Applies To:

Show Versions Show Versions

Manual Chapter: FirePass® Controller version 5.5 Getting Started Guide: Configuring the FirePass Controller
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>


3

Configuring the FirePass Controller


Configuring the FirePass controller using the Quick Setup process

This chapter describes the configurations tasks you perform as you go through the initial configuration of the FirePass controller using the Quick Setup process.

Note

Before you begin the Quick Setup process described in this section, use the worksheet that was shipped with the FirePass controller to record your network configuration settings. This will expedite the configuration process.

Configuring the FirePass controller involves performing a few short tasks, which are described in this chapter, as follows:

The pages listed above for each of these tasks contain the detailed procedures that you follow when setting up the FirePass controller using the Quick Setup process.

In addition to the above tasks, the following topics are included in this chapter:

Performing the initial installation and configuration

This section describes the steps you follow to perform the initial configuration of the FirePass controller, and set it up in your network environment.

Unpacking the FirePass controller

The first thing you need to do is to unpack the FirePass controller from its shipping container.

The following items are shipped in the container:

  • This Getting Started Guide
  • The licensing agreement
  • A worksheet that can be used to record your network settings to expedite installation of the FirePass controller
  • The Declaration of Conformity
  • The FirePass controller
  • Cables
Warning

The FirePass 4100 controller is shipped with a serial cable labeled FAILOVER that is reserved for future use. Do not use this cable.

Collecting configuration settings

Before you begin to prepare the FirePass controller for installation, gather information about the configuration settings used in your network. Use the worksheet that was shipped with the FirePass controller to record these settings.

Preparing the FirePass controller for installation

Before you can configure the FirePass controller, you must first connect the controller to a PC.

To connect the FirePass controller to a PC

Connect a PC that has a web browser to the FirePass controller using either a crossover Ethernet cable connected directly from the PC to the FirePass controller, or a standard Ethernet cable (also called a patch cable or a straight-through cable) connected to an isolated hub or switch, which is then connected to the FirePass controller.

The Ethernet cable connects to the appropriate FirePass controller port, as follows:

  • FirePass 1000
    Use the WAN port.
    The WAN port is used for primary user and administrative services. The LAN and DMZ ports are available for other services, such as failover synchronization, DMZ use, or protecting your wireless LAN.
  • FirePass 4100
    Use the Management port.
    The Management port is used for a direct connection to a management PC. The Eth1.1 port is used for primary user and administrative services. The Eth1.2-1.4 ports are available for other services, such as dedicated clustering or failover synchronization, DMZ use, or for connecting to other LANs.

The connection using a crossover Ethernet cable is shown in Figure 3.1 .

The connection for a standard Ethernet cable is shown in Figure 3.2 . The PC connects to a switch or hub, and the switch or hub connects to the FirePass controller using the ports listed above.

 

 

Figure 3.1 Connection using a crossover Ethernet cable

 

 

Figure 3.2 Connection using a standard Ethernet cable
Important

The ports on the FirePass 4100 are not switched ports. When connecting more than one FirePass controller port, each port must be on separate Layer 2 and Layer 3 networks.

To power up the FirePass controller

The power up sequence varies depending on the model of FirePass controller that you have.

  1. After connecting the FirePass controller to the PC, locate the power switch. The power switch location varies by model:
    • FirePass 1000
      The power switch is located on the back of the controller.
    • FirePass 4100
      The power switch is located in the center of the front panel of the controller (the panel opens outward).
  2. Use the power switch to turn the controller on.
  3. On the FirePass 4100, after the power switch is turned on, the LCD displays F5 Power standby mode. Press Enter to command power on.
    Press and hold the Enter key on the front panel (the key with the green check mark) until the lights on the front panel come on. The FirePass 4100 keypad is shown in Figure 3.3 .

    Loading the system can take several minutes; up to five minutes for the FirePass 4100.

  4. Verify that the controller is ready. The ready signal depends on the model of controller that you have:
    • The FirePass 1000 emits three successive tones, that increase in pitch, to indicate that the system has been loaded, and displays FirePass 1000 on its LCD.
    • The FirePass 4100 displays a cycle of three information panels. These are, in order:
      - The currently configured IP address of the Management
      interface and the fully qualified domain name
      - The date and time
      - The software version




Figure 3.3 FirePass 4100 keypad

To set the IP address of the PC to connect to the FirePass controller

The FirePass controller ships with a static IP address:

  • The factory default IP address of the FirePass 1000 is 192.168.1.99.
  • The factory default IP address of the FirePass 4100 is 192.168.0.99 (Management port).

For your PC to connect to the FirePass controller, it must meet two criteria: it must be in the same subnet as the FirePass controller, and it must not be the factory default of the FirePass controller.

  • Set the IP address of your PC.
  • For the FirePass 1000, use an IP address other than 192.168.1.99 in the 192.168.1.0/255.255.255.0 subnet.
  • For the FirePass 4100, use an IP address other than 192.168.0.99 in the 192.168.0.0/255.255.255.0 subnet

To access the Administrative Console of the FirePass controller

Using the connected PC, type the default URL into the address bar of the web browser, as follows:

  • FirePass 1000
    https://192.168.1.99/admin/
    Be sure to include the ending slash (/) character.
  • FirePass 4100 (Management port)
    https://192.168.0.99/admin/

    Be sure to include the ending slash (/) character.

To accept the certificate warning

When the certificate warning message is displayed, accept it.

The FirePass controller logon screen is now displayed.

This initial certificate is intended as a quick setup aid and is not intended for permanent use (for production). You can change the FirePass controller certificate after you have initially configured the controller. For more information, refer to other FirePass controller documentation and the online help.

To log on

On the FirePass controller logon screen, use the default administrator name admin, and password of admin.

The startup screen for unlicensed FirePass controllers is displayed.

To access the Quick Setup menus

  1. From the Welcome screen of the FirePass controller console, click the FirePass Quick Setup link.
  2. Enter the information that you recorded on your worksheet for each screen by following the guidelines in Using the Quick Setup worksheet, on page 2-5 .
  3. When you finish the Quick Setup process, the Quick Setup Completed screen is displayed, and you have a choice of either restarting the controller or shutting down the controller.
    We recommend that you shut down the controller and move it to its final destination in your network before proceeding.
  4. Most changes you make, including the administrator logon name and password are immediately applied. However, the network configuration does not change until you finish the Quick Setup process and restart the FirePass controller.

Important

For the FirePass 4100, during the Quick Setup procedure, you should configure the Eth1.1 interface to connect the FirePass controller to the main network. Do not use the Management interface because the Management interface is intended solely for administrative purposes. You should also retain the default settings for the Management interface.
Warning

Do not use the power switch to shut down the FirePass controller without following the proper shutdown procedures given in the sections entitled To shut down the FirePass controller , following, and Shutting down and restarting the controller, on page 4-3 . If you incorrectly power down the controller, it could result in an unstable state, requiring that you return the controller to its factory default settings.

To shut down the FirePass controller

Shut down the FirePass controller by clicking the Shutdown Controller button on the Device Management : Maintenance : Restart Services screen.

Preparing the FirePass controller for a production environment

Before restarting the FirePass controller and completing its configuration, move the controller to its final destination in your network.

To restart the FirePass controller

  1. Connect the FirePass controller to your production network.
    • FirePass 1000
      Use the WAN port.
    • FirePass 4100
      Use the Eth1.1 port (do not use the Management port).
  2. Follow the instructions listed in To power up the FirePass controller to power up the FirePass controller.

To reset the IP address of the PC

Change the IP address of the PC back to its original setting.

To log on to the FirePass controller

  1. Log on using either the fully qualified domain name or the IP address that was assigned during the Quick Setup (assigned to the Eth 1.1 port for FirePass 4100, or the WAN port for FirePass 1000). For example, using your browser, navigate to https://firepass.siterequest.com/admin/.
  2. Use the administrator logon name and password you supplied during the Quick Setup process. For troubleshooting information, refer to the other FirePass controller documentation, which is available online at http://tech.f5.com.
  3. If you do not have an internal DNS server or a firewall that supports DNS aliasing, you must either use the IP address of the FirePass controller to make a connection, or change the local hosts file on each internal computer that will connect to the FirePass controller.
  4. To create a host entry for the FirePass controller, on a Windows computer, use Notepad to edit the computer's hosts file. The host entry should be in the following format:
  5. 192.168.1.9 firepass.siterequest.com

    On Windows NT/2000/XP systems, the hosts file is in the following location, where %SystemRoot% is the root directory:

    %SystemRoot%\System32\drivers\etc\hosts

    (For example, C:\WINNT or C:\WINDOWS.)

    On Windows 9x and Windows Me systems, the hosts file is in the following location, where %WinDir% represents the root directory.

    %WinDir%\hosts

To activate your license

  1. Click the Activate License link.
  2. Select a licensing method.
    • We recommend that you use the Automatic licensing method. To use the Automatic licensing method, the FirePass controller must be able to contact the F5 licensing server on the Internet.
    • If your configuration or network policies prevent contacting the F5 licensing server directly, choose the Manual licensing method.
  3. Click Request License and follow the instructions presented on the screen.
Note

If you cannot access the F5 licensing server from the FirePass controller, refer to other FirePass documentation and the online help for troubleshooting information.

This completes the initial configurations tasks. You can now perform additional configuration tasks such as configuring groups, setting up security, adding access favorites, and enrolling users.

Note

Depending on your hardware configuration, you might be prompted to restart the FirePass controller at this time.

Performing additional configuration tasks

After you have finished setting up the FirePass controller, and you have completed the initial configuration, you need to configure other aspects of the FirePass controller. You will need to perform these additional configuration tasks using the various screens in the Administrative Console.

To continue configuring the FirePass controller using your LAN, in the navigation pane, click Device Management and expand Configuration. Then click Network Configuration. This is the starting point for further configuration tasks.

For more information on additional configuration tasks that you can perform, refer to the online help page for the screen you use in each configuration task.

As you configure the FirePass controller, either setting up new functions, or modifying existing configurations, you might see an Update button on the screen. Be sure to click the Update button whenever you make a change on any screen that has an Update button. Then you must use the Finalize screen to review and commit any changes that you make to the configuration.

Configuring user access to favorites

By default, users are allowed to access only the favorites that you, as the administrator, have defined. As the administrator, you can give users permission to define their own favorites, or to open direct connections. You do this in the Master Group Settings screen for each application. Although the exact text for the check box varies by screen, you clear the check box that indicates that access is limited to favorites only.

For example, in the Portal Access : Web Applications : Master Group Settings screen, the check box is labeled Limit Web Applications Access to Intranet Favorites only, with no direct addressing (for Extranets, partner and customer access, etc.).

Verifying your configuration settings

After you have gone through the Quick Setup process and have performed additional configuration tasks on the FirePass controller, you can follow the steps covered in this section to verify your configuration settings. For more information, refer to other FirePass controller documentation and the online help page for each screen.

To test client access to the FirePass controller

  1. Connect your PC to a network outside your company's firewall.
  2. Type https://<fully qualified domain name>/admin/.
    Where the fully qualified domain name is the name entered in your external DNS server.
    You should see the logon page.
  3. Log on using the administrator account.
    By default this is admin, but it might have been changed during the Quick Setup process.

To configure user logon

  1. In the navigation pane, click Users and then click User Management.
  2. Verify that Individual Entry is selected in the Create user accounts by list, and click Go.
    The new user screen opens.
  3. Verify that Default is selected in the Master Group list.
    If it is not, select Default, and click Change.
  4. Fill in all fields under the New User section, and click Add User.
  5. For this example, we call the new user user1 with the first name of Joe and the last name of User.

To verify user logon configuration

  1. Log out of the Administrative Console and open a new browser window.
  2. Type https://<fully qualified domain name>/.
    Where the fully qualified domain name is the name entered in your external DNS server.
    You should see the logon page.
  3. In Username, type user1.
  4. In Password, type the password you specified in the previous procedure, and then click Logon.
  5. You should see Joe User's home. On the left are some icons for access modes (webifyers) and on the right should be a single section entitled Network Access with a link with the name you typed in during the Quick Setup process.

To test Network Access

This test applies only if you are using Network Access.

  1. Using a browser, attempt to access a company internal website.
    It should fail.
  2. Click the link for Network Access.
    A popup window presents a security warning about the certificate.
  3. Answer yes.
    Another window is displayed with the message Network Access connection successfully established.
  4. Attempt to access the internal website again.
    It should work this time.
  5. Click the x button in the popup window to disconnect.
  6. Click logout to log out.

Creating a snapshot of your configuration settings

After you have configured the FirePass controller, you should create a snapshot and a backup of your configuration. Refer to Using the snapshot tool, on page 4-5 and Backing up and restoring configuration settings, on page 4-7 for more information.




Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)