Imperva-M150_Quick_Start_Guide-v3.pdf

SECURESPHEREQuick Start Guide M150 Management Server Appliance Version 1.0 April 2010 transcribed.com Website: www. stored in a retrieval system. Inc. This document contains proprietary and confidential material of Imperva Inc. However. or translated into any language in any form or by any means without the written permission of Imperva Inc. no responsibility is assumed by Imperva Inc. Suite 101 Redwood City.imperva. Imperva Contact Information US Headquarters Imperva Inc.2010 Imperva. Imperva Inc. CA 94065. write to the attention of the Imperva Legal Department at: 3400 Bridge Parkway. transmitted. Imperva Inc. All Rights Reserved. Suite 101 Redwood Shores. reserves the right to make changes to the material at any time and without notice.com DC000016 Rev A01 Imperva M150 Quick Start Guide V3 . The material furnished in this document is believed to be accurate and reliable. To obtain this permission. This document is for information purposes only. for the use of this material. CA 94065 USA Tel: (650) 345 9000 Fax: (650) 345 9004 Email: info@imperva. or its suppliers or affiliate companies. Information in this document is subject to change without notice and does not represent a commitment on the part of Imperva Inc. makes no warranties.COPYRIGHT NOTICE © 2002 . or any part thereof. expressed or implied. The software may be used only in accordance with the terms of this agreement. The software described in this document is furnished under license agreement. 3400 Bridge Parkway. No part of this publication may be reproduced. use. TRADEMARK ATTRIBUTIONS All brand and product names are trademarks or registered trademarks of their respective holders. This document is solely for the use of Imperva employees and authorized Imperva customers.. All rights reserved. is strictly prohibited. or disclosure of this material. Imperva and SecureSphere are trademarks of Imperva Inc. Any unauthorized reproduction. C RJ-45 serial console port D USB ports E reserved for future use M 2 x 3.M150 M150 Panels Front Panel Figure 1 M150 Front Panel Table 1 M150 Front Panel A-B Management NICs: See M150 Network Interface Configuration on page 7.5” HDD bays . 4 . Attach the front ear mounts to the appliance using the provided long screws. Attach the front ear mount handles to the front ear mounts using the provided short screws. as shown in Figure 3. you will need the following equipment: • a Phillips (cross-head) screwdriver • machine screws and bolts for mounting appliance to rack frame • recommended: an anti-static wrist strap and conductive foam head Racking Procedure To mount the M150 appliance in the rack cabinet: 1. 2.M150 Quick Start Guide Rear Panel Figure 2 M150 Rear Panel Table 2 M150 Real Panel P fans Q on / off switch R power supplies S button to silence beep warning when only one power supply is connected to the power (see Imperva Appliances Platform Guide) Racking the M150 Before You Begin Before installing the M150 in the rack. 5 . as shown in Figure 4.M150 Quick Start Guide Figure 3 Attaching the front ear mounts 3. Slide out the inner rail (the one that will be attached to the appliance) and attach it to the appliance. The two rails which you will use to mount the appliance in the rack cabinet are packaged together. Do this on both sides. one for each side. There are two sets. If required. the original rack cabinet rail and the extender rail) to both the front and back of the rack cabinet. Figure 5 Rack cabinet rail’s extender The extended rails are required for deeper rack cabinets. 6 . which you will attach to the rack cabinet and along which you will slide the appliance into the rack cabinet. Next. turn your attention to the rack cabinet rails.M150 Quick Start Guide Line up the holes in the rail and on the side of the appliance. attach the extender rail to the rack cabinet rail (Figure 5) so that you will be able to secure the assembled rail (that is. 1 1 2 2 1 3 3 2 3 Figure 4 Attaching the appliance rail 4. This hole in the rail is not used. as shown in Figure 6. 7 . Note: The assembled rail should be attached to the outside of the rack cabinet at both the front and back. Next.M150 Quick Start Guide 5. You should be able to slide the appliance out far enough so that you can reach the on-off switch. Figure 6 Attaching the rack cabinet rail to the rack cabinet . fans and power supplies on the rear panel. attach the assembled rails to the rack cabinet. Once you have attached the assembled rails to the rack cabinet. In the table. slide the appliance into the rack cabinet.front (above) and back (below) 6. M150 Network Interface Configuration The table below details the network interfaces configuration for the M150 appliance. the letters in the first column refer to Figure 1 on page 3. The SecureSphere gateways connect to the OOB through NIC eth1. eth0 B LAN management NIC The management server and the gateways communicate using this NIC. An OOB network provides a separate secure area in which administrative and monitoring functions can take place without compromising traffic or the core internal network. A single SecureSphere Management Server supports multiple gateways. Connecting the M150 Management Server The SecureSphere network architecture consists of two components: SecureSphere Gateways and the SecureSphere Management Server (MX). and all the gateways must communicate with the management server. SecureSphere administrators can communicate with the management server using this NIC. For a detailed description of deployment scenarios. Optionally. It is recommended that SecureSphere gateways communicate with a SecureSphere Management Server through a dedicated Out Of Band (OOB) network. eth1 Note: Before attaching a network cable to the appliance. 8 . refer to the SecureSphere Administration Guide. see Table 3 on page 8. Out Of Band Network (OOB) Each SecureSphere Gateway should be connected to the SecureSphere Management Server using a dedicated NIC. The management server listens for connections from gateways on TCP port 8083.M150 Quick Start Guide Table 3 Network Interface Configuration A default management NIC SecureSphere administrators communicate with the management server using this NIC. make sure the device at the other end of the cable is up and running. SecureSphere administrators can manage the management server and the gateways using the SecureSphere GUI. 168.M150 Quick Start Guide MX Management Server eth0 NIC F default Management NIC 192.1 netmask 255.100 eth1 NIC G OOB LAN Management NIC 172.0.0.255. Your configuration will probably be different.0.254 DNS server – 192.255. Firewalls can be placed wherever they are required.16.0. 9 .0 Note: The IP addresses and netmasks shown here are examples only.168.0 default gateway – 192. Figure 8 shows that ports that need to be open to enable different functions required by SecureSphere to operate through the deployed firewalls.255.1 netmask 255.0.168. \\ \\ SecureSphere gateways Figure 7 Network Configuration Configuring Firewall Ports SecureSphere allows a great deal of flexibility in its deployment modes. M150 Quick Start Guide SNMP (UDP 162) UI TCP 8083 SSH (TCP 22) SNMP (UDP 162) SSH (TCP 22) ` TCP 8083 NTP (UDP 123) SSH (TCP 22) HTTPS (TCP 8083) SSH (TCP 22) HTTPS (TCP 443) DNS Server syslog (UDP 514) – if configured for audit DNS (TCP 53 and UDP 53) NTP Server NTP (UDP 123) Imperva Update Server HTTP (TCP 80) syslog Server syslog (UDP 514) SNMP Server SNMP (UDP 162) SMTP (TCP 25) SMTP Server Figure 8 Firewall Port Configuration Deploying Management Servers and Gateways If you are deploying a SecureSphere management server and separate gateways. 10 . The reason is that the first thing a gateway does when it starts is to try to find its management server. it is recommended that you deploy the management server first and then the gateways. you can avoid this problem by using the DEL option or Ctrl-H (delete character). while others send a control sequence. 11 .M150 Quick Start Guide Connecting to the M150 Appliance Using a Serial Console To connect to the appliance using a serial console: 1. so that the stream the application sees is different from the displayed text. configure the serial console settings as follows: Table 4 Serial Console Settings Setting Value baud rate 38400 data bits 8 parity none stop bits 1 flow control none terminal emulation VT-100 or VT-UTF8 (supports colors) Note: Some terminal emulators correctly interpret the Backspace key to delete the previous character from the stream sent to the application as well as from the displayed text. You should determine the behavior of your terminal emulator before using the Backspace key. If you are using a program such as Hyperterminal™. In Hypterterminal. Connect a computer or a terminal to the serial port on the M150 using a serial cable. This may take half an hour or more. If you want to configure a default gateway. and its password must be identical on all SecureSphere appliances managed by the same MX. 7. At this point. 9. 192. If you chose to configure the LAN in step 7: • Enter the NIC not selected in step 4. Enter the netmask for the above IP address (for example. Select the area from the list or select option 11 to manually enter the time zone using Posix TZ format.M150 Quick Start Guide M150 Appliance First Time Login The appliance is shipped from the factory with SecureSphere already installed on it. and click Enter. 4. Select the management server’s time zone. enter Yes when asked to do so. 2. 10. Connect to the appliance using a serial console (see Connecting to the M150 Appliance Using a Serial Console on page 11). If you want to configure the LAN as an additional management NIC.168. Otherwise. continue with this procedure. 13. 8. and enter the IP address of your default gateway (for example. The secure user is used to login to the management server using impcfg.255. enter No to leave the default management NIC. Enter a new password for the secure user and then retype it when asked. 12. and it will initialize. If you want a different NIC for management NIC. 3. Once the installation is complete.0). Select the specific country in the area and confirm the result. Enter No to leave the LAN disabled. • Enter the IP address and netmask for the LAN interface. 11.0. To log in to the appliance for the first time: 1.255. Enter an IP address for the management NIC (for example.255.1) and click Enter. Enter a new password for the root user and then retype it when asked. 255. you can install a different version of SecureSphere on the appliance by following the instructions in Installing SecureSphere Software on page 13. 6. enter Yes. Your SecureSphere appliance now has an IP address.255.0). 255. or click Enter to use the default. enter Yes. Login with the username secure and the password secure. 12 . 5. or with the command line interface (impcfg) SSH. Turn on the appliance. 2. you can connect to the management server either with the SecureSphere GUI using HTTPS (https://<appliance_IP>:8083). you must connect a serial console in order to monitor the installation. When the appliance boots. see the Network Installation chapter in the SecureSphere Administration Guide. from either the network or from a USB device. Note: For backward-compatibility reasons. and optionally. You can install a different version of SecureSphere on the appliance. one after the other. Installing SecureSphere Software The appliance is shipped from the factory with SecureSphere already installed on it. 1. Install the deployment application. Next time you connect. to the LAN management interface. so that you will be able to monitor the installation. the installation procedure outputs to a VGA port by default. Connect the cable to the default management interface (see Table 3 on page 8). Installing From The Network For more information on how to install the latest version of the appliance software over the network. When the appliance tries to boot from the network. On completion. you will be prompted to press L to boot from the network. Because the M150 does not have a VGA port. by following these instructions.M150 Quick Start Guide 14. login as user secure with the new password you defined in this procedure. 13 . Connect a serial console to the appliance (see Connecting to the M150 Appliance Using a Serial Console on page 11). 3. it will try both of the on-board interfaces. To . 5. see SecureSphere Administration Guide.. select one of the displayed installation options by entering the appropriate command.38400 ide0=noprobe Installing From USB Note: For more information about USB installation. 2. Connect to the appliance using a serial console (see Connecting to the M150 Appliance Using a Serial Console on page 11). To install from a USB device: 1.. so that you will be able to monitor the installation. Plug a USB device with the SecureSphere recovery image into the appliance USB port.M150 Quick Start Guide 4.. Enter the following text and then press <Enter> install the specified build (output to serial console) installserial install a different build (output to serial console) installserial build=<build> boot from the disk local 14 . Enter the following text and then press <Enter> install the specified build from the network with output to serial console install console=ttyS0. enter the following command: To . 4. Turn off the appliance.. Power on the appliance. After the appliance boots. When the boot menu appears. 3.