when connecting amanagement workstation to a Clavister Securit

This will display console messages that show all the ARP packets being received on the differentinterfaces and confirm that the correct cables are con

4.7. Going Further with cOS CoreAfter initial setup is complete, the administrator is ready to go further with configuring cOS Coreto suit the require

Included with the quick start section is a checklist for troubleshooting and advice on how best todeal with the networking complications that can aris

Chapter 4: cOS Core Configuration66

Chapter 5: Resetting to Factory DefaultsIn some circumstances, it may be necessary to reset the X8 hardware to the state it was in whenit left the fac

Warning: Current configuration and cOS Core upgrades are lostThe factory defaults will include the default configuration and the original version ofcO

Chapter 6: Warranty ServiceLimitation of WarrantyClavister warrants to the customer of the X8 Appliance that the Hardware components will befree from

Chapter 1: X8 Product Overview• Unpacking the X8, page 7• Interfaces and Ports, page 9The Clavister Lynx X8 is a ruggedized hardware platform for cOS

Clavister ABSjögatan 6J891 60 ÖrnsköldsvikSWEDENIf the product has not yet been registered with the Clavister through its client web, a proofof purcha

Chapter 7: Safety PrecautionsSafety PrecautionsClavister X8 devices are Safety Class I products and have protective ground terminals. There mustbe an

Informations concernant la sécuritéCet appareil est un produit de classe I et possède une borne de mise à la terre. La sourced’alimentation principale

• se la vostra LAN copre un’area servita da più di un sistema di distribuzione elettrica,accertatevi che i collegamenti a terra di sicurezza siano ben

Appendix A: X8 SpecificationsDimensions, Weight and MTBFHeight x Width x Depth (mm) 170 x 60 x 126 (without DIN)Height x Width x Depth (mm) 170 x 60 x

Appendix B: Declarations of Conformity75

Appendix B: Declarations of Conformity76

Appendix C: Windows XP IP SetupIf a PC running Microsoft XP™ is being used as the cOS Core management workstation, thecomputer's Ethernet interfa

Note: DNS addresses can be entered laterTo browse the Internet from the management workstation via the security gateway, it ispossible to go back to t

Appendix D: Windows Vista IP SetupIf a PC running Microsoft Vista™ is being used as the cOS Core management workstation, thecomputer's Ethernet i

• RS-232 local console cable.• Power cable.• Euroblock (Phoenix) plug for optional power rail connection.Note: If any items are missingIf any items ar

Select and display the properties for Internet Protocol Version 4 (TCP/IPv4).7. In the properties dialog, select the option Use the following IP addre

Appendix E: Windows 7 IP SetupIf a PC running Microsoft Windows 7™ is being used as the cOS Core management workstation,the computer's Ethernet i

Select and display the properties for Internet Protocol Version 4 (TCP/IPv4).7. In the properties dialog, select the option Use the following IP addre

Appendix F: Windows 8 IP SetupIf a PC running Microsoft Windows 7 is being used as the cOS Core management workstation, thecomputer's Ethernet in

6. The properties for the selected interface will appear.Select and display the properties for Internet Protocol Version 4 (TCP/IPv4).7. In the proper

Appendix G: Apple Mac IP SetupAn Apple Mac can be used as the management workstation for initial setup of a Clavister SecurityGateway. To do this, a s

5. Now set the following values:• IP Address: 192.168.1.30• Subnet Mask: 255.255.255.0• Router: 192.168.1.16. Click Apply to complete the static IP se

Clavister ABSjögatan 6JSE-89160 ÖrnsköldsvikSWEDENPhone: +46-660-299200www.clavister.com

1.2. Interfaces and PortsThis section is an overview of the X8 product's external design.Figure 1.2. Front View of the Clavister X8The X8 feature