You can use the CLI Installation Wizard for the initial installation. The installation program enables you to install and configure LinkProof without any specific networking knowledge.Figure 1: Three ISPs connectedFigure 2: Regular VLAN (bridge)
— Both ISP 1 (LP Interface 2, 192.168.10.0/24) and internal LAN (Interface 1) — subnet 192.168.10.0/24 are on the same subnet
— ISP on LP Interface 3 — subnet 192.168.30.0/24
3.
Note An initial default configuration is provided. When a device boots up for the first time, if the startup is not used for 30 seconds, and a boot-up server is not found within another 30 seconds, default settings are assigned to the device. The initial default configuration consists of the following:
• Private IP address (192.168.1.1)
• Subnet mask (255.255.255.0)
• Port number for management. The port number depends on the platform.
For OnDemand Switch platforms, the default is G-1.
• NMS IP address (0.0.0.0, allowing any station to manage the device using SNMP).
• Community string, public
• Telnet, SSH, SSL and WBM are enabled with a default user of radware with
password radware.
4. Type @ and press Enter. The device displays the following message:
5.
Note If you enter n, the CLI wizard returns to the original configuration wizard where you can configure the device with an IP address for initial access only.The device enters a default value for the incomplete parameters, with the exception of the IP address, which is mandatory. A validity check of all the parameters is then performed.Some menu items may relate to additional information, which you can find in Table 4 - Inbound Traffic Startup Configuration, page 47, Table 6 - ISP Startup Configuration, page 49, and Table 7 - Interface Numbering Conventions, page 51.
7. Press Enter. Static Port Address Translation (Static PAT) is an option, and offers the following inbound services:
Static PAT allows you to configure up to three servers, each with up to five services with the following limitation: starting from one server with all the five services or five servers (with different IP addresses) with one service each, or a combination of the above.
8. Press Enter.When using inbound services with Static PAT, management ports have to be disabled in order to prevent a conflict with inbound services.The following ports have been chosen by Radware using RFC 4340. You can alternatively use an optional port recommended by IANA (Internet Assigned Numbers Authority) —
http://www.iana.org/assignments/port-numbers.
>>
>> If the IP address of the inbound port and the outbound port belong to the same subnet, the following configuration is derived from the topology:
• Inbound and outbound ports become members of the 1 VLAN Bridge group.
• Radware ensures that all IP addresses belong to the same subnet mask.
Table 3: CLI Wizard Configuration Enable management port For OnDemand Switch VL platforms only, this parameter specifies whether the port labeled G6 / MNG1 is configured for management purposes. The IP address of the interface is the only mandatory parameter. This address is used to access the device. The password used to access the device remotely using Web Based Management, Telnet or SSH. Enable management port SSH Access Enable management port Secure Web Access Enable management port SNMP Access Enable ping response on all NHR ports Specifies whether to enable a ping response on all router ports of the device. Set Client Table size between 1000 and <MaxClientTableSize> [<Recommended size>] Specifies the Client Table Size with values between 1000 and the maximum recommended value for your specific physical platform.Default: The recommended size, which is the approximate average between 1000 and the maximum size of the client table. The maximum size of the client table depends on the memory of the device.
Caution It is not recommended to set the Client Table Size to maximum, because it might render the device without operational memory. If you configure higher values, you should check the memory consumption using Web Based Management (Service > Tuning > Memory Check) or CLI (using the command system tune check-memory-capacity). Remote management IP address (press <Enter> to configure) Accesses the ISP Startup Configuration submenu to configure routers NAT by defining the IP address of the routers as well as the IP addresses of the LinkProof interfaces. Inbound Traffic configuration (press <Enter> to configure) Accesses the Inbound Traffic Startup Configuration submenu. This enables you to configure Static Port Address Translation (Static PAT) options. Static PAT allows you to configure up to three servers, each with up to five services with the following limitation: starting from one server with all the five services or five servers (with different IP addresses) with one service each, or a combination of the above. When using inbound services with Static PAT, management ports have to be disabled in order to prevent a conflict with inbound services.For a description of the Inbound Traffic Startup Configuration menu items, see Table 4 - Inbound Traffic Startup Configuration, page 47. (press <Enter> to configure) For a description of the SNMP Startup Configuration submenu items, see Table 2 - SNMP Startup Configuration Submenu, page 41.
Internal Web server IP address Optionally specifies an internal Web (HTTP) server with an IP address. TCP port is 80. Internal Web server domain name When item 0 has a value other than 0, this parameter specifies the relevant domain name. Internal FTP server IP address Optionally specifies an internal FTP server with an IP address. When specified, the device sets the TCP port 9061 to instead of the well known TCP port 21 and 20.i Internal FTP server domain name When item 2 has a value other than 0, this parameter specifies the relevant domain name. Internal SMTP server IP address Optionally specifies an internal Mail (SMTP) server with an IP address. TCP port 25. Internal SMTP server domain name When item 4 has a value other than 0, this parameter specifies the relevant domain name. Internal HTTPS server address Optionally specifies an internal Web SSL (HTTPS) with an IP address. When specified, the device sets the TCP port 9062 to instead of the well known 443.1 Internal HTTPS server domain name When item 6 has a value other than 0, this parameter specifies the relevant domain name. Internal IPSec server IP address Optionally specifies an internal VPN (IPsec) server with an IP address. UDP and TCP port 500 plus AH/ESP L3. Internal IPSec server domain name When item 8 has a value other than 0, this parameter specifies the relevant domain name.
Radware has chosen this port using RFC 4340. You can alternatively use an optional port recommended by IANA (Internet Assigned Numbers Authority) —
http://www.iana.org/assignments/port-numbers.
Table 5: SNMP Startup Configuration Submenu Supported SNMP versions Indicates which versions of the SNMP protocol are supported by the device.Default: 1 2 3 — that is, 1 and 2 and 3 Default: public Default: No password Authentication Protocol (NONE/SHA/MD5 [MD5] Specifies whether to use authentication and the authentication protocol. Must be used in conjunction with privacy. Authentication Password Default: No password The required NMS IP address. Enter a value if you require to limit the device to a single specified NMS.Default: 0.0.0.0 — That is, any NMS Configuration file name The name of the file, in a format required by the server, which contains the configuration. Select this parameter when you need to download a configuration file as NMS. The file must be located on the NMS, and the NMS must be located on a TFTP server. When you exit the Startup Configuration window, the device loads the configuration file from the NMS, resets and starts operating with the new configuration.
Table 6: ISP Startup Configuration LinkProof IP interface address for ISP 1 LinkProof physical port numbers facing ISP 1 Set operating mode for the ISP server Do you want to use Dynamic-NAT for the ISP Specifies whether Dynamic NAT is used. If yes, you must specify the IP Interface of that specific Interface, the NAT Address. LinkProof IP interface address for ISP 2 LinkProof physical port numbers facing ISP 2 Set operating mode for the ISP server Do you want to use Dynamic-NAT for the ISP LinkProof IP interface address for ISP 3 LinkProof physical port numbers facing ISP 3 Set operating mode for the ISP server Do you want to use Dynamic-NAT for the ISP (use up/down keys) [Least amount of traffic]
•
• Default: Least amount of traffic