Vous êtes sur la page 1sur 196

Radware Installation and Maintenance Guide

Document ID: RDWR_IG_1101


February, 2011

Radware Installation and Maintenance Guide

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide

Important Notices
The following important notices are presented in English, French, and German.

Important Notices
This guide is delivered subject to the following conditions and restrictions: Copyright Radware Ltd. 20062011. All rights reserved. The copyright and all other intellectual property rights and trade secrets included in this guide are owned by Radware Ltd. The guide is provided to Radware customers for the sole purpose of obtaining information with respect to the installation and use of the Radware products described in this document, and may not be used for any other purpose. The information contained in this guide is proprietary to Radware and must be kept in strict confidence. It is strictly forbidden to copy, duplicate, reproduce or disclose this guide or any part thereof without the prior written consent of Radware.

Notice importante
Ce guide est sujet aux conditions et restrictions suivantes : Copyright Radware Ltd. 20062011. Tous droits rservs. Le copyright ainsi que tout autre droit li la proprit intellectuelle et aux secrets industriels contenus dans ce guide sont la proprit de Radware Ltd. Ce guide d'informations est fourni nos clients dans le cadre de l'installation et de l'usage des produits de Radware dcrits dans ce document et ne pourra tre utilis dans un but autre que celui pour lequel il a t conu. Les informations rpertories dans ce document restent la proprit de Radware et doivent tre conserves de manire confidentielle. Il est strictement interdit de copier, reproduire ou divulguer des informations contenues dans ce manuel sans avoir obtenu le consentement pralable crit de Radware.

Wichtige Anmerkung
Dieses Handbuch wird vorbehaltlich folgender Bedingungen und Einschrnkungen ausgeliefert: Copyright Radware Ltd. 20062011. Alle Rechte vorbehalten. Das Urheberrecht und alle anderen in diesem Handbuch enthaltenen Eigentumsrechte und Geschftsgeheimnisse sind Eigentum von Radware Ltd. Dieses Handbuch wird Kunden von Radware mit dem ausschlielichen Zweck ausgehndigt, Informationen zu Montage und Benutzung der in diesem Dokument beschriebene Produkte von Radware bereitzustellen. Es darf fr keinen anderen Zweck verwendet werden. Die in diesem Handbuch enthaltenen Informationen sind Eigentum von Radware und mssen streng vertraulich behandelt werden. Es ist streng verboten, dieses Handbuch oder Teile daraus ohne vorherige schriftliche Zustimmung von Radware zu kopieren, vervielfltigen, reproduzieren oder offen zu legen.

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide

Copyright Notices
The following copyright notices are presented in English, French, and German.

Copyright Notices
This product contains code developed by the OpenSSL Project This product includes software developed by the OpenSSL Project. For use in the OpenSSL Toolkit. (http://www.openssl.org/). Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. This product contains the Rijndael cipher The Rijndael implementation by Vincent Rijmen, Antoon Bosselaers and Paulo Barreto is in the public domain and distributed with the following license: @version 3.0 (December 2000) Optimized ANSI C code for the Rijndael cipher (now AES) @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be> @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be> @author Paulo Barreto <paulo.barreto@terra.com.br> The OnDemand Switch may use software components licensed under the GNU General Public License Agreement Version 2 (GPL v.2) including LinuxBios and Filo open source projects. The source code of the LinuxBios and Filo is available from Radware upon request. A copy of the license can be viewed at: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html This code is hereby placed in the public domain. This product contains code developed by the OpenBSD Project Copyright (c) 1983, 1990, 1992, 1993, 1995 The Regents of the University of California. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. 2. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.

3.

This product includes software developed by Markus Friedl This product includes software developed by Theo de Raadt This product includes software developed by Niels Provos This product includes software developed by Dug Song This product includes software developed by Aaron Campbell This product includes software developed by Damien Miller This product includes software developed by Kevin Steves This product includes software developed by Daniel Kouril This product includes software developed by Wesley Griffin This product includes software developed by Per Allansson This product includes software developed by Nils Nordman This product includes software developed by Simon Wilkinson

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. ALL THE SOFTWARE MENTIONED ABOVE IS PROVIDED BY THE AUTHOR AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Notice traitant du copyright


Ce produit renferme des codes dvelopps dans le cadre du projet OpenSSL. Ce produit inclut un logiciel dvelopp dans le cadre du projet OpenSSL. Pour un usage dans la bote outils OpenSSL (http://www.openssl.org/). Copyright (c) 1998-2005 Le projet OpenSSL. Tous droits rservs. Ce produit inclut la catgorie de chiffre Rijndael. L'implmentation de Rijindael par Vincent Rijmen, Antoon Bosselaers et Paulo Barreto est du domaine public et distribue sous les termes de la licence suivante : @version 3.0 (Dcembre 2000) Code ANSI C code pour Rijndael (actuellement AES) @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be> @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be> @author Paulo Barreto <paulo.barreto@terra.com.br>. Le commutateur OnDemand peut utiliser les composants logiciels sous licence, en vertu des termes de la licence GNU General Public License Agreement Version 2 (GPL v.2), y compris les projets source ouverte LinuxBios et Filo. Le code source de LinuxBios et Filo est disponible sur demande auprs de Radware. Une copie de la licence est rpertorie sur: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html Ce code est galement plac dans le domaine public. Ce produit renferme des codes dvelopps dans le cadre du projet OpenSSL. Copyright (c) 1983, 1990, 1992, 1993, 1995 Les membres du conseil de l'Universit de Californie. Tous droits rservs. La distribution et l'usage sous une forme source et binaire, avec ou sans modifications, est autorise pour autant que les conditions suivantes soient remplies : 1. La distribution d'un code source doit inclure la notice de copyright mentionne ci-dessus, cette liste de conditions et l'avis de non-responsabilit suivant. 2. La distribution, sous une forme binaire, doit reproduire dans la documentation et/ou dans tout autre matriel fourni la notice de copyright mentionne ci-dessus, cette liste de conditions et l'avis de non-responsabilit suivant. 3. Le nom de l'universit, ainsi que le nom des contributeurs ne seront en aucun cas utiliss pour approuver ou promouvoir un produit driv de ce programme sans l'obtention pralable d'une autorisation crite. Ce produit inclut un logiciel dvelopp par Markus Friedl

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide

Ce produit inclut un logiciel dvelopp par Theo de Raadt Ce produit inclut un logiciel dvelopp par Niels Provos Ce produit inclut un logiciel dvelopp par Dug Song Ce produit inclut un logiciel dvelopp par Aaron Campbell Ce produit inclut un logiciel dvelopp par Damien Miller Ce produit inclut un logiciel dvelopp par Kevin Steves Ce produit inclut un logiciel dvelopp par Daniel Kouril Ce produit inclut un logiciel dvelopp par Wesley Griffin Ce produit inclut un logiciel dvelopp par Per Allansson Ce produit inclut un logiciel dvelopp par Nils Nordman Ce produit inclut un logiciel dvelopp par Simon Wilkinson. La distribution et l'usage sous une forme source et binaire, avec ou sans modifications, est autorise pour autant que les conditions suivantes soient remplies : 1. 2. La distribution d'un code source doit inclure la notice de copyright mentionne ci-dessus, cette liste de conditions et l'avis de non-responsabilit suivant. La distribution, sous une forme binaire, doit reproduire dans la documentation et/ou dans tout autre matriel fourni la notice de copyright mentionne ci-dessus, cette liste de conditions et l'avis de non-responsabilit suivant.

LE LOGICIEL MENTIONN CI-DESSUS EST FOURNI TEL QUEL PAR LE DVELOPPEUR ET TOUTE GARANTIE, EXPLICITE OU IMPLICITE, Y COMPRIS, MAIS SANS S'Y LIMITER, TOUTE GARANTIE IMPLICITE DE QUALIT MARCHANDE ET D'ADQUATION UN USAGE PARTICULIER EST EXCLUE. EN AUCUN CAS L'AUTEUR NE POURRA TRE TENU RESPONSABLE DES DOMMAGES DIRECTS, INDIRECTS, ACCESSOIRES, SPCIAUX, EXEMPLAIRES OU CONSCUTIFS (Y COMPRIS, MAIS SANS S'Y LIMITER, L'ACQUISITION DE BIENS OU DE SERVICES DE REMPLACEMENT, LA PERTE D'USAGE, DE DONNES OU DE PROFITS OU L'INTERRUPTION DES AFFAIRES), QUELLE QU'EN SOIT LA CAUSE ET LA THORIE DE RESPONSABILIT, QU'IL S'AGISSE D'UN CONTRAT, DE RESPONSABILIT STRICTE OU D'UN ACTE DOMMAGEABLE (Y COMPRIS LA NGLIGENCE OU AUTRE), DCOULANT DE QUELLE QUE FAON QUE CE SOIT DE L'USAGE DE CE LOGICIEL, MME S'IL A T AVERTI DE LA POSSIBILIT D'UN TEL DOMMAGE.

Copyrightvermerke
Dieses Produkt enthlt einen vom OpenSSL-Projekt entwickelten Code Dieses Produkt enthlt vom OpenSSL-Projekt entwickelte Software. Zur Verwendung im OpenSSL Toolkit. (http://www.openssl.org/). Copyright (c) 1998-2005 The OpenSSL Project. Alle Rechte vorbehalten. Dieses Produkt enthlt die Rijndael cipher Die Rijndael-Implementierung von Vincent Rijndael, Anton Bosselaers und Paulo Barreto ist ffentlich zugnglich und wird unter folgender Lizenz vertrieben: @version 3.0 (December 2000) Optimierter ANSI C Code fr den Rijndael cipher (jetzt AES) @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be> @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be> @author Paulo Barreto <paulo.barreto@terra.com.br> Der OnDemand Switch verwendet mglicherweise Software, die im Rahmen der DNU Allgemeine ffentliche Lizenzvereinbarung Version 2 (GPL v.2) lizensiert sind, einschlielich LinuxBios und Filo Open Source-Projekte. Der Quellcode von LinuxBios und Filo ist bei Radware auf Anfrage erhltlich. Eine Kopie dieser Lizenz kann eingesehen werden unter: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html Dieser Code wird hiermit allgemein zugnglich gemacht. Dieses Produkt enthlt einen vom OpenBSD-Projekt entwickelten Code

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide

Copyright (c) 1983, 1990, 1992, 1993, 1995 The Regents of the University of California. Alle Rechte vorbehalten. Die Verbreitung und Verwendung in Quell- und binrem Format, mit oder ohne Vernderungen, sind unter folgenden Bedingungen erlaubt: 1. Die Verbreitung von Quellcodes muss den voranstehenden Copyrightvermerk, diese Liste von Bedingungen und den folgenden Haftungsausschluss beibehalten. 2. Die Verbreitung in binrem Format muss den voranstehenden Copyrightvermerk, diese Liste von Bedingungen und den folgenden Haftungsausschluss in der Dokumentation und/oder andere Materialien, die mit verteilt werden, reproduzieren. 3. Weder der Name der Universitt noch die Namen der Beitragenden drfen ohne ausdrckliche vorherige schriftliche Genehmigung verwendet werden, um von dieser Software abgeleitete Produkte zu empfehlen oder zu bewerben. Dieses Produkt enthlt von Markus Friedl entwickelte Software Dieses Produkt enthlt von Theo de Raadt entwickelte Software Dieses Produkt enthlt von Niels Provos entwickelte Software Dieses Produkt enthlt von Dug Song entwickelte Software Dieses Produkt enthlt von Aaron Campbell entwickelte Software Dieses Produkt enthlt von Damien Miller entwickelte Software Dieses Produkt enthlt von Kevin Steves entwickelte Software Dieses Produkt enthlt von Daniel Kouril entwickelte Software Dieses Produkt enthlt von Wesley Griffin entwickelte Software Dieses Produkt enthlt von Per Allansson entwickelte Software Dieses Produkt enthlt von Nils Nordman entwickelte Software Dieses Produkt enthlt von Simon Wilkinson entwickelte Software Die Verbreitung und Verwendung in Quell- und binrem Format, mit oder ohne Vernderungen, sind unter folgenden Bedingungen erlaubt: 1. Die Verbreitung von Quellcodes muss den voranstehenden Copyrightvermerk, diese Liste von Bedingungen und den folgenden Haftungsausschluss beibehalten. 2. Die Verbreitung in binrem Format muss den voranstehenden Copyrightvermerk, diese Liste von Bedingungen und den folgenden Haftungsausschluss in der Dokumentation und/oder andere Materialien, die mit verteilt werden, reproduzieren. SMTLICHE VORGENANNTE SOFTWARE WIRD VOM AUTOR IM IST-ZUSTAND ("AS IS") BEREITGESTELLT. JEGLICHE AUSDRCKLICHEN ODER IMPLIZITEN GARANTIEN, EINSCHLIESSLICH, DOCH NICHT BESCHRNKT AUF DIE IMPLIZIERTEN GARANTIEN DER MARKTGNGIGKEIT UND DER ANWENDBARKEIT FR EINEN BESTIMMTEN ZWECK, SIND AUSGESCHLOSSEN. UNTER KEINEN UMSTNDEN HAFTET DER AUTOR FR DIREKTE ODER INDIREKTE SCHDEN, FR BEI VERTRAGSERFLLUNG ENTSTANDENE SCHDEN, FR BESONDERE SCHDEN, FR SCHADENSERSATZ MIT STRAFCHARAKTER, ODER FR FOLGESCHDEN EINSCHLIESSLICH, DOCH NICHT BESCHRNKT AUF, ERWERB VON ERSATZGTERN ODER ERSATZLEISTUNGEN; VERLUST AN NUTZUNG, DATEN ODER GEWINN; ODER GESCHFTSUNTERBRECHUNGEN) GLEICH, WIE SIE ENTSTANDEN SIND, UND FR JEGLICHE ART VON HAFTUNG, SEI ES VERTRGE, GEFHRDUNGSHAFTUNG, ODER DELIKTISCHE HAFTUNG (EINSCHLIESSLICH FAHRLSSIGKEIT ODER ANDERE), DIE IN JEGLICHER FORM FOLGE DER BENUTZUNG DIESER SOFTWARE IST, SELBST WENN AUF DIE MGLICHKEIT EINES SOLCHEN SCHADENS HINGEWIESEN WURDE.

Safety Instructions
The following safety instructions are presented in English, French, and German.

Safety Instructions
CAUTION A readily accessible disconnect device shall be incorporated in the building installation wiring.

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide

Due to the risks of electrical shock, and energy, mechanical, and fire hazards, any procedures that involve opening panels or changing components must be performed by qualified service personnel only. To reduce the risk of fire and electrical shock, disconnect the device from the power line before removing cover or panels. The following figure shows the caution label that is attached to Radware platforms with dual power supplies.

Figure 1: Electrical Shock Hazard Label

DUAL-POWER-SUPPLY-SYSTEM SAFETY WARNING IN CHINESE The following figure is the warning for Radware platforms with dual power supplies.

Figure 2: Dual-Power-Supply-System Safety Warning in Chinese

Translation of Figure 2 - Dual-Power-Supply-System Safety Warning in Chinese, page 8: This unit has more than one power supply. Disconnect all power supplies before maintenance to avoid electric shock. SERVICING Do not perform any servicing other than that contained in the operating instructions unless you are qualified to do so. There are no serviceable parts inside the unit. HIGH VOLTAGE Any adjustment, maintenance, and repair of the opened instrument under voltage must be avoided as much as possible and, when inevitable, must be carried out only by a skilled person who is aware of the hazard involved. Capacitors inside the instrument may still be charged even if the instrument has been disconnected from its source of supply. GROUNDING Before connecting this device to the power line, the protective earth terminal screws of this device must be connected to the protective earth in the building installation. LASER This equipment is a Class 1 Laser Product in accordance with IEC60825 - 1: 1993 + A1:1997 + A2:2001 Standard.

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide

FUSES Make sure that only fuses with the required rated current and of the specified type are used for replacement. The use of repaired fuses and the short-circuiting of fuse holders must be avoided. Whenever it is likely that the protection offered by fuses has been impaired, the instrument must be made inoperative and be secured against any unintended operation. LINE VOLTAGE Before connecting this instrument to the power line, make sure the voltage of the power source matches the requirements of the instrument. Refer to the Specifications for information about the correct power rating for the device. 48V DC-powered platforms have an input tolerance of 36-72V DC. SPECIFICATION CHANGES Specifications are subject to change without notice.

Note: This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15B of the FCC Rules and EN55022 Class A, EN 55024; EN 61000-3-2; EN 61000-3-3; IEC 61000 4-2 to 4-6, IEC 61000 4-8 and IEC 61000-411For CE MARK Compliance. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user is required to correct the interference at his own expense. VCCI ELECTROMAGNETIC-INTERFERENCE STATEMENTS

Figure 3: Statment for Class A VCCI-certified Equipment

Translation of Figure 3 - Statment for Class A VCCI-certified Equipment, page 9: This is a Class A product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). If this equipment is used in a domestic environment, radio disturbance may occur, in which case, the user may be required to take corrective action.

Figure 4: Statment for Class B VCCI-certified Equipment

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide

Translation of Figure 4 - Statment for Class B VCCI-certified Equipment, page 9: This is a Class B product based on the standard of the Voluntary Control Council for Interference by Information Technology Equipment (VCCI). If this is used near a radio or television receiver in a domestic environment, it may cause radio interference. Install and use the equipment according to the instruction manual. SPECIAL NOTICE FOR NORTH AMERICAN USERS For North American power connection, select a power supply cord that is UL Listed and CSA Certified 3 - conductor, [18 AWG], terminated in a molded on plug cap rated 125 V, [5 A], with a minimum length of 1.5m [six feet] but no longer than 4.5m...For European connection, select a power supply cord that is internationally harmonized and marked <HAR>, 3 - conductor, 0,75 mm2 minimum mm2 wire, rated 300 V, with a PVC insulated jacket. The cord must have a molded on plug cap rated 250 V, 3 A.. RESTRICT AREA ACCESS The DC powered equipment should only be installed in a Restricted Access Area. INSTALLATION CODES This device must be installed according to country national electrical codes. For North America, equipment must be installed in accordance with the US National Electrical Code, Articles 110 - 16, 110 -17, and 110 -18 and the Canadian Electrical Code, Section 12. INTERCONNECTION OF UNITS Cables for connecting to the unit RS232 and Ethernet Interfaces must be UL certified type DP-1 or DP-2. (Note- when residing in non LPS circuit) OVERCURRENT PROTECTION A readily accessible listed branch-circuit over current protective device rated 15 A must be incorporated in the building wiring for each power input. REPLACEABLE BATTERIES If equipment is provided with a replaceable battery, and is replaced by an incorrect battery type, then an explosion may occur. This is the case for some Lithium batteries and the following is applicable: If the battery is placed in an Operator Access Area, there is a marking close to the battery or a statement in both the operating and service instructions. If the battery is placed elsewhere in the equipment, there is a marking close to the battery or a statement in the service instructions.

This marking or statement includes the following text warning: CAUTION RISK OF EXPLOSION IF BATTERY IS REPLACED BY AN INCORRECT BATTERY TYPE. DISPOSE OF USED BATTERIES ACCORDING TO THE INSTRUCTIONS. Caution To Reduce the Risk of Electrical Shock and Fire 1. 2. 3. 4. 5. 6. This equipment is designed to permit connection between the earthed conductor of the DC supply circuit and the earthing conductor equipment. See Installation Instructions. All servicing must be undertaken only by qualified service personnel. There are not user serviceable parts inside the unit. DO NOT plug in, turn on or attempt to operate an obviously damaged unit. Ensure that the chassis ventilation openings in the unit are NOT BLOCKED. Replace a blown fuse ONLY with the same type and rating as is marked on the safety label adjacent to the power inlet, housing the fuse. Do not operate the device in a location where the maximum ambient temperature exceeds 40C/104F.

10

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide

7. Be sure to unplug the power supply cord from the wall socket BEFORE attempting to remove and/or check the main power fuse. CLASS 1 LASER PRODUCT AND REFERENCE TO THE MOST RECENT LASER STANDARDS IEC 60 825-1:1993 + A1:1997 + A2:2001 AND EN 60825-1:1994+A1:1996+ A2:2001 AC units for Denmark, Finland, Norway, Sweden (marked on product): Denmark - Unit is class I - unit to be used with an AC cord set suitable with Denmark deviations. The cord includes an earthing conductor. The Unit is to be plugged into a wall socket outlet which is connected to a protective earth. Socket outlets which are not connected to earth are not to be used! Finland - (Marking label and in manual) - Laite on liitettv suojamaadoituskoskettimilla varustettuun pistorasiaan Norway (Marking label and in manual) - Apparatet m tilkoples jordet stikkontakt Unit is intended for connection to IT power systems for Norway only. Sweden (Marking label and in manual) - Apparaten skall anslutas till jordat uttag.

To connect the power connection: 1. Connect the power cable to the main socket, located on the rear panel of the device. 2. Connect the power cable to the grounded AC outlet. CAUTION Risk of electric shock and energy hazard. Disconnecting one power supply disconnects only one power supply module. To isolate the unit completely, disconnect all power supplies.

Instructions de scurit
AVERTISSEMENT Un dispositif de dconnexion facilement accessible sera incorpor au cblage du btiment. En raison des risques de chocs lectriques et des dangers nergtiques, mcaniques et d'incendie, chaque procdure impliquant l'ouverture des panneaux ou le remplacement de composants sera excute par du personnel qualifi. Pour rduire les risques d'incendie et de chocs lectriques, dconnectez le dispositif du bloc d'alimentation avant de retirer le couvercle ou les panneaux. La figure suivante montre l'tiquette d'avertissement appose sur les plateformes Radware dotes de plus d'une source d'alimentation lectrique. Figure 1 : tiquette d'avertissement de danger de chocs lectriques

Figure 5: tiquette d'avertissement de danger de chocs lectriques

AVERTISSEMENT DE SCURIT POUR LES SYSTMES DOTS DE DEUX SOURCES D'ALIMENTATION LECTRIQUE (EN CHINOIS) La figure suivante reprsente l'tiquette d'avertissement pour les plateformes Radware dotes de deux sources d'alimentation lectrique.

Document ID: RDWR_IG_1101

11

Radware Installation and Maintenance Guide

Figure 6: Avertissement de scurit pour les systmes dotes de deux sources d'alimentation lectrique (en chinois)

Traduction de la Figure 6 - Avertissement de scurit pour les systmes dotes de deux sources d'alimentation lectrique (en chinois), page 12: Cette unit est dote de plus d'une source d'alimentation lectrique. Dconnectez toutes les sources d'alimentation lectrique avant d'entretenir l'appareil ceci pour viter tout choc lectrique. ENTRETIEN N'effectuez aucun entretien autre que ceux rpertoris dans le manuel d'instructions, moins d'tre qualifi en la matire. Aucune pice l'intrieur de l'unit ne peut tre remplace ou rpare. HAUTE TENSION Tout rglage, opration d'entretien et rparation de l'instrument ouvert sous tension doit tre vit. Si cela s'avre indispensable, confiez cette opration une personne qualifie et consciente des dangers impliqus. Les condensateurs au sein de l'unit risquent d'tre chargs mme si l'unit a t dconnecte de la source d'alimentation lectrique. MISE A LA TERRE Avant de connecter ce dispositif la ligne lectrique, les vis de protection de la borne de terre de cette unit doivent tre relies au systme de mise la terre du btiment. LASER Cet quipement est un produit laser de classe 1, conforme la norme IEC60825 - 1 : 1993 + A1 :1997 + A2 :2001. FUSIBLES Assurez-vous que, seuls les fusibles courant nominal requis et de type spcifi sont utiliss en remplacement. L'usage de fusibles rpars et le court-circuitage des porte-fusibles doivent tre vits. Lorsqu'il est pratiquement certain que la protection offerte par les fusibles a t dtriore, l'instrument doit tre dsactiv et scuris contre toute opration involontaire. TENSION DE LIGNE Avant de connecter cet instrument la ligne lectrique, vrifiez que la tension de la source d'alimentation correspond aux exigences de l'instrument. Consultez les spcifications propres l'alimentation nominale correcte du dispositif. Les plateformes alimentes en 48 CC ont une tolrance d'entre comprise entre 36 et 72 V CC. MODIFICATIONS DES SPCIFICATIONS Les spcifications sont sujettes changement sans notice pralable. Remarque: Cet quipement a t test et dclar conforme aux limites dfinies pour un appareil numrique de classe A, conformment au paragraphe 15B de la rglementation FCC et EN55022 Classe A, EN 55024, EN 61000-3-2 ; EN 61000-3-3 ; IEC 61000 4-2 to 4-6, IEC 61000 4-8 and IEC 61000-4-11, pour la marque de conformit de la CE. Ces limites sont fixes pour fournir une protection raisonnable contre les interfrences nuisibles, lorsque l'quipement est utilis dans un environnement commercial. Cet quipement gnre, utilise et peut mettre des frquences radio et, s'il n'est pas install et utilis conformment au manuel d'instructions, peut entraner des interfrences nuisibles aux communications radio. Le fonctionnement de cet quipement dans une zone rsidentielle est susceptible de provoquer des interfrences nuisibles, auquel cas l'utilisateur devra corriger le problme ses propres frais. DCLARATIONS SUR LES INTERFRENCES LECTROMAGNTIQUES VCCI

12

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide

Figure 7: Dclaration pour l'quipement de classe A certifi VCCI

Traduction de la Figure 7 - Dclaration pour l'quipement de classe A certifi VCCI, page 13: Il s'agit d'un produit de classe A, bas sur la norme du Voluntary Control Council for Interference by Information Technology Equipment (VCCI). Si cet quipement est utilis dans un environnement domestique, des perturbations radiolectriques sont susceptibles d'apparatre. Si tel est le cas, l'utilisateur sera tenu de prendre des mesures correctives.

Figure 8: Dclaration pour l'quipement de classe B certifi VCCI

Traduction de la Figure 8 - Dclaration pour l'quipement de classe B certifi VCCI, page 13: Il s'agit d'un produit de classe B, bas sur la norme du Voluntary Control Council for Interference by Information Technology Equipment (VCCI). S'il est utilis proximit d'un poste de radio ou d'une tlvision dans un environnement domestique, il peut entraner des interfrences radio. Installez et utilisez l'quipement selon le manuel d'instructions. NOTICE SPCIALE POUR LES UTILISATEURS NORD-AMRICAINS Pour un raccordement lectrique en Amrique du Nord, slectionnez un cordon d'alimentation homologu UL et certifi CSA 3 - conducteur, [18 AWG], muni d'une prise moule son extrmit, de 125 V, [5 A], d'une longueur minimale de 1,5 m [six pieds] et maximale de 4,5m...Pour la connexion europenne, choisissez un cordon d'alimentation mondialement homologu et marqu "<HAR>", 3 - conducteur, cble de 0,75 mm2 minimum, de 300 V, avec une gaine en PVC isole. La prise l'extrmit du cordon, sera dote d'un sceau moul indiquant: 250 V, 3 A.". ZONE A ACCS RESTREINT L'quipement aliment en CC ne pourra tre install que dans une zone accs restreint. CODES D'INSTALLATION Ce dispositif doit tre install en conformit avec les codes lectriques nationaux. En Amrique du Nord, l'quipement sera install en conformit avec le code lectrique national amricain, articles 110-16, 110 -17, et 110 -18 et le code lectrique canadien, Section 12. INTERCONNEXION DES UNTES. Les cbles de connexion l'unit RS232 et aux interfaces Ethernet seront certifis UL, type DP-1 ou DP-2. (Remarque- s'ils ne rsident pas dans un circuit LPS) PROTECTION CONTRE LES SURCHARGES. Un circuit de drivation, facilement accessible, sur le dispositif de protection du courant de 15 A doit tre intgr au cblage du btiment pour chaque puissance consomme. BATTERIES REMPLAABLES

Document ID: RDWR_IG_1101

13

Radware Installation and Maintenance Guide

Si l'quipement est fourni avec une batterie, et qu'elle est remplace par un type de batterie incorrect, elle est susceptible d'exploser. C'est le cas pour certaines batteries au lithium, les lments suivants sont donc applicables : Si la batterie est place dans une zone d'accs oprateur, une marque est indique sur la batterie ou une remarque est insre, aussi bien dans les instructions d'exploitation que d'entretien. Si la batterie est place ailleurs dans l'quipement, une marque est indique sur la batterie ou une remarque est insre dans les instructions d'entretien.

Cette marque ou remarque inclut l'avertissement textuel suivant : AVERTISSEMENT RISQUE D'EXPLOSION SI LA BATTERIE EST REMPLACE PAR UN MODLE INCORRECT. METTRE AU REBUT LES BATTERIES CONFORMMENT AUX INSTRUCTIONS. Attention - Pour rduire les risques de chocs lectriques et d'incendie 1. 2. 3. 4. 5. 6. 7. Cet quipement est conu pour permettre la connexion entre le conducteur de mise la terre du circuit lectrique CC et l'quipement de mise la terre. Voir les instructions d'installation. Tout entretien sera entrepris par du personnel qualifi. Aucune pice l'intrieur de l'unit ne peut tre remplace ou rpare. NE branchez pas, n'allumez pas ou n'essayez pas d'utiliser une unit manifestement endommage. Vrifiez que l'orifice de ventilation du chssis dans l'unit n'est PAS OBSTRUE. Remplacez le fusible endommag par un modle similaire de mme puissance, tel qu'indiqu sur l'tiquette de scurit adjacente l'arrive lectrique hbergeant le fusible. Ne faites pas fonctionner l'appareil dans un endroit, o la temprature ambiante dpasse la valeur maximale autorise. 40C/104F. Dbranchez le cordon lectrique de la prise murale AVANT d'essayer de retirer et/ou de vrifier le fusible d'alimentation principal.

PRODUIT LASER DE CLASSE 1 ET RFRENCE AUX NORMES LASER LES PLUS RCENTES : IEC 60 825-1:1993 + A1 :1997 + A2 :2001 ET EN 60825-1:1994+A1 :1996+ A2 :2001 Units CA pour le Danemark, la Finlande, la Norvge, la Sude (indiqu sur le produit) : Danemark - Unit de classe 1 - qui doit tre utilise avec un cordon CA compatible avec les dviations du Danemark. Le cordon inclut un conducteur de mise la terre. L'unit sera branche une prise murale, mise la terre. Les prises non-mises la terre ne seront pas utilises ! Finlande - (tiquette et inscription dans le manuel) - Laite on liitettv suojamaadoituskoskettimilla varustettuun pistorasiaan" Norvge (tiquette et inscription dans le manuel) - "Apparatet m tilkoples jordet stikkontakt" L'unit peut tre connecte un systme lectrique IT (en Norvge uniquement). Sude (tiquette et inscription dans le manuel) - "Apparaten skall anslutas till jordat uttag." Branchez le cble d'alimentation la prise principale, situe sur le panneau arrire de l'unit. Connectez le cble d'alimentation la prise CA mise la terre. AVERTISSEMENT

1. 2.

Pour brancher l'alimentation lectrique :

Risque de choc lectrique et danger nergtique. La dconnexion d'une source d'alimentation lectrique ne dbranche qu'un seul module lectrique. Pour isoler compltement l'unit, dbranchez toutes les sources d'alimentation lectrique. ATTENTION Risque de choc et de danger lectriques. Le dbranchement d'une seule alimentation stabilise ne dbranche qu'un module "Alimentation Stabilise". Pour Isoler compltement le module en cause, il faut dbrancher toutes les alimentations stabilises.

14

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide

Attention: Pour Rduire Les Risques d'lectrocution et d'Incendie 1. Toutes les oprations d'entretien seront effectues UNIQUEMENT par du personnel d'entretien qualifi. Aucun composant ne peut tre entretenu ou remplace par l'utilisateur. 2. NE PAS connecter, mettre sous tension ou essayer d'utiliser une unit visiblement dfectueuse. 3. Assurez-vous que les ouvertures de ventilation du chssis NE SONT PAS OBSTRUES. 4. Remplacez un fusible qui a saut SEULEMENT par un fusible du mme type et de mme capacit, comme indiqu sur l'tiquette de scurit proche de l'entre de l'alimentation qui contient le fusible. 5. NE PAS UTILISER l'quipement dans des locaux dont la temprature maximale dpasse 40 degrs Centigrades. 6. Assurez vous que le cordon d'alimentation a t dconnect AVANT d'essayer de l'enlever et/ou vrifier le fusible de l'alimentation gnrale.

Sicherheitsanweisungen
VORSICHT Die Elektroinstallation des Gebudes muss ein unverzglich zugngliches Stromunterbrechungsgert integrieren. Aufgrund des Stromschlagrisikos und der Energie-, mechanische und Feuergefahr drfen Vorgnge, in deren Verlauf Abdeckungen entfernt oder Elemente ausgetauscht werden, ausschlielich von qualifiziertem Servicepersonal durchgefhrt werden. Zur Reduzierung der Feuer- und Stromschlaggefahr muss das Gert vor der Entfernung der Abdeckung oder der Paneele von der Stromversorgung getrennt werden. Folgende Abbildung zeigt das VORSICHT-Etikett, das auf die Radware-Plattformen mit Doppelspeisung angebracht ist.

Figure 9: Warnetikett Stromschlaggefahr

SICHERHEITSHINWEIS IN CHINESISCHER SPRACHE FR SYSTEME MIT DOPPELSPEISUNG Die folgende Abbildung ist die Warnung fr Radware-Plattformen mit Doppelspeisung.

Figure 10: Sicherheitshinweis in chinesischer Sprache fr Systeme mit Doppelspeisung

bersetzung von Figure 10 - Sicherheitshinweis in chinesischer Sprache fr Systeme mit Doppelspeisung, page 15:

Document ID: RDWR_IG_1101

15

Radware Installation and Maintenance Guide

Die Einheit verfgt ber mehr als eine Stromversorgungsquelle. Ziehen Sie zur Verhinderung von Stromschlag vor Wartungsarbeiten smtliche Stromversorgungsleitungen ab. WARTUNG Fhren Sie keinerlei Wartungsarbeiten aus, die nicht in der Betriebsanleitung angefhrt sind, es sei denn, Sie sind dafr qualifiziert. Es gibt innerhalb des Gertes keine wartungsfhigen Teile. HOCHSPANNUNG Jegliche Einstellungs-, Instandhaltungs- und Reparaturarbeiten am geffneten Gert unter Spannung mssen so weit wie mglich vermieden werden. Sind sie nicht vermeidbar, drfen sie ausschlielich von qualifizierten Personen ausgefhrt werden, die sich der Gefahr bewusst sind. Innerhalb des Gertes befindliche Kondensatoren knnen auch dann noch Ladung enthalten, wenn das Gert von der Stromversorgung abgeschnitten wurde. ERDUNG Bevor das Gert an die Stromversorgung angeschlossen wird, mssen die Schrauben der Erdungsleitung des Gertes an die Erdung der Gebudeverkabelung angeschlossen werden. LASER Dieses Gert ist ein Laser-Produkt der Klasse 1 in bereinstimmung mit IEC60825 - 1: 1993 + A1:1997 + A2:2001 Standard. SICHERUNGEN Vergewissern Sie sich, dass nur Sicherungen mit der erforderlichen Stromstrke und der angefhrten Art verwendet werden. Die Verwendung reparierter Sicherungen sowie die Kurzschlieung von Sicherungsfassungen muss vermieden werden. In Fllen, in denen wahrscheinlich ist, dass der von den Sicherungen gebotene Schutz beeintrchtigt ist, muss das Gert abgeschaltet und gegen unbeabsichtigten Betrieb gesichert werden. LEITUNGSSPANNUNG Vor Anschluss dieses Gertes an die Stromversorgung ist zu gewhrleisten, dass die Spannung der Stromquelle den Anforderungen des Gertes entspricht. Beachten Sie die technischen Angaben bezglich der korrekten elektrischen Werte des Gertes. Plattformen mit 48 V DC verfgen ber eine Eingangstoleranz von 36-72 V DC. NDERUNGEN DER TECHNISCHEN ANGABEN nderungen der technischen Spezifikationen bleiben vorbehalten. Hinweis: Dieses Gert wurde geprft und entspricht den Beschrnkungen von digitalen Gerten der Klasse 1 gem Teil 15B FCC-Vorschriften und EN55022 Klasse A, EN55024; EN 61000-3-2; EN; IEC 61000 4-2 to 4-6, IEC 61000 4-8 und IEC 61000-4- 11 fr Konformitt mit der CE-Bezeichnung. Diese Beschrnkungen dienen dem angemessenen Schutz vor schdlichen Interferenzen bei Betrieb des Gertes in kommerziellem Umfeld. Dieses Gert erzeugt, verwendet und strahlt elektromagnetische Hochfrequenzstrahlung aus. Wird es nicht entsprechend den Anweisungen im Handbuch montiert und benutzt, knnte es mit dem Funkverkehr interferieren und ihn beeintrchtigen. Der Betrieb dieses Gertes in Wohnbereichen wird hchstwahrscheinlich zu schdlichen Interferenzen fhren. In einem solchen Fall wre der Benutzer verpflichtet, diese Interferenzen auf eigene Kosten zu korrigieren. ERKLRUNG DER VCCI ZU ELEKTROMAGNETISCHER INTERFERENZ

Figure 11: Erklrung zu VCCI-zertifizierten Gerten der Klasse A

16

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide

bersetzung von Figure 11 - Erklrung zu VCCI-zertifizierten Gerten der Klasse A, page 16: Dies ist ein Produkt der Klasse A gem den Normen des Voluntary Control Council for Interference by Information Technology Equipment (VCCI). Wird dieses Gert in einem Wohnbereich benutzt, knnen elektromagnetische Strungen auftreten. In einem solchen Fall wre der Benutzer verpflichtet, korrigierend einzugreifen.

Figure 12: Erklrung zu VCCI-zertifizierte Gerte der Klasse B

bersetzung von Figure 12 - Erklrung zu VCCI-zertifizierte Gerte der Klasse B, page 17: Dies ist ein Produkt der Klasse B gem den Normen des Voluntary Control Council for Interference by Information Technology Equipment (VCCI). Wird dieses Gert in einem Wohnbereich benutzt, knnen elektromagnetische Strungen auftreten. Montieren und benutzen Sie das Gert laut Anweisungen im Benutzerhandbuch. BESONDERER HINWEIS FR BENUTZER IN NORDAMERIKA Whlen Sie fr den Netzstromanschluss in Nordamerika ein Stromkabel, das in der UL aufgefhrt und CSA-zertifiziert ist 3 Leiter, [18 AWG], endend in einem gegossenen Stecker, fr 125 V, [5 A], mit einer Mindestlnge von 1,5 m [sechs Fu], doch nicht lnger als 4,5 m. Fr europische Anschlsse verwenden Sie ein international harmonisiertes, mit "<HAR>" markiertes Stromkabel, mit 3 Leitern von mindestens 0,75 mm2, fr 300 V, mit PVC-Umkleidung. Das Kabel muss in einem gegossenen Stecker fr 250 V, 3 A enden. BEREICH MIT EINGESCHRNKTEM ZUGANG Das mit Gleichstrom betriebene Gert darf nur in einem Bereich mit eingeschrnktem Zugang montiert werden. INSTALLATIONSCODES Dieses Gert muss gem der landesspezifischen elektrischen Codes montiert werden. In Nordamerika mssen Gerte entsprechend dem US National Electrical Code, Artikel 110 - 16, 110 17 und 110 - 18, sowie dem Canadian Electrical Code, Abschnitt 12, montiert werden. VERKOPPLUNG VON GERTEN Kabel fr die Verbindung des Gertes mit RS232- und Ethernetmssen UL-zertifiziert und vom Typ DP-1 oder DP-2 sein. (Anmerkung: bei Aufenthalt in einem nicht-LPS-Stromkreis) BERSTROMSCHUTZ Ein gut zugnglicher aufgefhrter berstromschutz mit Abzweigstromkreis und 15 A Strke muss fr jede Stromeingabe in der Gebudeverkabelung integriert sein. AUSTAUSCHBARE BATTERIEN Wird ein Gert mit einer austauschbaren Batterie geliefert und fr diese Batterie durch einen falschen Batterietyp ersetzt, knnte dies zu einer Explosion fhren. Dies trifft zu fr manche Arten von Lithiumsbatterien zu, und das folgende gilt es zu beachten: Wird die Batterie in einem Bereich fr Bediener eingesetzt, findet sich in der Nhe der Batterie eine Markierung oder Erklrung sowohl im Betriebshandbuch als auch in der Wartungsanleitung. Ist die Batterie an einer anderen Stelle im Gert eingesetzt, findet sich in der Nhe der Batterie eine Markierung oder einer Erklrung in der Wartungsanleitung.

Diese Markierung oder Erklrung enthlt den folgenden Warntext: VORSICHT

Document ID: RDWR_IG_1101

17

Radware Installation and Maintenance Guide

EXPLOSIONSGEFAHR, FALLS BATTERIE DURCH EINEN FALSCHEN BATTERIETYP ERSETZT WIRD. GEBRAUCHTE BATTERIEN DEN ANWEISUNGEN ENTSPRECHEND ENTSORGEN. Denmark - "Unit is class I - mit Wechselstromkabel benutzen, dass fr die Abweichungen in Dnemark eingestellt ist. Das Kabel ist mit einem Erdungsdraht versehen. Das Kabel wird in eine geerdete Wandsteckdose angeschlossen. Keine Steckdosen ohne Erdungsleitung verwenden!" Finland - (Markierungsetikett und im Handbuch) - "Laite on liitettv suojamaadoituskoskettimilla varustettuun pistorasiaan Norway - (Markierungsetikett und im Handbuch) - "Apparatet m tilkoples jordet stikkontakt Ausschlielich fr Anschluss an IT-Netzstromsysteme in Norwegen vorgesehen Sweden - (Markierungsetikett und im Handbuch) - "Apparaten skall anslutas till jordat uttag." Schlieen Sie das Stromkabel an den Hauptanschluss auf der Rckseite des Gertes an. Schlieen Sie das Stromkabel an den geerdeten Wechselstromanschluss an.

1. 2.

Anschluss des Stromkabels:

VORSICHT Stromschlag- und Energiegefahr Die Trennung einer Stromquelle trennt nur ein Stromversorgungsmodul von der Stromversorgung. Um das Gert komplett zu isolieren, muss es von der gesamten Stromversorgung getrennt werden. Vorsicht - Zur Reduzierung der Stromschlag- und Feuergefahr 1. Dieses Gert ist dazu ausgelegt, die Verbindung zwischen der geerdeten Leitung des Gleichstromkreises und dem Erdungsleiter des Gertes zu ermglichen. Siehe Montageanleitung. Wartungsarbeiten jeglicher Art drfen nur von qualifiziertem Servicepersonal ausgefhrt werden. Es gibt innerhalb des Gertes keine vom Benutzer zu wartenden Teile. Versuchen Sie nicht, ein offensichtlich beschdigtes Gert an den Stromkreis anzuschlieen, einzuschalten oder zu betreiben. Vergewissern Sie sich, dass sie Lftungsffnungen im Gehuse des Gertes NICHT BLOCKIERT SIND. Ersetzen Sie eine durchgebrannte Sicherung ausschlielich mit dem selben Typ und von der selben Strke, die auf dem Sicherheitsetikett angefhrt sind, das sich neben dem Stromkabelanschluss, am Sicherungsgehuse. Betreiben Sie das Gert nicht an einem Standort, an dem die Hchsttemperatur der Umgebung 40 C berschreitet. Vergewissern Sie sich, das Stromkabel aus dem Wandstecker zu ziehen, BEVOR Sie die Hauptsicherung entfernen und/oder prfen.

2. 3. 4. 5.

6. 7.

18

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide

Document Conventions
The following describes the conventions and symbols that this guide uses:

Item

Description
An example scenario

Description (French)
Un scnario d'exemple

Beschreibung (German)
Ein Beispielszenarium

Example
Possible damage to equipment, software, or data Caution: Additional information Note: A statement and instructions To A suggestion or workaround Tip: Possible physical harm to Blessure possible de the operator l'oprateur Warning: Verletzungsgefahr des Bedieners Une suggestion ou solution Ein Vorschlag oder eine Umgehung Rfrences et instructions Eine Erklrung und Anweisungen Endommagement Mgliche Schden an possible de l'quipement, Gert, Software oder des donnes ou du Daten logiciel Informations complmentaires Zustzliche Informationen

Document ID: RDWR_IG_1101

19

Radware Installation and Maintenance Guide

20

Document ID: RDWR_IG_1101

Table of Contents
Important Notices .......................................................................................................... 3 Copyright Notices .......................................................................................................... 4 Safety Instructions ......................................................................................................... 7 Document Conventions ............................................................................................... 19

Chapter 1 Pre-Installation.................................................................................... 27
Checking the Contents ................................................................................................ 27 NEBS Requirements ................................................................................................... 27
Rack and Radware Platform ................................................................................................ Grounding ............................................................................................................................ Port Cables .......................................................................................................................... Specifications ....................................................................................................................... 27 27 28 28

Mounting the Platform ................................................................................................. 29 Verifying Accessibility of Management Communication Ports ..................................... 30
APSolute Vision Ports ...................................................................................................... 30 APSolute Insite Ports ........................................................................................................ 31 AppWall Ports ...................................................................................................................... 31

Connecting Cables to Platforms .................................................................................. 32


Connecting Cables to OnDemand Switch VL Platforms ...................................................... 32 Connecting Cables to OnDemand Switch 1, 2, and 3 Platforms ......................................... 32 Connecting Cables to the APSolute Vision Platform ........................................................... 32

Chapter 2 Device Installation .............................................................................. 35


Installing AppDirector, CID, LinkProof, SecureFlow, and SIP Director ........................ 35
OnDemand Switch Platforms ............................................................................................... 36 Application Switches ............................................................................................................ 49 Configuring Management Ports ........................................................................................... 59

Installing AppXcel ........................................................................................................ 61


AppXcel Platforms ............................................................................................................... 61 Connecting and Installing AppXcel ...................................................................................... 64 Configuring IP Host Parameters for AppXcel ...................................................................... 65 Configuring Management Ports ........................................................................................... 67

Installing DefensePro .................................................................................................. 68


DefensePro Platforms .......................................................................................................... 68 Connecting and Installing DefensePro ................................................................................ 77 Connecting the Management Port Cables ........................................................................... 77 Connecting the Inspection Port Cables ............................................................................... 78 Considerations When Connecting Inspection Ports with Internal Bypass ........................... 78 Configuring Management Ports ........................................................................................... 79

Document ID: RDWR_IG_1101

21

Radware Installation and Maintenance Guide Table of Contents

Installing AppWall ....................................................................................................... 80


OnDemand Switch 1 XL and Installation for AppWall ......................................................... Connecting and Installing an AppWall Device ..................................................................... Configuring IP Host Parameters for an AppWall Device ..................................................... Installing AppWall Management Application Client Software .............................................. 80 82 83 84

Installing VirtualDirector .............................................................................................. 86


OnDemand Switch 1 XL for VirtualDirector ......................................................................... 86 Connecting and Installing the OnDemand Switch for VirtualDirector .................................. 88 Configuring Management Ports for VirtualDirector .............................................................. 89

Installing Inflight 3.2 .................................................................................................... 90


OnDemand Switch 1 XL for Inflight 3.2 ............................................................................... 90 Connecting and Installing the OnDemand Switch for Inflight 3.2 ........................................ 93

Installing Insite ManagePro ......................................................................................... 93


Insite ManagePro ................................................................................................................ 93 Powering On and Status Check .......................................................................................... 94

Installing the APSolute Vision Server ......................................................................... 95


APSolute Vision Platform .................................................................................................... 95 Initializing the APSolute Vision Server ................................................................................ 97 Recommended Basic Security Procedures ......................................................................... 98

Chapter 3 Installing the APSolute Vision Client................................................ 99


APSolute Vision Client Requirements ......................................................................... 99
APSolute Vision Client Hardware Requirements ................................................................. 99 APSolute Vision Software Requirements ......................................................................... 100 APSolute Vision Supported Operating Systems ............................................................... 100

Installing the APSolute Vision Client ......................................................................... 100 First-Time Connection to APSolute Vision Reporter for DefensePro ........................ 101

Chapter 4 Installing APSolute Insite................................................................. 103


APSolute Insite Requirements .................................................................................. 103
APSolute Insite Hardware Requirements ......................................................................... APSolute Insite Software Requirements .......................................................................... APSolute Insite Supported Operating Systems ................................................................ APSolute Insite Ports ........................................................................................................ 104 104 104 104

Installing Insite Stand-Alone ..................................................................................... 105 APSolute Insite Licenses .......................................................................................... 106
Security License ............................................................................................................... Plug-in License ................................................................................................................. HP OpenViewAPSolute Insite Plug-in .......................................................................... APSolute Insite Tivoli Plug-In ........................................................................................... CA Unicenter Plug-In ........................................................................................................ Symantec SESA Plug-In ................................................................................................... 107 109 110 112 114 116

Registering the Device .............................................................................................. 118

22

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Table of Contents

Chapter 5 Initial Configuration.......................................................................... 119


Connecting to a Device Using APSolute Vision ....................................................... 119 Connecting to a Device Using APSolute Insite Stand-Alone .................................... 119 Connecting to a Device Using Insite ManagePro ..................................................... 121
Initial Insite ManagePro Settings ...................................................................................... Adding an Administrator User ........................................................................................... Adding a Device to Insite ManagePro .............................................................................. Connecting to a Device Using Insite ManagePro ............................................................. 121 123 124 124

Configuring Target Parameters ................................................................................ 125 Connecting to a Device Using Web Based Management ......................................... 127 Connecting a Device Using the Command Line Interface ........................................ 127 Connecting to an AppWall Device for the First Time ................................................ 128 Connecting to a VirtualDirector Device ..................................................................... 129 Connecting to an Inflight 3.2 Device ......................................................................... 129

Chapter 6 Maintenance and Upgrade............................................................... 131


Shutting Down Devices ............................................................................................ 131 Rebooting Devices ................................................................................................... 132 Managing Device Configuration Files ....................................................................... 133
Device Configuration File Format ..................................................................................... Configuration File Content ................................................................................................ Downloading and Saving Configuration Files ................................................................... Uploading Configuration Files ........................................................................................... Configuration Log ............................................................................................................. 133 133 134 136 140

Upgrading Most Radware Devices ........................................................................... 141


Upgrading Device Software .............................................................................................. 141 Upgrading Licenses .......................................................................................................... 144 Upgrading Hardware Licenses ......................................................................................... 145

Upgrading AppWall ................................................................................................... 146


Upgrading an AppWall Device .......................................................................................... 146 Upgrading AppWall Management Application .................................................................. 147

Upgrading APSolute Insite Stand-Alone ................................................................... 147 Boot Version Update ................................................................................................ 148
Application Switch Boot Version Update .......................................................................... 148

Chapter 7 Troubleshooting ............................................................................... 151


Troubleshooting Most Radware Products ................................................................ 151
Troubleshooting for OnDemand Switch Platforms ............................................................ 151 Troubleshooting for Application Switches 1, 2, 4, and 5 ................................................... 156

Document ID: RDWR_IG_1101

23

Radware Installation and Maintenance Guide Table of Contents

Troubleshooting AppXcel ......................................................................................... 158


Resetting the Device Password ........................................................................................ Tcpdump ........................................................................................................................... Safe Mode ......................................................................................................................... Exporting a Configuration for Radware Technical Support ............................................... 159 159 160 161

Reinstalling APSolute Vision .................................................................................... 161 Troubleshooting APSolute Insite .............................................................................. 161 Troubleshooting Fan Failure ..................................................................................... 162

Appendix A Hardware-Component Replacement ........................................... 163


Upgrading Memory ................................................................................................... 163
Upgrading Memory in Application Switches ...................................................................... 163 Upgrading Memory in XS .................................................................................................. 165

Replacing a Power Supply ....................................................................................... 165


Replacing a Power Supply on the Application Switch 4 and 5 .......................................... Replacing a Power Supply on OnDemand Switch VL-Series Platforms ........................... Replacing a Power Supply on OnDemand Switch 1, 2, and 3 Platforms .......................... Replacing a Power Supply on the APSolute Vision Platform ............................................ 165 167 167 167

Replacing CompactFlash ......................................................................................... 168 Fan Filter Replacement on NEBS-certified Platforms .............................................. 168

Appendix B Specifications................................................................................ 171


OnDemand Switch Specifications ............................................................................ 171
General Specifications of Switches ................................................................................... DC Power Supply Connectors for OnDemand Switch Platforms ...................................... Power Factors for OnDemand Switch Platforms ............................................................... Layer 2 Features for OnDemand Switch Platforms ........................................................... 171 179 180 180

APSolute Vision Platform Specifications .................................................................. 180


General Specifications of the APSolute Vision Platform ................................................... 180 DC Power Supply Connectors for APSolute Vision Appliance .......................................... 182 Power Factors for APSolute Vision Appliance .................................................................. 182

Application Switch Specifications ............................................................................. 182


General Specifications for Application Switches ............................................................... DC Power Supply Connectors for Application Switches ................................................... Power Factors for Application Switches ............................................................................ Layer 2 and Other Features for Application Switches ....................................................... 182 185 188 188

XS Specifications ...................................................................................................... 189 AppXcel Additional Specifications ............................................................................ 190


Technical Specifications per AppXcel Type ...................................................................... 190 SSL Specifications for AppXcel ......................................................................................... 191 Cipher Suite Lists .............................................................................................................. 191

DefensePro Specifications ....................................................................................... 192 Serial Cable Pin Assignment .................................................................................... 193

24

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Table of Contents

Transceiver-Module Specifications ........................................................................... 193


Transceiver-Module Specifications for OnDemand Switch Platforms .............................. 193 Transceiver-Module Specifications for APSolute Vision Appliance .................................. 194 Transceiver-Module Specifications for Application Switches ............................................ 194

Document ID: RDWR_IG_1101

25

Radware Installation and Maintenance Guide Table of Contents

26

Document ID: RDWR_IG_1101

Chapter 1 Pre-Installation
This chapter includes the following sections: Checking the Contents, page 27 NEBS Requirements, page 27 Mounting the Platform, page 29 Verifying Accessibility of Management Communication Ports, page 30 Connecting Cables to Platforms, page 32

Note: For information on the device in your network topology, refer to the user guide or technical notes for the product.

Checking the Contents


Before beginning the installation, verify that all components are included as listed in the packing list document attached to the device box. If you are missing any of the components, contact Radware Technical Support.

NEBS Requirements

This section provides the Network Equipment-Building System (NEBS) requirements for installation of the NEBS-certified Radware platform and rack in which the platform is mounted.

Note: For the availability status of Radware's OnDemand Switch NEBS-compliant platforms, please contact Radware Operations.

Rack and Radware Platform


The rack in which a Radware platform is mounted must be in a Network Telecommunication Facility only. The NEBS-certified Radware platform and rack in which the platform is mounted must be installed in a restricted access location.

Grounding
The NEBS-certified Radware platform and rack in which the platform is mounted must be grounded to a Common Bonding Network.

Document ID: RDWR_IG_1101

27

Radware Installation and Maintenance Guide Pre-Installation

Warning: The intrabuilding port(s) of the equipment or subassembly is suitable for connection to intrabuilding or unexposed wiring or cabling only. The intra-building port(s) of the equipment or subassembly MUST NOT be metallically connected to interfaces that connect to the OSP or its wiring. These interfaces are designed for use as intrabuilding interfaces only (Type 2 or Type 4 ports as described in GR-1089-CORE, Issue 4) and require isolation from the exposed OSP cabling. The addition of Primary Protectors is not sufficient protection in order to connect these interfaces metallically to OSP wiring. Only copper cables, 18 AWG or larger, must be used for grounding purposes. When mounting a Radware platform with a DC power supply, battery return terminals must be in the configuration of an Isolated DC Return (DC-I) or Common DC Return (DC-C). The following diagram shows the proper grounding connection to a Radware platform.

Figure 13: Proper Grounding


Lug or terminal Screw Chasis

Toothed washer
The Radware platform must be connected to the grounding wire by means of the grounding screw using the listed lug. Bare conductors must be coated with antioxidant before making crimp connections. A star washer (tooth washer) must be used next to opposite sides of the grounding lug or terminal (see Figure 13 - Proper Grounding, page 28). This provides the proper locking mechanism. The internal tooth washer removes paint from the chassis to establish a metal-to-metal contact to the unplated surface.

Port Cables
Ethernet port cables should be shielded and grounded at both ends.

Specifications
See Specifications, page 171 for the nominal and steady-state voltage levels of the relevant Radware platform. For the NEBS-certified Radware OnDemand Switch platform, see General Specifications of Switches, page 171 and DC Power Supply Connectors for OnDemand Switch Platforms, page 179. For the NEBS-certified Application Switch platform, see General Specifications for Application Switches, page 182 and DC Power Supply Connectors for Application Switches, page 185.

28

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Pre-Installation

Mounting the Platform


The platform can be either rack-mounted or mounted on a tabletop. The package includes brackets to enable rack-mounting of the device. Rubber feet are attached to the bottom of the device to enable tabletop mounting.

Note: After you mount the platform, ensure that there is adequate airflow surrounding it.

To rack-mount the platform 1. Attach one bracket to each side of the device, using the screws provided. 2. Attach the platform to the rack with the mounting screws. 3. Connect at least one ground wire from the platform chassis to the rack. Typically, the platform has one or two, special, ground screws on the back panel near the screws that secure the power supply.

Warning: Reliable grounding of rack-mounted equipment should be maintained. Particular attention should be given to supply connections other than direct connections to the branch circuit (for example, use of power strips). The rack must be properly grounded. For NEBS grounding requirements, see NEBS Requirements, page 27.

Warning: Installation of the equipment in a rack should be such that the amount of air flow required for safe operation of the equipment is not compromised.

Warning: Mounting of the equipment in the rack should be such that a hazardous condition is not achieved due to uneven mechanical loading.

Warning: Consideration should be given to the connection of the equipment to the supply circuit and the effect that overloading of the circuits might have on overcurrent protection and supply wiring. Appropriate consideration of equipment nameplate ratings should be used when addressing this concern.

Caution: If installed in a closed or multi-unit rack assembly, the operating ambient temperature of the rack environment may be greater than room ambient. Therefore, consideration should be given to installing the equipment in an environment compatible with the maximum ambient temperature (Tma) specified in Specifications, page 171.

Document ID: RDWR_IG_1101

29

Radware Installation and Maintenance Guide Pre-Installation

Note: If the platform is equipped with an AC power supply, connecting a ground wire is not required, but is recommended.

Verifying Accessibility of Management Communication Ports


Radware management interfaces communicate with various UDP/TCP ports using HTTPS, HTTP, Telnet, and SSH. If you intend to use these interfaces, ensure they are accessible and not blocked by your firewall.

APSolute Vision Ports


The following table lists the ports for APSolute Vision server-client communication.

Table 1: Ports for APSolute Vision Server-Clients Communication

Port
22

Protocol
SSH, SFTP, SCP

Type
TCP

Usage
Terminal client to server Server CLI management, file transfer Server to northbound Push backups, reports, and so on

25 443 514 9216

SMTP SSL Syslog HTTPS

TCP TCP UDP TCP

Server to external e-mail server APSolute Vision client to server Server to external syslog server APSolute Vision Reporter client to APSolute Vision Reporter server General management (APSolute Vision Reporter)

The following table lists the ports for communication between APSolute Vision server and Radware devices.

Table 2: Communication Ports for APSolute Vision Server with Radware Devices

Port
161 162 2088 2093 80 69 443

Protocol
SNMP SNMP IRP SRP HTTP TFTP SSL

Type
UDP UDP UDP UDP TCP UDP TCP

Usage
Server to devices SNMP management Devices to server, traps Devices to server, statistics Devices to server, statistics Server to device, file transfer Server to device, file transfer Server to device, file transfer

30

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Pre-Installation

APSolute Insite Ports


The following table lists the UDP/TCP management ports for APSolute Insite.

Table 3: UDP/TCP Ports for APSolute Insite

Port
69

Protocol
UDP/TCP

Description
Used for the Attack DB upload and download configuration using TFTP protocol. Ensure TFTP is not blocked by your firewall and that the management station is not Network Address Translation (NAT) enabled toward the Radware device.

161 162 1167 1306 2088 2093 3306

UDP/TCP UDP/TCP UDP/TCP UDP/TCP UDP/TCP UDP/TCP UDP/TCP

Used for SNMP traffic passing from the device to APSolute Insite and from APSolute Insite to the device. Used for SNMP traps sent from the device to APSolute Insite. Used for passing traffic between the APSolute Insite workstation and APSolute Insite. Used for traffic sent from the APSolute Insite client to the APSolute Insite server. Used by Packet Reporting for receiving packets sent from the device to APSolute Insite. This port is user configurable. Used for collecting SRP (Statistics Reports Protocol) data sent from the device to APSolute Insite. Used for MySQL activities performed between the APSolute Insite workstation and APSolute Insite clients.

AppWall Ports
The following table lists the UDP/TCP management ports for AppWall.

Table 4: UDP/TCP Ports for AppWall

Port
25 161 162 517 1521 8200 8202 18187

Protocol
TCP UDP/TCP UDP/TCP UDP TCP TCP TCP TCP

Description
SMTP port. Used by AppWall Publisher for sending events by e-mail (only when configured). Used for SNMP traffic. Used for SNMP traps sent from the device. Syslog port. Used by AppWall Publisher for sending events via ODBC protocol. ODBC port. Used by AppWall Publisher for sending events via ODBC protocol. Used by AppWall for connecting with AppWall Management Application. Used for AppWall Publisher connectivity (configurable). OPSEC ELA port. Used by AppWall Publisher for integration with Check Point Logging.

Document ID: RDWR_IG_1101

31

Radware Installation and Maintenance Guide Pre-Installation

Connecting Cables to Platforms


This section contains the following topics: Connecting Cables to OnDemand Switch VL Platforms, page 32 Connecting Cables to OnDemand Switch 1, 2, and 3 Platforms, page 32 Connecting Cables to the APSolute Vision Platform, page 32

Connecting Cables to OnDemand Switch VL Platforms


The information in this section is correct for the basic, platform model and the sub-models. Connect the cables to an OnDemand Switch VL platform in the following order: 1. Insert the 8P8C connector of the RJ-45toDE-9 adapter cable to the port labeled CONSOLE.

Note: Radware supplies a RJ-45toDE-9 adapter cable to connect the console port of the platform to a console PC. 2. 3. 4. 5. 6. Insert the DE-9 connector of the RJ-45toDE-9 adapter cable to the console PC. If you are going to use port 6/MNG 1 for out-of-band management, connect a cable to the port labeled 6/MNG 1. Connect the traffic-port cables to the platform. Connect the power cable to the power socket located on the rear panel of the platform. Connect the power cable to the power outlet.

Connecting Cables to OnDemand Switch 1, 2, and 3 Platforms


The information in this section is correct for the basic, platform model and the sub-models. Connect the cables to an OnDemand Switch 1, 2, or 3 platform in the following order: 1. Connect the cables in the following order: a. b. c. d. 2. 3. 4. 5. Power cable Serial (RS-232) cable Management port cable (Ethernet 10/100/1000) to the relevant port, MNG 1 or MNG 2. Traffic-port cables

Connect the power cable to the power socket located on the rear panel of the device. Connect the power cable to the power outlet. Connect the serial cable to the platform. Connect the serial cable to your console.

Connecting Cables to the APSolute Vision Platform


Connect the cables to an APSolute Vision platform in the following order: 1. Insert the 8P8C connector of the RJ-45toDE-9 adapter cable to the port labeled CONSOLE.

Note: Radware supplies a RJ-45toDE-9 adapter cable to connect the console port of the platform to a console PC.

32

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Pre-Installation 2. Insert the DE-9 connector of the RJ-45toDE-9 adapter cable to the console PC. 3. Connect an Ethernet cable to the port labeled G 1 or G 2.

Note: You can use one port for APSolute Vision clients and the second port for connecting to other networks or to connect to a laptop for troubleshooting the APSolute Vision appliance. 4. Connect the power cable to the power socket located on the rear panel of the platform. 5. Connect the power cable to the power outlet.

Document ID: RDWR_IG_1101

33

Radware Installation and Maintenance Guide Pre-Installation

34

Document ID: RDWR_IG_1101

Chapter 2 Device Installation


This chapter explains how to install a Radware device. The term device refers to the physical platform and one of the following products: AppDirector AppWall AppXcel APSolute Vision (server appliance) CID (content inspection director) DefensePro Inflight Insite ManagePro LinkProof SecureFlow VirtualDirector SIP Director

Note: For information on the device in your network topology, refer to the user guide or technical notes for the product. This chapter contains the following sections: Installing AppDirector, CID, LinkProof, SecureFlow, and SIP Director, page 35 Installing AppXcel, page 61 Installing DefensePro, page 68 Installing AppWall, page 80 Installing VirtualDirector, page 86: Installing Inflight 3.2, page 90 Installing Insite ManagePro, page 93 Installing the APSolute Vision Server, page 95

Installing AppDirector, CID, LinkProof, SecureFlow, and SIP Director


This section describes the physical platforms and the relevant installation processes for the following Radware products: AppDirector CID LinkProof SecureFlow SIP Director

Document ID: RDWR_IG_1101

35

Radware Installation and Maintenance Guide Device Installation The following table lists the relevant Radware products and the platforms that support them.

Table 5: Products and PlatformsAppDirector, CID, LinkProof, SecureFlow, and SIP Director

Platform
OnDemand Switch VL OnDemand Switch VL EL OnDemand Switch VL XL OnDemand Switch 1 OnDemand Switch 1 XL OnDemand Switch 2 OnDemand Switch 2 XL OnDemand Switch 3 OnDemand Switch 3 v.2 OnDemand Switch 3 XL Application Switch 1 Application Switch 2 Application Switch 3 Application Switch 4 Application Switch 5 Compact Application Switch i ii iii iv v

AppDirector AppDirector CID 1.x 2.x


9 9ii 9 9 9 9 9v 9 9 9 9 9vi 9viii 9viii 9 9 9ix 9ix 9ix 9 9 9ix 9ix

LinkProof SecureFlow SIP Director


9 9i 9iii 9iv 9vii

9x 9x 9x 9x 9x

9 9 9 9

Supported only on LinkProof 6.12.02 and later. Supported only on AppDirector 2.11.20 and later. Supported only on SIP Director 2.10 and later. Supported only on LinkProof 6.xx. Supported only on AppDirector 1.07.10.

vi Supported only on CID 3.0 and later. vii Supported only on LinkProof 6.12 and later. viii Supported only on AppDirector 2.13. ix Supported only on CID 2.x.
x Supported only on LinkProof 5.xx.

OnDemand Switch Platforms


Unless stated otherwise, the platform information in this section is correct for each basic, platform model and the sub-models. For example, the information in OnDemand Switch VL, page 37 is correct for OnDemand Switch VL, OnDemand Switch VL EL, and OnDemand Switch VL XL.

36

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation This section contains the following: OnDemand Switch VL, page 37 OnDemand Switch 1, page 39 OnDemand Switch 2, page 41 OnDemand Switch 3, page 44 OnDemand Switch LCD Module, page 46 OnDemand Switch Boot Commands, page 49

OnDemand Switch VL
Figure 14: OnDemand Switch VL Front Panel

Table 6: OnDemand Switch VL Front Panel

Feature

Label/Description
Power button. Turns power on and off. Pressing the button for 1 to 4 seconds causes a graceful shutdown of the system, thus preserving system integrity. Pressing the button for more than four (4) seconds causes the hardware to power down. Reset button. Resets the device. Serial RJ-45 port for out-of-band management. Note: Radware supplies a RJ-45toDE-9 adapter cable to connect the console port of the platform to a console PC. USB port for recovery and file transfer. RJ-45 GbE ports for traffic or in-band management. The platform supports six RJ-45 GbE ports for traffic or in-band management. You can manually configure the last RJ-45 GbE port, labeled 6/MNG 1, to be a dedicated, out-of-band management port. For the procedure, see To configure the G6 / MMG1 port for dedicated out-of-band management, page 39. LEDs: ACTFlashing indicates activity. LINKGreen indicates 1000 Mbit/s. Yellow indicates 10 or 100 Mbit/s.

Document ID: RDWR_IG_1101

37

Radware Installation and Maintenance Guide Device Installation

Table 6: OnDemand Switch VL Front Panel

Feature

Label/Description
SFP GbE ports for traffic. The platform supports two SFP GbE ports for traffic ports for traffic. LEDs: ACTFlashing indicates activity. LINKGreen indicates 1000 Mbit/s. Status LEDs: PWR OKGreen indicates nominal operation. When the LED is red, a qualified service person should immediately check the power source and the power supply. SYS OKGreen indicates nominal operation. Red indicates that the device is booting. Red or alternating red and green indicates a warning (for example, the temperature is high, but still in the allowed range).

Figure 15: OnDemand Switch VL Back Panel

Table 7: OnDemand Switch VL Back Panel

Feature
Ground screws Power supply socket(s)

Description
Screws to ground the platform chassis to the rack. 1U units have one ground screw. Typically, 2U units have two ground screws. The socket to which the power cable is connected.

Notes: >> If the power is disconnected and reconnected (for example, after the power cord is removed and replaced, or after a power failure), the platform returns to its previous state. For example, if the platform was running, and then you disconnect the power cord, when you reconnect the power cord, the platform automatically switches on. Likewise, if the platform is not running, if you disconnect the power cord and reconnect it, the platform stays powered off until you press the power button. >> For additional technical information, see Table 6 - Layer 2 Features for OnDemand Switch Platforms, page 180.

Caution: If you want to change the function of the 6/MNG 1 port after there is a configuration on the device, you need to save configuration, delete the configuration using q1, reboot device, and reconfigure the function of the of the 6/MNG 1 port using the Startup Configuration procedure.

38

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation

To configure the G6 / MMG1 port for dedicated out-of-band management 1. Ensure that an ASCII console is connected to the device through the RJ-45toDE-9 cable and that console computer is turned on. 2. Do one of the following: If you are using an ASCII terminal, power on the terminal. If you are using a computer with terminal emulation software, run the terminal emulation program and use the following port parameters:

Bits per second: 19200 Data bits: 8 Parity: None Stop bits: 1 Flow control: None 3. Power on the device. The PWR and SYS or SYS OK LED indicators on the front panel light up. The device starts up. After approximately a minute, the Startup Configuration window is displayed. 4. In the Startup Configuration window, for the first parameter, Enable management port, enter y. 5. Provide the rest of the requested information as appropriate. The device reboots after the last parameter is defined. Press Enter to accept default values. If no configuration is entered within 30 seconds, the device applies the following default configuration: a. b. c. IP Address: 192.168.1.1 IP subnet mask: 255.255.255.0 Port number for management. The port number depends on the switch platform used. User name and password: radware Wait for the prompt. Type login and press Enter. Enter the username and password: User: radware Password: radware To view the current IP interface setting of the device, enter the following:

6. If the start-up configuration screen does not appear, do the following:

d. e.

ip-interface get
To add/modify/delete the existing IP Interface, enter the following:

net ip-interface help

OnDemand Switch 1
Figure 16: OnDemand Switch 1 (with Single Power Supply) Front Panel
LCD LCD menu buttons

Document ID: RDWR_IG_1101

39

Radware Installation and Maintenance Guide Device Installation

Table 8: OnDemand Switch 1 Front Panel

Feature

Label/Description
Dual (SFP or RJ-45) GbE ports for traffic or management. The platform supports four dual GbE ports. Only one side of a dual port can be active at the same time. LEDs: SFP-port ACTFlashing indicates activity. RJ-45port ACTFlashing indicates activity. RJ-45port LINKGreen indicates 1000 Mbit/s. Yellow indicates 10 or 100 Mbit/s. Power button. Turns power on and off. Pressing the button for 1 to 4 seconds causes a graceful shutdown of the system, thus preserving system integrity. Pressing the button for more than four (4) seconds causes the hardware to power down. Reset button. Resets the device. USB port for recovery and file transfer.

Management ports. The platform supports two RJ-45 10/100/1000 Ethernet ports, which are for management only. LEDs: ACTFlashing indicates activity. LINKGreen indicates 1000 Mbit/s. Yellow indicates 10/100 Mbit/s. RS-232 DE-9 port for out-of-band management.

Status LEDs: PWRGreen indicates nominal operation. When the platform carries a dual power supply, red indicates that one of the two power cables is not supplying power or that one of the power supplies is malfunctioning. When the LED is red, a qualified service person should immediately check the power source and the power supply. FANGreen indicates nominal operation. Red indicates that one or more fans is not operating. SYS OKGreen indicates nominal operation. Red indicates that the device is booting. Red or alternating red and green indicates a warning (for example, the temperature is high, but still in the allowed range).

Figure 17: OnDemand Switch 1 (with Single Power Supply) Back Panel

40

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation

Figure 18: OnDemand Switch 1 (with Dual Power Supply) Back Panel

Table 9: OnDemand Switch 1 Back Panel

Feature
Power supply socket(s) CompactFlash Ground screws

Description
The socket to which the power cable is connected. Insertion point for CompactFlash card. Screws to ground the platform chassis to the rack. 1U units have one ground screw. Typically, 2U units have two ground screws.

Notes: >> If the power is disconnected and reconnected (for example, after the power cord is removed and replaced, or after a power failure), the platform returns to its previous state. For example, if the platform was running, and then you disconnect the power cord, when you reconnect the power cord, the platform automatically switches on. Likewise, if the platform is not running, if you disconnect the power cord and reconnect it, the platform stays powered off until you press the power button. >> For additional technical information, see Table 6 - Layer 2 Features for OnDemand Switch Platforms, page 180.

OnDemand Switch 2
Figure 19: OnDemand Switch 2 (with Single Power Supply) Front Panel
LCD menu buttons LCD

Document ID: RDWR_IG_1101

41

Radware Installation and Maintenance Guide Device Installation

Figure 20: OnDemand Switch 2 NEBS Front Panel


Fan-filter-sleeve cover LCD menu buttons

LCD

Table 10: OnDemand Switch 2 Front Panel

Feature

Label/Description
SFP GbE ports for traffic or management. The platform supports four (4) SFP ports. LEDs: ACTFlashing indicates activity. LINKGreen indicates 1000 Mbit/s. RJ-45 GbE ports for traffic or management. The platform supports twelve (12) GbE ports. LEDs: ACTFlashing indicates activity. LINKGreen indicates 1000 Mbit/s. Yellow indicates 10 or 100 Mbit/s. Power button. Turns power on and off. Pressing the button for 1 to 4 seconds causes a graceful shutdown of the system, thus preserving system integrity. Pressing the button for more than four (4) seconds causes the hardware to power down. Reset button. Resets the device. USB port for recovery and file transfer.

Management ports. The platform supports two RJ-45 10/100/1000 Ethernet ports, which are for management only. LEDs: ACTFlashing indicates activity. LINKGreen indicates 1000 Mbit/s. Yellow indicates 10 or 100 Mbit/s.

42

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation

Table 10: OnDemand Switch 2 Front Panel

Feature

Label/Description
RS-232 DE-9 port for out-of-band management.

Status LEDs: PWRGreen indicates nominal operation. When the platform carries a dual power supply, red indicates that one of the two power cables is not supplying power or that one of the power supplies is malfunctioning. When the LED is red, a qualified service person should immediately check the power source and the power supply. FANGreen indicates nominal operation. Red indicates that one or more fans is not operating. SYS OKGreen indicates nominal operation. Red indicates that the device is booting. Red or alternating red and green indicates a warning (for example, the temperature is high, but still in the allowed range).

Figure 21: OnDemand Switch 2 (with Single Power Supply) Back Panel

Figure 22: OnDemand Switch 2 (with Dual Power Supply) Back Panel

Figure 23: OnDemand Switch 2 NEBS Back Panel

Document ID: RDWR_IG_1101

43

Radware Installation and Maintenance Guide Device Installation

Table 11: OnDemand Switch 2 Back Panel

Feature
Power supply socket(s) CompactFlash Ground screws

Description
The socket to which the power cable is connected. Insertion point for CompactFlash card. Screws to ground the platform chassis to the rack. 1U units have one ground screw. Typically, 2U units have two ground screws.

Notes: >> If the power is disconnected and reconnected (for example, after the power cord is removed and replaced, or after a power failure), the platform returns to its previous state. For example, if the platform was running, and then you disconnect the power cord, when you reconnect the power cord, the platform automatically switches on. Likewise, if the platform is not running, if you disconnect the power cord and reconnect it, the platform stays powered off until you press the power button. >> For additional technical information, see Table 6 - Layer 2 Features for OnDemand Switch Platforms, page 180.

OnDemand Switch 3
Figure 24: OnDemand Switch 3 Front Panel
LCD menu buttons LCD

Table 12: OnDemand Switch 3 Front Panel

Feature

Label/Description
10 Gigabit Ethernet (10GbE) ports for traffic or management. The platform supports four XFP ports. LEDs: ACTFlashing indicates activity. LINKGreen indicates 10GbE. SFP GbE ports for traffic or management. The platform supports four SFP ports. LEDs: ACTFlashing indicates activity. LINKGreen indicates 1000 Mbit/s.

44

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation

Table 12: OnDemand Switch 3 Front Panel

Feature

Label/Description
RJ-45 GbE ports for traffic or management. The platform supports eight GbE ports. LEDs: ACTFlashing indicates activity. LINKGreen indicates 1000 Mbit/s. Yellow indicates 10 or 100 Mbit/s. Power button. Turns power on and off. Pressing the button for 1 to 4 seconds causes a graceful shutdown of the system, thus preserving system integrity. Pressing the button for more than four (4) seconds causes the hardware to power down. Reset button. Resets the device. USB port for recovery and file transfer.

Management ports. The platform supports two RJ-45 10/100/1000 Ethernet ports, which are for management only. LEDs: ACTFlashing indicates activity. LINKGreen indicates 1000 Mbit/s. Yellow indicates 10 or 100 Mbit/s. RS-232 DE-9 port for out-of-band management.

Status LEDs: PWRGreen indicates nominal operation. When the platform carries a dual power supply, red indicates that one of the two power cables is not supplying power or that one of the power supplies is malfunctioning. When the LED is red, a qualified service person should immediately check the power source and the power supply. FANGreen indicates nominal operation. Red indicates that one or more fans is not operating. SYS OKGreen indicates nominal operation. Red indicates that the device is booting. Red or alternating red and green indicates a warning (for example, the temperature is high, but still in the allowed range).

Figure 25: OnDemand Switch 3 Back Panel

Document ID: RDWR_IG_1101

45

Radware Installation and Maintenance Guide Device Installation

Table 13: OnDemand Switch 3 Back Panel

Feature
Dual power supply sockets CompactFlash Ground screws

Description
The socket to which the power cable is connected. Insertion point for CompactFlash card. Screws to ground the platform chassis to the rack. Typically, 2U units have two ground screws.

Notes: >> If the power is disconnected and reconnected (for example, after the power cord is removed and replaced, or after a power failure), the platform returns to its previous state. For example, if the platform was running, and then you disconnect the power cord, when you reconnect the power cord, the platform automatically switches on. Likewise, if the platform is not running, if you disconnect the power cord and reconnect it, the platform stays powered off until you press the power button. >> For additional technical information, see Table 6 - Layer 2 Features for OnDemand Switch Platforms, page 180.

OnDemand Switch LCD Module


Some OnDemand Switch platforms (for the products described in this section) support an LCD module, which consists of the LCD itself and LCD menu buttons.

Figure 26: OnDemand Switch LCD

You can use the LCD module for detailed device monitoring and for the initial configuration of the management port.

Note: On OnDemand Switch 1 and OnDemand Switch 2 running AppDirector 1.06, you can use the LCD module for basic device monitoring only; and the LCD menu buttons are nonfunctional. Basic device monitoring comprises the display of product and product version, CPU utilization in percent, and input and output (in megabytes, for each port whose status is up). This section contains the following: LCD Menu Buttons Nominal Display Initial Configuration of Management Port Using the LCD Module LCD Menus

46

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation LCD Menu Buttons There are six functional LCD menu buttons: up arrow, down arrow, left arrow, right arrow, Enter (9), and Escape (x). Press the up or down buttons to select different menus within the menu hierarchies. Press the right button to choose the selected menu. Press the left button to return to the previous level in the hierarchy. If you are configuring the OnDemand Switch for the first time, the buttons have additional functionality (see Initial Configuration of Management Port Using the LCD Module). Nominal Display When you turn on an OnDemand Switch, the LCD displays the following:

oo Radware
o o ODS<Version> Loading

During the boot process, the third line, Loading, changes to Loaded Boot <Boot version>. After the initial configuration, when the device completes bootingor after 30 minutes without any activity, the LCD displays the following: oo Radware o o o <Product> <Product version> Time: <HH:MM:SS>

Initial Configuration of Management Port Using the LCD Module When you turn on the OnDemand Switch for the first time, there is no defined IP address, subnet mask, or physical port for the management port of the device. You can define these parameters using the LCD module after the platform boots and displays Setup Config.

Caution: When the LCD displays Setup Config, you have 30 seconds to enter the setup configuration. After these 30 seconds elapse, the platform uses the defaults, 192.168.1.1, 255.255.255.0, and G-1 respectively. However, later, using the CLI, you can change the values as required. When you configure the management IP address and IP subnet mask using the LCD module, the buttons have the following additional functionality: The up and down arrow buttons increase or decrease numbers. The left and right arrow buttons move the cursor to the next digit or returns the cursor to the previous number. At the end of the management IP address or subnet mask, the right arrow button moves the cursor to the next field in this menu. To return to the previous field, press the left arrow button. Enter (9) sets the values. Escape (x) leaves the value unchanged.

To configure the management port using the LCD module 1. Turn on the OnDemand Switch. The boot process starts. 2. Within 30 seconds after the LCD displays Setup Config, press the right arrow. The LCD displays IP address with the value 000.000.000.000, and the cursor on the first number. 3. Specify the IP address of the management port for the OnDemand Switch, and, after the last number, press the right arrow button. The LCD displays IP subnet mask with the value 255.000.000.000.

Document ID: RDWR_IG_1101

47

Radware Installation and Maintenance Guide Device Installation 4. 5. 6. 7. 8. 9. Specify the IP subnet mask of the management port for the OnDemand Switch, and, after the last number, press the right arrow button. The LCD displays the selected management port. Scroll down to the physical port that you want to use as the management port, for example, MNG-2. Press the right arrow button. The LCD displays Enable web and its value, Yes or No. Press the up arrow for Yes. Press the down arrow for No. Press the right arrow button. The LCD displays Enable telnet and its value, Yes or No. Press the up arrow for Yes. Press the down arrow for No. Press the right arrow button. The LCD displays Enable SSH and its value, Yes or No. Press the up arrow for Yes. Press the down arrow for No. Press 9 to save and exit the startup configuration. The OnDemand Switch reboots with your configuration.

LCD Menus After an OnDemand Switch boots, press any of the LCD buttons to access the LCD menus.

Table 14: LCD Menu

Submenu
Device Information Platform Product Version MAC Serial Power supply Number of CPUs Number of cores CPU util CPU temp Memory Statisticsi Port statistics

Subsubmenu

Remark
Platform type and version. Product. Version of product. MAC address of the platform. The serial number of the device. Single power supply or dual power supply. Number of CPUs. Number of CPU cores. CPU utilization in percent. CPU temperature in Centigrade. RAM in megabytes.

Port Port status Pkt: in<Number>/ out<Number>K

Port identifier, for example G-1. Either up or down. Number of input and output packets in thousands per second. Displayed only when Port status is up.

Byt: in<Number>/ Out<Number>MB

Amount of input and output megabytes per second. Displayed only when Port status is up.

48

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation

Table 14: LCD Menu

Submenu
Settings LCD Contrast

Subsubmenu
Contrast

Remark
Increase or decrease LCD contrast using the right and left arrow buttons. Increase or decrease LCD backlight intensity using the right and left arrow buttons. The selected rate is enclosed in asterisks, for example *19200*. Press the down and up arrow buttons to scroll between the values.

LCD Backlight

Backlight

Serial Baud Rate

Serial baud rate

Shutdown

Shutdown Reboot

Shutdown Reboot

Enter = Yes Escape = No Enter = Yes Escape = No

i The LCD displays statistics per port and refreshes them every second. Thus, the packets-in, packets-out, megabytes-in, and megabytes-out values are per second.

OnDemand Switch Boot Commands


The following table lists the boot commands that the OnDemand Switch platforms support and which you may use.

Caution: Some boot commands are intended only for use by Radware Technical Support.

Table 15: OnDemand Switch Boot Commands

Command
? @ a e

Description
Print this list. Boot (load and go). Print installed applications list. Print fatal exception.

Application Switches
You can install certain versions of AppDirector, CID, LinkProof, and SecureFlow on Application Switches. This section contains the following: Application Switch 1, page 50 Application Switch 2, page 51 Application Switch 3, page 53 Application Switch 4, page 54 Application Switch 5, page 55 AppDirector, CID, LinkProof, and SecureFlow Installation on Application Switches, page 56

Document ID: RDWR_IG_1101

49

Radware Installation and Maintenance Guide Device Installation Application Switch Boot Commands, page 57 Compact Application Switch, page 58

Application Switch 1
Figure 27: Application Switch 1 Front Panel

Table 16: Application Switch 1 Front Panel

Feature

Description
Reset button. Resets the device.

Status LEDs: PWRIndicates that the device is powered. SYS OKIndicates that the application is currently running. This LED is off when the application is still loading or has failed. Mode button. Changes the display mode of the port LEDs.

Display Mode LEDs indicate the display mode of the port LEDs. Modes start from the top line, left to right. Display Mode LEDs: LNKLink status. FEEthernet Mode (for Fast Ethernet ports only). COLCollisions. ERRErrors. ACTActivity. FDDuplex mode. TXTransmission activity. RXReceiving activity. RS-232 DE-9 port for out-of-band management.

50

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation

Table 16: Application Switch 1 Front Panel

Feature

Description
Gigabit Ethernet port and LED. The LED indicates the following information according to display mode as shown above. Mode: LNKLit indicates that a physical connection detected. Off indicates that no physical connection detected. ACTFlashing indicates activity. FDLit indicates full duplex mode. Off indicates half duplex mode. COLLit indicates that collisions are occurring. ERRLit indicates that errors are occurring. TXFlashing indicates that the port is transmitting data. RXFlashing indicates that the port is receiving data. Status LEDs for the eight (8) Fast Ethernet ports.

Fast Ethernet port (18).

Table 17: Application Switch 1 Back Panel

Feature
Power socket Power switch Act Boot

Description
The socket to which the power cable is connected. On/Off power. DIP switch 1 (first left) determines the active boot on the device. Switch down: boot 1 is active. Switch up: boot 2 is active.

Application Switch 2
Figure 28: Application Switch 2 Front Panel

Document ID: RDWR_IG_1101

51

Radware Installation and Maintenance Guide Device Installation

Table 18: Application Switch 2 Front Panel

Feature

Description
Status LEDs: PWROn indicates that the device is powered. FANNot lit indicates that all fans are operational. Lit (orange) indicates that the fans are not operational. SYSOn indicates that the application is currently running. Off indicates that application is still loading or has failed. When the device has dual power supplies and one is unavailable, the LED continually flashes. Reset button. Resets the device. Gigabit Ethernet port and LEDs. LEDs: UpperOn indicates that a physical connection detected. Off indicates that no physical connection detected. MiddleLit green indicates that port is receiving data. Lit red indicates receive loss or no physical connection. LowerLit green indicates that port is transmitting data. Lit red indicates transmission faults. The LEDs indicate the display mode of the Fast Ethernet ports as follows. LNKLink status. ACTActivity. FEEthernet mode. FDDuplex mode. Mode button. Changes the display mode of the Fast Ethernet port LEDs. The status LEDs for the Fast Ethernet ports. Each port LED indicates the following information according to display mode: LNKoN indicates physical connection detected. Off indicates no physical connection detected. ACTFlashing indicates activity. FEOn indicates 100BASE-T mode. Off indicates 10BASE-T mode. FDOn indicates Full Duplex mode. Off indicates half duplex mode. Fast Ethernet ports (F1F16).

Table 19: Application Switch 2 Back Panel

Feature
Power socket Power switch

Description
The socket to which the power cable is connected. On/Off power.

52

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation

Table 19: Application Switch 2 Back Panel

Feature
Act Boot Dual Power Supply Support

Description
DIP switch 1 (first left) determines the active boot on the device. Switch down: boot 1 is active. Switch up: boot 2 is active. DIP switch 8 specifies whether the machine carries a single or dual power supply. For 1U units (which carry a single power supply) that support hardware version 4.5002 and later, DIP switch 8 should be in the up position. For 1U units (which carry a single power supply) that support hardware version earlier than 4.5002, DIP switch 8 should be in the down position by default. For 2U units (which carry a dual power supply), DIP switch 8 must be in the down position. Note: To find out the hardware version of the machine, you can do any of the following: >> Using CLI, enter system device-info. >> Using Web Based Management, from the Device menu, select Device Information. >> Contact Radware Technical Support.

RS-232 CompactFlash Ethernet port

RS-232 DE-9 port for out-of-band management. Insertion point for CompactFlash card. Ethernet port (for debugging purposes onlyRadware R&D only).

Application Switch 3
Figure 29: Application Switch 3 Front Panel

Table 20: Application Switch 3 Front Panel

Feature p

Description
Status LEDs: PWRLit when the device is powered. FANLit indicates that the fans are not operational. SYSLit when the application is running. Off when the application is still loading or has failed. Reset button. Resets the device. 10 Gigabit Ethernet (10GbE) ports and LEDs. LEDs indicate link and activity. LEDs: UpperOn indicates physical connection detected. Off indicates no physical connection detected. MiddleLit green indicates port is receiving data. Lit red indicates receive loss or no physical connection. LowerLit green indicates port is transmitting data. Lit red indicates transmission faults.

Document ID: RDWR_IG_1101

53

Radware Installation and Maintenance Guide Device Installation

Table 20: Application Switch 3 Front Panel

Feature

Description
Gigabit Ethernet ports (G1G7) and LEDs. LEDs: UpperOn indicates physical connection detected. Off indicates no physical connection detected. MiddleLit green indicates port is receiving data. Lit red indicates receive loss or no physical connection. LowerLit green indicates port is transmitting data. Lit red indicates transmission faults. Fast Ethernet ports (116). LEDs: Left LEDLit green indicates 100BASE-T mode. Flashing green indicates that data is being transferred via the port in 100BASE-T mode. Lit yellow indicates 10BASE-T mode. Flashing yellow indicates that data is being transferred via the port in 10BASE-T mode. Off indicates no link.

Table 21: Application Switch 3 Back Panel

Feature
Power socket Power switch Act Boot

Description
The socket to which the power cable is connected. On/Off power. DIP switch 1 (first left) this switch forces the device to use the internal flash application version after a reboot has occurred. Switch down device reboots from CompactFlash (default). Switch up device reboots from internal flash. RS-232 console port for out-of-band management. Insertion point for CompactFlash card.

RS-232 CompactFlash

Application Switch 4
Figure 30: Application Switch 4 Front Panel

54

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation

Table 22: Application Switch 4 Front Panel

Feature

Description
Status LEDs: PWRLit indicates that the device is powered. FANLit indicates that the fans are not operational. SYSThe application is currently running. This LED is off when the application is still loading or has failed. When the device has dual power supplies and one is unavailable, the System LED continually flashes. Reset button. Resets the device. Gigabit Ethernet (GbE) ports and LEDs. LED indicates link and activity.

10/100/1000 RJ-45 Ethernet ports and LEDs. LEDs: LeftLit green indicates 1000BASE-T mode. Flashing green indicates that data is being transferred via the port. RightLit green indicates that the link is active and the port is synchronized to 1000 Mbit/s. Lit yellow indicates that the port is synchronized to 100 Mbit/ s. No LED indicates that the port is synchronized to 10 Mbit/s.

Table 23: Application Switch 4 Back Panel

Feature
Power socket Power switch Act Boot

Description
The socket to which the power cable is connected. On/Off power. DIP switch 1 (first left) forces the device to use the internal flash application version after a reboot has occurred. Switch down: device reboots from CompactFlash (default). Switch up: device reboots from internal flash. RS-232 console port for out-of-band management. Insertion point for CompactFlash card.

RS-232 port CompactFlash

Application Switch 5
Figure 31: Application Switch 5 Front Panel

Document ID: RDWR_IG_1101

55

Radware Installation and Maintenance Guide Device Installation

Table 24: Application Switch 5 Front Panel

Feature

Description
Status LEDs: PWRLit indicates that the device is powered. FANLit indicates that the fans are not operational. SYSLit indicates that the application is currently running. This LED is off when the application is still loading or has failed. When the device has dual power supplies and one is unavailable, the LED continually flashes. Reset button. Resets the device. 10 Gigabit Ethernet (10GbE) ports and LEDs. LEDs indicate link and activity.

Gigabit Ethernet ports (G9G17) and LEDs. LED indicates link and activity.

10/100/1000 RJ-45 Ethernet ports (18). LEDs: Left LEDLit green indicates 1000BASE-T mode. Flashing green indicates that data is being transferred via the port. Right LEDLit green indicates that the link is active and the port is synchronized to 1000 Mbit/s. Lit yellow indicates that the port is synchronized to 100 Mbit/s. No LEDIndicates that the port is synchronized to 10 Mbit/s.

Table 25: Application Switch 5 Back Panel

Feature
Power socket Power switch Act Boot

Description
The socket to which the power cable is connected. On/Off power. DIP switch 1 (first left) forces the device to use the internal flash application version after a reboot has occurred. Switch down device reboots from CompactFlash (default). Switch up device reboots from internal flash. RS-232 DE-9 port for out-of-band management. Insertion point for CompactFlash card.

RS-232 port CompactFlash

AppDirector, CID, LinkProof, and SecureFlow Installation on Application Switches

To install AppDirector, CID, LinkProof, and SecureFlow on Application Switches 1. Connect the cables in the following order: a. b. c. AC or DC power connector. Use the 12-gauge insulated copper DC-input cables for the connection to each DC power supply. ASCII terminal (serial) connector. LAN connections.

56

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation 2. Connect the power cable to the main socket, located on the rear panel. 3. Connect the serial port connector to the RS-232 port located on the front panel on Application Switch 1 and on the rear panel on Application Switch 2, Application Switch 4, and Application Switch 5. 4. Connect the other end of the serial port connector cable to your computer. 5. Do one of the following: If you are using an ASCII terminal, power on the terminal. If you are using a computer with terminal emulation software, run the terminal emulation program and use the following port parameters:

Bits per second: 19200 Data bits: 8 Parity: None Stop bits: 1 Flow control: None 6. Turn on the units power. When the device is connected and operating properly, the PWR and System OK indicators are lit continuously. 7. Connect the LAN connections. They differ as follows: Fast Ethernet portStandard UTP or STP Ethernet cable, RJ-45 connector. Gigabit Ethernet port1000BASE-SX, LX, or ZX fiber optic cable, SC connector for Application Switch 2 and 1000BASE-SX, LX or ZX fiber optic cable, LC connector.

Note: Application Switch 1 version 2, Application Switch 2, Application Switch 4, and Application Switch 5 can use both cross and straight cables when Auto Negotiation is enabled. When Auto Negotiation is disabled, you need to use a cross cable to connect the device to a server or switch. 8. Connect the cable to the port interface, located on the front panel. 9. Connect the other end of the cable to the LAN switch.

Application Switch Boot Commands


The following table lists the boot commands that the Application Switches support and which you may use.

Caution: Some boot commands are intended only for use by Radware Technical Support.

Table 26: Application Switch Boot Commands

Command
? @ a e

Description
Print this list. Boot (load and go). Print installed applications list. Application with index 0 represents the recovery application on the internal flash. Print fatal exception.

Document ID: RDWR_IG_1101

57

Radware Installation and Maintenance Guide Device Installation

Compact Application Switch


You can install LinkProof on Compact Application Switch.

Figure 32: Compact Application Switch Front Panel


Traffic LEDs

Table 27: Compact Application Switch Front Panel

Feature

Description
Status LEDs: PWR OKLit indicates that the device is powered. SYS OKLit indicates that the application is currently running. This LED is off when the application is still loading or has failed. Traffic LEDsIndicate traffic.

Figure 33: Compact Application Switch Back Panel

Table 28: Compact Application Switch Back Panel

Feature

Description
Power supply connection point.

RS-232 DE-9 port for out-of-band management. RJ-45 Ethernet ports (18) and LEDs. LEDs: LNK/ACTOff indicates that no physical connection is detected. On indicates that a physical connection is detected. Flashing indicates that data is being transferred via the port. 10/100Off indicates that the port is working in 10BaseT mode. On indicates that the port is working in 100BaseT mode.

58

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation

To install LinkProof on Compact Application Switch 1. Connect the cables in the following order: a. b. c. DC power connector. Use the 12-gauge insulated copper DC-input cables for the connection to each DC power supply. ASCII terminal (serial) connector. LAN connections.

2. Connect the serial port connector to the RS-232 port located on the back panel on the Compact Application Switch. 3. Connect the other end of the serial port connector cable to your computer. 4. Open a terminal emulation application (Hyper Terminal, for example.) 5. In the Hyper Terminal Opening window, select File > Properties; or, click the Properties icon on the toolbar. The New Connection Properties window is displayed. 6. Click Configure. The Properties window is displayed. 7. In the Port Settings pane, verify that the parameters are set as follows: Bits per second: 19200 Data bits: 8 Parity: None Stop bits: 1 Flow Control: None

8. Turn on the units power. When the device is connected and operating properly, the PWR OK and SYS OK LED indicators are lit. 9. Connect the LAN connections via the Fast Ethernet ports (RJ-45 connectors) 10. Connect the cable to the port interface, located on the back panel. 11. Connect the other end of the cable to the LAN switch.

Configuring Management Ports


To manage the device, you need to configure a management port using an IP address. You can then manage the device with either SSH Client, Web Based Management (WBM), Telnet, and, depending on the product, with APSolute Insite or APSolute Vision. For details on the management interfaces that a product supports, see the relevant user guide.

To configure the management port for the first time 1. Ensure that an ASCII console is connected to the device through the serial cable and that console computer is turned on. Radware recommends using HyperTerminal as a console application. The following procedure uses HyperTerminal as the console application. 2. From the HyperTerminal open window, select File > Properties, or click the Properties icon in the toolbar. The New Connection Properties dialog box is displayed. 3. In the New Connection Properties dialog box, select Configure. The Properties window is displayed with the Port Settings pane.

Document ID: RDWR_IG_1101

59

Radware Installation and Maintenance Guide Device Installation 4. In the Port Settings pane, set the following parameters: 5. Bits per second: 19200 Data bits: 8 Parity: None Stop bits: 1 Flow control: None

Power on the device. The PWR and SYS or SYS OK LED indicators on the front panel light up. The device starts up. After approximately a minute, the Startup Configuration window is displayed.

6.

In the Startup Configuration window, provide the required information for the IP address, IP subnet mask, Port Number, for the management port, and Default router IP address parameters; and press Enter for each of the remaining settings. The device reboots after the last parameter is defined. Press Enter to accept default values. If no configuration is entered within 30 seconds, the device applies the following default configuration: IP Address: 192.168.1.1 IP subnet mask: 255.255.255.0 Port number for management. The port number depends on the platform. For OnDemand Switch platforms, the default is G-1. For Application Switch platforms, the default is 1. User name and password: radware Wait for the prompt <ProductName>>. Type login and press Enter. Enter the username and password: User: radware Password: radware To view the current IP interface setting of the device, enter the following:

7.

If the start-up configuration screen does not appear, do the following: a. b. c.

d. e.

ip-interface get
To add/modify/delete the existing IP Interface, enter the following:

net ip-interface help

60

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation

Installing AppXcel
This section describes the physical platforms and installation process for AppXcel. This section contains the following topics: AppXcel Platforms, page 61 Connecting and Installing AppXcel, page 64 Configuring IP Host Parameters for AppXcel, page 65

AppXcel Platforms
The following platforms support AppXcel: AppXcel XS 1, page 61 AppXcel XS 2, page 62 AppXcel XS 3, page 63

AppXcel XS 1
Figure 34: AppXcel XS 1 Front Panel

Table 29: AppXcel XS 1 Front Panel

Feature

Description
RS-232 DE-9 console port for out-of-band management.

Power LEDIndicates that the device is powered. System OK LEDIndicates that the device system is operational. The LED turns off in the event the application is still loading or has failed. BYPASS LEDLit when the Bypass feature is activated. SSL LEDindicates SSL acceleration card operation. Bypass buttonWith this feature activated, the device is neutralized by using a simulated wire-like operation and is supported by the platform.

Document ID: RDWR_IG_1101

61

Radware Installation and Maintenance Guide Device Installation

Table 29: AppXcel XS 1 Front Panel

Feature

Description
ResetResets the device. This acts in the same way as the reboot command in the CLI. LAN interface (LAN 1 and LAN 2) for management or traffic. LEDs: LNK/ACTOff indicates that no physical connection is detected. On indicates that a physical connection is detected. Flashing indicates that data is being transferred via the port. FELit indicates a 100-MB Fast Ethernet connection.

AppXcel XS 2
Figure 35: AppXcel XS 2 Front Panel

Table 30: XS 2 Front Panel

Feature

Description
RS-232 DE-9 console port for out-of-band management.

Power LEDindicates that the device is powered. System OK LEDIndicates that the device system is operational. The LED turns off in the event the application is still loading or has failed. SSL LEDIndicates SSL acceleration card operation. Resetallows you to reset the device. This acts in the same way as the reboot command in the CLI. LAN ports (LAN 1 and LAN 2) for management and traffic. LEDs: LNK/ACTOff indicates that no physical connection is detected. On indicates that a physical connection is detected. Flashing indicates that data is being transferred via the port. 10/100/1000Off indicates a 10-MB connectionwhen the LNK/ACT LED is on or flashing. Green indicates a 100-MB connection. Red indicates a 1000-MB connection.

62

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation

AppXcel XS 3
Figure 36: AppXcel XS 3 Front Panel
LCD menu buttons LCD

Table 31: AppXcel XS 3 Front Panel

Feature

Description
Power and System LEDsIndicate the status in which the device is operational. Reset button. CompactFlashA storage device, which typically uses flash memory in a standardized enclosure. Currently not supported.

USB portUsed to back up information. Currently not supported.

Serial portThe port to which the 9-pin connector serial cable is connected.

Document ID: RDWR_IG_1101

63

Radware Installation and Maintenance Guide Device Installation

Table 31: AppXcel XS 3 Front Panel

Feature

Description
Management port (MNG1 and MNG1) and LEDs. For information on the LEDs, see Table 32 - AppXcel XS3 MNG Interface LEDs and Link Speeds, page 64. Gigabit Ethernet port for traffic. Bypass functionality is possible in pairs: G1 and G2, or, G3 and G4. LEDs: LNK/ACTOff indicates that no physical connection is detected. On indicates that a physical connection is detected. Flashing indicates that data is being transferred via the port. 100On indicates a 100-MB connectionwhen the 1000 LED is not lit. 1000On indicates a 1000-MB connectionwhen the 100 LED is not lit. The platform indicates that it is in BYPASS mode when both the 100 and 1000 LEDs are lit and the LNK/ACT is off.

The LED display of management (MNG) ports indicate the actual link speeds.

Table 32: AppXcel XS3 MNG Interface LEDs and Link Speeds

LED Label
LNK/ACT 10/100/1000

10 Mbit/s
Off On

100 Mbit/s
On Off

1 Gbit/s
On On

Connecting and Installing AppXcel

To connect and install AppXcel 1. Connect the cables in the following order: a. b. c. 2. 3. Power connection ASCII terminal connection (RS-232 serial cable) LAN connections

Connect the power cable to the main socket, located on the rear panel of the device. Connect the power cable to the power outlet. For first-time installation, Radware recommends powering the device on only after connecting the ASCII terminal port to a PC running terminal software. Connect the serial cable connector (9-pin connector) to the front panel. Connect the other end of the serial cable to your computer. Access HyperTerminal, Minicom, or any similar utility. From the opening window, select File > Properties, or click the Properties icon in the toolbar. The New Connection Properties window is displayed. In the New Connection Properties window, select Configure. The Properties window is displayed with a Port Settings pane.

4. 5. 6. 7. 8.

64

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation 9. In the Port Settings pane, set the following: Bits per second: 19200 Data bits: 8 Parity: None Stop bits: 1 Flow control: None

10. Log in with the default username and password: radware/radware.

Configuring IP Host Parameters for AppXcel


To manage AppXcel over the network, you need to configure IP host parameters. You can then manage it with either APSolute Insite, SSH, or Web Based Management.

To manually configure IP host parameters 1. Ensure that the ASCII terminal is connected to the device. 2. Power on the device. When the device is connected and operating properly, the PWR and SYS or SYS OK LED indicators on the front panel are lit continuously. 3. Wait for the login prompt:

Radware AppXcel Version x.xx.xx AppXcel login:


4. Log in with the default username and password: radware/radware. 5. On all platforms (including XS V2), the following is displayed when you log inusing the example of version 1.11.00:

AppXcel login: radware Password: Radware AppXcel Version 1.11.00 Build May_22_2007_21-30-09 10/09/2005 23:50:52 info User radware has logged in via console. Base MAC: 00E0ED0775A7 [AppXcel]$
6. Set the operation mode and configure the management IP. Operation mode can be either Proxy or Bridge. For Proxy mode, type proxy, and for Bridge mode, type bridge. 7. For Proxy mode, use the following commands at the prompt:

[AppXcel]$appxcel mode set proxy WARNING: This command will erase your present operation mode configuration. Your current mode is nomode. Are you sure you want to set the device to mode proxy? (Y/N) y Active mode is: proxy

Document ID: RDWR_IG_1101

65

Radware Installation and Maintenance Guide Device Installation For example, assign a management address to LAN1:

net management-ip create 10.10.11.11 255.255.255.0 -inf lan1

Note: On XS 3, replace -inf lan1 or -inf lan2 with -inf MNG1 or -inf MNG2. You can also set Management ports to G1G4 on XS 3. Only the XS 3 platform has dedicated management ports. With these you can securely manage AppXcel when it is deployed in an application front end (AFE) solution from a network physically separated from the traffic network. There are two management ports for redundancy. 8. For Bridge mode, use the following commands at the prompt:

[AppXcel]$appxcel mode set bridge 100.100.100.20 255.255.255.0 WARNING: This command will erase your present operation mode configuration. Your current mode is nomode. Are you sure you want to set the device to mode bridge? (Y/N) y Please wait... Active mode is: bridge
9. Configure the routing using the following command:

net route table create default-gw <gateway IP address>


where <gateway IP address> is the address of the gateway for routing back management connections to AppXcel. If you want to configure additional routing, use:

net route table create net <net IP address> <net mask> <gateway IP address> [-r Received-MSS] [-t Transmitted-MTU]
To verify connectivity, use:

ping <IP Address>


10. Configure a Network Interface. To view interfaces speed, use:

net physical-interface table get


To change settings, use:

net physical-interface table set <interface ID> [-a <auto-negotiation>] [-s <speed>] [-d <duplex>]
where:

<interface ID> is the interface identifier. The value for platforms XS 1 and XS 2 are: LAN1, 2. Valid for platform S 3: G1, G2, G3, G4, MNG1, MNG2 [-a <auto-negotiation>] allow the interface speed and the duplex type to be determined automatically. Valid values: on, off. Default: on. [-s <speed>] is interface speed. Valid values (Mbit/s): 10, 100, 1000. [-d <duplex>] is the duplex type. Valid values: half, full.

11. Connect a device port to a network LAN by first connecting a standard UTP or STP cable, or fiber optic cable to the port interface, located on the front panel. 12. Connect the other end of the cable to the LAN switch.

66

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation

Configuring Management Ports


To manage the device, you need to configure a management port using an IP address. You can then manage the device with either SSH Client, Web Based Management (WBM), Telnet, and APSolute Insite. For details on the management interfaces, see the relevant user guide.

To configure the management port for the first time 1. Ensure that an ASCII console is connected to the device through the serial cable and that console computer is turned on. Radware recommends using HyperTerminal as a console application. The following procedure uses HyperTerminal as the console application. 2. From the HyperTerminal open window, select File > Properties, or click the Properties icon in the toolbar. The New Connection Properties dialog box is displayed. 3. In the New Connection Properties dialog box, select Configure. The Properties window is displayed with the Port Settings pane. 4. In the Port Settings pane, set the following parameters: Bits per second: 19200 Data bits: 8 Parity: None Stop bits: 1 Flow control: None

5. Power on the device. The PWR and SYS or SYS OK LED indicators on the front panel light up. The device starts up. After approximately a minute, the Startup Configuration window is displayed.

Document ID: RDWR_IG_1101

67

Radware Installation and Maintenance Guide Device Installation 6. In the Startup Configuration window, provide the requested information for the IP address, IP subnet mask, Port Number, for the management port, and Default router IP address parameters; and press Enter for each of the remaining settings. The device reboots after the last parameter is defined. Press Enter to accept default values. If no configuration is entered within 30 seconds, the device applies the following default configuration: 7. a. b. c. IP Address: 192.168.1.1 IP subnet mask: 255.255.255.0 Port number for management. The port number depends on the platform. For OnDemand Switch platforms, the default is G-1. For Application Switch platforms, the default is 1. User name and password: radware Wait for the prompt <ProductName>>. Type login and press Enter. Enter the username and password: User: radware Password: radware To view the current IP interface setting of the device, enter the following:

If the start-up configuration screen does not appear, do the following:

d. e.

ip-interface get
To add/modify/delete the existing IP Interface, enter the following:

net ip-interface help

Installing DefensePro
This section describes the physical platforms and installation process for DefensePro, and contains the following sections: DefensePro Platforms, page 68 Connecting and Installing DefensePro, page 77 Connecting the Management Port Cables, page 77 Connecting the Inspection Port Cables, page 78

DefensePro Platforms
The following platforms support DefensePro: DefensePro x02 Series DefensePro x20 Series DefensePro 6000 Series DefensePro OnDemand Switch 2 S1 and OnDemand Switch 2 S2 DefensePro OnDemand Switch 3 S1 and S2

68

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation

DefensePro x02 Series


Figure 37: DefensePro x02 Series Front Panel

Figure 38: DefensePro x02 Series Back Panel

DefensePro x20 Series


Figure 39: DefensePro x20 Series Front Panel
10/100/1000 Mbit/s copper Ethernet port with internal bypass

Figure 40: DefensePro x20 Series Back Panel


CF card location

DefensePro 6000 Series


Figure 41: DefensePro 6000 Series Front Panel

Document ID: RDWR_IG_1101

69

Radware Installation and Maintenance Guide Device Installation

Figure 42: DefensePro 6000 Series Back Panel


CF card location

DefensePro OnDemand Switch 2 S1 and OnDemand Switch 2 S2


DefensePro 1016, 2016, and 3016 run on OnDemand Switch 2 S1 (1U) or OnDemand Switch 2 S2 (2U).

Figure 43: DefensePro OnDemand Switch 2 S1 Front Panel


LCD menu buttons LCD

Table 33: OnDemand Switch 2 S1 and S2 Front Panel

Feature

Label/Description
SFP GbE ports for traffic or management. The platform supports four (4) SFP ports. LEDs: ACTFlashing indicates activity. LINKGreen indicates 1000 Mbit/s. RJ-45 GbE ports for traffic or management. The platform supports twelve (12) GbE ports. LEDs: ACTFlashing indicates activity. LINKGreen indicates 1000 Mbit/s. Yellow indicates 10 or 100 Mbit/s. Power button. Turns power on and off. Pressing the button for 1 to 4 seconds causes a graceful shutdown of the system, thus preserving system integrity. Pressing the button for more than four (4) seconds causes the hardware to power down. Reset button. Resets the device. USB port for recovery and file transfer.

70

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation

Table 33: OnDemand Switch 2 S1 and S2 Front Panel

Feature

Label/Description
Management ports. The platform supports two RJ-45 10/100/1000 Ethernet ports, which are for management only. LEDs: ACTFlashing indicates activity. LINKGreen indicates 1000 Mbit/s. Yellow indicates 10 or 100 Mbit/s. RS-232 DE-9 port for out-of-band management.

Status LEDs: PWRGreen indicates nominal operation. When the platform carries a dual power supply, red indicates that one of the two power cables is not supplying power or that one of the power supplies is malfunctioning. When the LED is red, a qualified service person should immediately check the power source and the power supply. FANGreen indicates nominal operation. Red indicates that one or more fans is not operating. SYS OKGreen indicates nominal operation. Red indicates that the device is booting. Red or alternating red and green indicates a warning (for example, the temperature is high, but still in the allowed range).

Figure 44: OnDemand Switch2 S1 and S2 (with Dual Power Supply) Back Panel

Table 34: OnDemand Switch 2 S1 and S2 Back Panel

Feature
Power supply socket(s) CompactFlash Ground screws

Description
The socket to which the power cable is connected. Insertion point for CompactFlash card. Screws to ground the platform chassis to the rack. 1U units have one ground screw. Typically, 2U units have two ground screws.

Notes: >> If the power is disconnected and reconnected (for example, after the power cord is removed and replaced, or after a power failure), the platform returns to its previous state. For example, if the platform was running, and then you disconnect the power cord, when you reconnect the power cord, the platform automatically switches on. Likewise, if the platform is not running, if you disconnect the power cord and reconnect it, the platform stays powered off until you press the power button.

Document ID: RDWR_IG_1101

71

Radware Installation and Maintenance Guide Device Installation >> For additional technical information, see Table 6 - Layer 2 Features for OnDemand Switch Platforms, page 180.

DefensePro OnDemand Switch 3 S1 and S2


DefensePro x412 Behavioral Protections series (model numbers 4412, 8412, and 12412) run on OnDemand Switch 3 S1. DefensePro x412 IPS and Behavioral Protections series (model numbers 4412 and 8412) run on OnDemand Switch 3 S2.

Figure 45: DefensePro OnDemand Switch 3 S1 and S2 Front Panel

Table 35: DefensePro OnDemand Switch 3 S1 and S2 Front Panel

Feature

Label/Description
10 Gigabit Ethernet (10GbE) ports for traffic or management. The platform supports four XFP ports. LEDs: ACTFlashing indicates activity. LINKGreen indicates 10GbE. SFP GbE ports for traffic or management. The platform supports four SFP ports. LEDs: ACTFlashing indicates activity. LINKGreen indicates 1000 Mbit/s. RJ-45 GbE ports for traffic or management. The platform supports eight GbE ports. LEDs: ACTFlashing indicates activity. LINKGreen indicates 1000 Mbit/s. Yellow indicates 10 or 100 Mbit/s. Power button. Turns power on and off. Pressing the button for 1 to 4 seconds causes a graceful shutdown of the system, thus preserving system integrity. Pressing the button for more than four (4) seconds causes the hardware to power down. Reset button. Resets the device. USB port for recovery and file transfer.

72

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation

Table 35: DefensePro OnDemand Switch 3 S1 and S2 Front Panel

Feature

Label/Description
Management ports. The platform supports two RJ-45 10/100/1000 Ethernet ports, which are for management only. LEDs: ACTFlashing indicates activity. LINKGreen indicates 1000 Mbit/s. Yellow indicates 10 or 100 Mbit/s. RS-232 DE-9 port for out-of-band management.

Status LEDs: PWRGreen indicates nominal operation. When the platform carries a dual power supply, red indicates that one of the two power cables is not supplying power or that one of the power supplies is malfunctioning. When the LED is red, a qualified service person should immediately check the power source and the power supply. FANGreen indicates nominal operation. Red indicates that one or more fans is not operating. SYS OKGreen indicates nominal operation. Red indicates that the device is booting. Red or alternating red and green indicates a warning (for example, the temperature is high, but still in the allowed range).

Figure 46: DefensePro OnDemand Switch 3 S1 S2 Back Panel

Table 36: OnDemand Switch 3 S1 and S2 Back Panel

Feature
Power supply socket(s) CompactFlash Ground screws

Description
The socket to which the power cable is connected. Insertion point for CompactFlash card. Screws to ground the platform chassis to the rack. 1U units have one ground screw. Typically, 2U units have two ground screws.

Document ID: RDWR_IG_1101

73

Radware Installation and Maintenance Guide Device Installation

Notes: >> If the power is disconnected and reconnected (for example, after the power cord is removed and replaced, or after a power failure), the platform returns to its previous state. For example, if the platform was running, and then you disconnect the power cord, when you reconnect the power cord, the platform automatically switches on. Likewise, if the platform is not running, if you disconnect the power cord and reconnect it, the platform stays powered off until you press the power button. >> For additional technical information, see Table 6 - Layer 2 Features for OnDemand Switch Platforms, page 180.

LCD Module for OnDemand Switch 1, 2, and 3


OnDemand Switch 1, 2, and 3 platforms support an LCD module, which consists of the LCD itself and LCD menu buttons.

Figure 47: OnDemand Switch LCD

You can use the LCD module for detailed device monitoring and for the initial configuration of the management port. This section contains the following: LCD Menu Buttons Nominal Display Initial Configuration of the Management Port Using the LCD Module LCD Menus

LCD Menu Buttons There are six functional LCD menu buttons: up arrow, down arrow, left arrow, right arrow, Enter (9), and Escape (x). Press the up or down buttons to select different menus within the menu hierarchies. Press the right button to choose the selected menu. Press the left button to return to the previous level in the hierarchy. If you are configuring the OnDemand Switch for the first time, the buttons have additional functionality (see Initial Configuration of Management Port Using the LCD Module). Nominal Display When you turn on an OnDemand Switch, the LCD displays the following:

oo Radware
o o ODS<Version> Loading

During the boot process, the third line, Loading, changes to Loaded Boot <Boot version>.

74

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation After the initial configuration, when the device completes bootingor after 30 minutes without any activity, the LCD displays the following: oo Radware o o o <Product> <Product version> Time: <HH:MM:SS>

Initial Configuration of the Management Port Using the LCD Module When you turn on the OnDemand Switch for the first time, there is no defined IP address, subnet mask, or physical port for the management port of the device. You can define these parameters using the LCD module after the platform boots and displays Setup Config.

Caution: When the LCD displays Setup Config, you have 30 seconds to enter the setup configuration. After these 30 seconds elapse, the platform uses the defaults, 192.168.1.1, 255.255.255.0, and G-1 respectively. However, later, using the CLI, you can change the values as required. When you configure the management IP address and IP subnet mask using the LCD module, the buttons have the following additional functionality: The up and down arrow buttons increase or decrease numbers. The left and right arrow buttons move the cursor to the next digit or returns the cursor to the previous number. At the end of the management IP address or subnet mask, the right arrow button moves the cursor to the next field in this menu. To return to the previous field, press the left arrow button. Enter (9) sets the values. Escape (x) leaves the value unchanged.

To configure the management port using the LCD module 1. Turn on the OnDemand Switch. The boot process starts. 2. Within 30 seconds after the LCD displays Setup Config, press the right arrow. The LCD displays IP address with the value 000.000.000.000, and the cursor on the first number. 3. Specify the IP address of the management port for the OnDemand Switch, and, after the last number, press the right arrow button. The LCD displays IP subnet mask with the value 255.000.000.000. 4. Specify the IP subnet mask of the management port for the OnDemand Switch, and, after the last number, press the right arrow button. The LCD displays the selected management port. 5. Scroll down to the physical port that you want to use as the management port, for example, MNG-2. 6. Press the right arrow button. The LCD displays Enable web and its value, Yes or No. Press the up arrow for Yes. Press the down arrow for No. 7. Press the right arrow button. The LCD displays Enable telnet and its value, Yes or No. Press the up arrow for Yes. Press the down arrow for No. 8. Press the right arrow button. The LCD displays Enable SSH and its value, Yes or No. Press the up arrow for Yes. Press the down arrow for No. 9. Press 9 to save and exit the startup configuration. The OnDemand Switch reboots with your configuration.

Document ID: RDWR_IG_1101

75

Radware Installation and Maintenance Guide Device Installation LCD Menus After an OnDemand Switch boots, press any of the LCD buttons to access the LCD menus.

Table 37: LCD Menu

Submenu
Device Information Platform Product Version MAC Serial Power supply Number of CPUs Number of cores CPU util CPU temp Memory Statisticsi Port statistics

Subsubmenu

Remark
Platform type and version. Product. Version of product. MAC address of the platform. The serial number of the device. Single power supply or dual power supply. Number of CPUs. Number of CPU cores. CPU utilization in percent. CPU temperature in Centigrade. RAM in megabytes.

Port Port status Pkt: in<Number>/ out<Number>K

Port identifier, for example G-1. Either up or down. Number of input and output packets in thousands per second. Displayed only when Port status is up.

Byt: in<Number>/ Out<Number>MB

Amount of input and output megabytes per second. Displayed only when Port status is up.

Settings

LCD Contrast

Contrast

Increase or decrease LCD contrast using the right and left arrow buttons. Increase or decrease LCD backlight intensity using the right and left arrow buttons. The selected rate is enclosed in asterisks, for example *19200*. Press the down and up arrow buttons to scroll between the values.

LCD Backlight

Backlight

Serial Baud Rate

Serial baud rate

Shutdown

Shutdown Reboot

Shutdown Reboot

Enter = Yes Escape = No Enter = Yes Escape = No

i The LCD displays statistics per port and refreshes them every second. Thus, the packets-in, packets-out, megabytes-in, and megabytes-out values are per second.

76

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation OnDemand Switch Boot Commands The following table lists the boot commands that the OnDemand Switch platforms support and which you may use.

Command
? @ a e

Description
Print this list. Boot (load and go). Print installed applications list. Print fatal exception.

Caution: Some boot commands are intended only for use by Radware Technical Support.

Connecting and Installing DefensePro

To connect and install DefensePro 1. Connect the cables in the following order: a. b. c. d. Power cable Serial (RS-232) cable Management port cable (Ethernet 10/100/1000) Inspection ports cables (two cables per segment, copper10/100/1000, or fiber)

2. Connect the power cable to the power socket located on the rear panel of the device. 3. Connect the power cable to the power outlet. 4. Connect the serial cable to the platform. 5. Connect the serial cable to your console.

Connecting the Management Port Cables


DefensePro devices that run on OnDemand Switch platforms have ports for management only. The following table describes which management ports are connected for DefensePro x02, DefensePro x20, and DefensePro X6000 devices.

Table 38: Connecting Management Ports

DefensePro Device
DefensePro x02 series DefensePro x20 series

Copper Ethernet
From the designated port G1 Ports 11 or 12

Fiber Ports
Ports G13G20 (required fiber GBIC modules) Ports G1G9 (required fiber GBIC modules)

DefensePro x6000 series

Ports 7 or 8

Document ID: RDWR_IG_1101

77

Radware Installation and Maintenance Guide Device Installation

Connecting the Inspection Port Cables


On DefensePro devices that run on OnDemand Switch platforms, the ports that are not for management are used for traffic inspection. The following table describes which inspection ports are connected for DefensePro x02 series, DefensePro x20 series, and DefensePro x6000 series devices.

Table 39: Connecting the Inspection Ports Cables

DefensePro Device
DefensePro x02 series DefensePro x20 series

Copper Ethernet
From port G2 to consecutive port G3 due to internal bypass Due to internal bypass, any of the following consecutive ports: G1-G2, G3-G4, G5-G6, G7-G8, G9-G10 Due to internal bypass, any of the following consecutive ports: G1-G2, G3-G4, G5-G6

Fiber Ports

User selectable

DefensePro x6000 series

User selectable

Considerations When Connecting Inspection Ports with Internal Bypass


DefensePro is installed between two end pointsfor example, between a switch and a router, between two switches, or between a switch and a server. For DefensePro x02 series, DefensePro x20 series, and DefensePro x6000 series devices, connection of copper (RJ-45) ports should take the internal bypass into consideration. The internal bypass is activated when the application does not control the device, such as power off or reboot. For DefensePro devices that run on OnDemand Switch platforms, the RJ-45 traffic ports include a configurable internal bypass mechanism. When set to Fail Open, the internal bypass is activated when the application does not control the device, such as power off or reboot.

Note: For information on the configuration of the inspection ports, see the DefensePro User Guide. Consider the following when connecting to copper (RJ-45) ports for traffic inspection: When turned off, the device ports are set as switch ports (MDIX). Connect the device with the power off as you would connect a switch. Use a straight-through cable to connect a server or a router. Use a crossover cable to connect a switch. Make sure your link is active (internal bypass is working) Turn on the device and make sure your link is active.

Note: Cables may be purchased from third-party suppliers.

78

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation

Configuring Management Ports


To manage DefensePro, you need to configure a management port using an IP address. You can then manage the device with either APSolute Insite, APSolute Vision, SSH Client, Web Based Management (WBM), or Telnet.

Note: For information on the configuration of the inspection ports, see the MyProduct User Guide.

To configure the management port for the first time 1. Ensure that an ASCII console is connected to the device through the serial cable and that console computer is turned on. Radware recommends using HyperTerminal as a console application. The following procedure uses HyperTerminal as the console application. 2. From the HyperTerminal open window, select File > Properties, or click the Properties icon in the toolbar. The New Connection Properties dialog box is displayed. 3. In the New Connection Properties dialog box, select Configure. The Properties window is displayed with the Port Settings pane. 4. In the Port Settings pane, set the following parameters: Bits per second: 19200 Data bits: 8 Parity: None Stop bits: 1 Flow control: None

5. Power on the device. The PWR and SYS or SYS OK LED indicators on the front panel light up. The device starts up. After approximately a minute, the Startup Configuration window is displayed. 6. In the Startup Configuration window, provide the requested information for the IP address, IP subnet mask, Port Number, for the management port, and Default router IP address parameters; and press Enter for each of the remaining settings. The device reboots after the last parameter is defined. Press Enter to accept default values. If no configuration is entered within 30 seconds, the device applies the following default configuration: IP Address: 192.168.1.1 IP subnet mask: 255.255.255.0 Port number for management. The port number depends on the switch platform used. For OnDemand Switch platforms, the default is G-1. For Application Switch platforms, the default is 1. User name and password: radware

Document ID: RDWR_IG_1101

79

Radware Installation and Maintenance Guide Device Installation 7. If the start-up configuration screen does not appear, do the following: a. b. c. Wait for the prompt DefensePro>. Type login and press Enter. Enter the username and password: User: radware Password: radware To view the current IP interface setting of the device, enter the following:

d. e.

ip-interface get
To add/modify/delete the existing IP Interface, enter the following:

net ip-interface help

Installing AppWall
This section describes the physical platform, the installation process for the AppWall device, and how to install the AppWall Management Application client software. This section contains the following: OnDemand Switch 1 XL and Installation for AppWall, page 80 Connecting and Installing an AppWall Device, page 82 Configuring IP Host Parameters for an AppWall Device, page 83 Installing AppWall Management Application Client Software, page 84

OnDemand Switch 1 XL and Installation for AppWall


The AppWall device is based on OnDemand Switch 1 XL.

Note: For the list of UDP/TCP ports that must be accessible when installing your device, see Verifying Accessibility of Management Communication Ports, page 30.

Figure 48: OnDemand Switch 1 XL for AppWall Front Panel


LCD LCD menu buttons

80

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation

Table 40: OnDemand Switch 1 XL for AppWall Front Panel

Feature

Label/Description
Dual (SFP or RJ-45) GbE port for traffic or management. The platform supports four dual GbE ports. Only one side of a dual port can be active at the same time. LEDs: SFP-port ACTFlashing indicates activity. RJ-45port ACTFlashing indicates activity. RJ-45port LINKGreen indicates 1000 Mbit/s. Yellow indicates 10 or 100 Mbit/s. Power button. Turns power on and off. Pressing the button for 1 to 4 seconds causes a graceful shutdown of the system, thus preserving system integrity. Pressing the button for more than four (4) seconds causes the hardware to power down. Reset button. Resets the device. USB port for recovery and file transfer.

Management ports. The platform supports two RJ-45 10/100/1000 Ethernet ports, which are for management only. LEDs: ACTFlashing indicates activity. LINKGreen indicates 1000 Mbit/s. Yellow indicates 10/100 Mbit/s. RS-232 DE-9 port for out-of-band management.

Status LEDs: PWRGreen indicates nominal operation. Red indicates that one of the two power cables is not supplying power. FANGreen indicates nominal operation. Red indicates that one or more fans is not operating. SYS OKGreen indicates nominal operation Red indicates that the device is booting. Red or alternating red and green indicates a failure.

Figure 49: OnDemand Switch 1 XL for AppWall Back Panel

Document ID: RDWR_IG_1101

81

Radware Installation and Maintenance Guide Device Installation

Table 41: OnDemand Switch 1 XL Back Panel

Feature
Power supply socket(s) CompactFlash Ground screws

Description
The socket to which the power cable is connected. Insertion point for CompactFlash card. Screws to ground the platform chassis to the rack. 1U units have one ground screw. Typically, 2U units have two ground screws.

Notes: >> If the power is disconnected and reconnected (for example, after the power cord is removed and replaced, or after a power failure), the platform returns to its previous state. For example, if the platform was running, and then you disconnect the power cord, when you reconnect the power cord, the platform automatically switches on. Likewise, if the platform is not running, if you disconnect the power cord and reconnect it, the platform stays powered off until you press the power button. >> For additional technical information, see Table 6 - Layer 2 Features for OnDemand Switch Platforms, page 180.

OnDemand Switch LCD Module for AppWall


OnDemand Switch 1 XL for AppWall supports an LCD module, which consists of the LCD itself and LCD menu buttons. The LCD of OnDemand Switch 1 XL displays only the product name and product version.

Connecting and Installing an AppWall Device

To connect and install an AppWall device 1. Connect the cables in the following order: a. b. c. 2. 3. Power connection ASCII terminal connection (RS-232 serial cable) LAN connections

Connect the power cable to the main socket, located on the rear panel of the device. Connect the power cable to the power outlet. For first-time installation, Radware recommends powering the device on only after connecting the ASCII terminal port to a PC running terminal software. Connect the serial cable connector (9-pin connector) to the front panel.

4.

Note: The device comes preconfigured with a default management IP address 192.168.0.1/24 and user/password admin/radware. Therefore, you can connect via an SSH or Web management interface and skip to Configuring IP Host Parameters for an AppWall Device, page 83. 5. 6. Connect the other end of the serial cable to your computer. Access HyperTerminal, Minicom, or any similar utility.

82

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation 7. From the opening window, select File > Properties, or click the Properties icon in the toolbar. The New Connection Properties window is displayed. 8. Select Configure. The Properties window is displayed with a Port Settings pane. 9. In the Port Settings pane, set the following: Bits per second: 19200 Data bits: 8 Parity: None Stop bits: 1 Flow control: None

10. Log in with the default username and password: admin/radware.

Configuring IP Host Parameters for an AppWall Device


To access an AppWall device, you need to configure IP host parameters. You can then manage the device with the AppWall Management Application. You configure the IP host parameters for an AppWall device by means of the AppWall CLI. Use the arrow keys to navigate up and down. Use the Enter key to select a menu or enter into a sub-menu. The Q (Quit) key quits the manager application. The T (Top) key goes to the top of the current menu. The U (Up) key moves up one level. The H (Help) key displays key settings and instructions. To move between multiple fields, use the Tab button.

To manually configure IP host parameters 1. Log in with the following default username and password: admin/radware

Note: The device comes preconfigured with a default management IP address 192.168.0.1/24 and username and password. Therefore, you can connect immediately via an SSH or Web management interface. 2. Go to the Networking option. 3. Select Addresses. 4. Scroll down to the interface you wish to change. 5. Select Add an additional Address to add the IP addresses of the interfaces you require. The device accepts values in CIDR or IP notation format. Changes to IP addresses are immediate. Select an existing IP address to remove, or disable it. Select Blink to identify the interface. This will cause an LED on the NIC to blink.

Caution: Changes to the management IP (on ethMNG) while connected via SSH or Web management are immediate and will cause the session to disconnect. 6. If the device is on a different subnet from the management console or for an NTP service connection, configure the Default Route. The Default Route is an optional destination, an IP address, for all network traffic that does not belong to the LAN segment. Get the Default Route address from your network administrator. To configure the Default Route: a. Go to the Networking option.

Document ID: RDWR_IG_1101

83

Radware Installation and Maintenance Guide Device Installation b. c. Select Route Management. Enter the IP address of the router of your local area network.

Note: Typically, when you install AppWall as part of Radwares Application Delivery Controller (ADC) solution, the value for Default Route is the IP address of the AppDirector device. 7. If necessary, change the NIC settings. Devices that share a link segment are automatically configured with the highest performance mode of interoperation. The auto-negotiation activity exchanges information between two devices and is performed out-of-band to identify the highest physical-layer technology that can be used by both devices. The auto-negotiation also provides a parallel detection function that allows the speed of the link to be established. When the NIC is operating on a 100BaseT/Full connection with Auto NegotiationOff, the appliance will fail to negotiate the correct speed and duplex mode. In this case, the NIC will often use a 100BaseT/Half setting. To change the NIC settings: a. b. c. d. e. Go to the Networking option. Select NIC Settings. Select the Network Interface to change and press Enter. Select the speed and type of duplex to use and press Enter. To revert to the default setting, select AutoNeg: ON from the list and press Enter.

Caution: Apply caution when changing the connectivity on ethMNG. This may result in the loss of the link, which will require physical intervention.

Note: For additional management tasks, see the AppWall Management Application User Guide.

Installing AppWall Management Application Client Software


This section describes installing AppWall Management Application, which can configure and manage your AppWall policies. This section includes the following topics: AppWall Management Application Requirements, page 84 Installing AppWall Management Application, page 85

For information on connecting to an AppWall device, see Connecting to an AppWall Device for the First Time, page 128.

AppWall Management Application Requirements


Before installation, ensure that your computer meets the hardware and software requirements. This section includes the following topics: AppWall Management Application Hardware Requirements, page 85 AppWall Management Application Software Requirements, page 85 AppWall Management Application Supported Operating Systems, page 85

84

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation You can download the latest version of AppWall Management Application, AppWall Gateway, or AppWall Cluster Manager from http://www.radware.com/matrix. From the list of products, select AppWall. AppWall Management Application Hardware Requirements

Table 42: AppWall Management Application Hardware Requirements

System
PC

Requirements
Intel Pentium IV 2.4 GHz or faster. 512 MB RAM or more recommended. 150 MB free disk space for installation of AppWall Management Application. CD-ROM. Network interface card (NIC). 768X1024 minimum recommended screen resolution.

AppWall Management Application Software Requirements The product CD includes all the software required to install AppWall. This includes the AppWall Management Application.

Note: The AppWall installation installs the relevant JRE automatically. AppWall has an internal Java version included in it, which works only with the AppWall software, and therefore does not conflict with the Java version installed on the computer. AppWall Management Application Supported Operating Systems AppWall Management Application can run on the following operating systems: Windows XP Windows Vista

Installing AppWall Management Application


You must install AppWall Management Application on each host that manages AppWall devices.

To install the AppWall Management Application 1. Insert the product CD. 2. From the menu, click AppWall Management Application Installation. The installation wizard starts. 3. Follow the instructions in the installation wizard.

Document ID: RDWR_IG_1101

85

Radware Installation and Maintenance Guide Device Installation

Installing VirtualDirector
This section describes the physical platform that supports VirtualDirector and the VirtualDirector installation process. You can install VirtualDirector on the OnDemand Switch 1 XL platform. This section contains the following: OnDemand Switch 1 XL for VirtualDirector, page 86 Connecting and Installing the OnDemand Switch for VirtualDirector, page 88

OnDemand Switch 1 XL for VirtualDirector


Figure 50: OnDemand Switch 1 XL for VirtualDirector Front Panel
LCD LCD menu buttons

Table 43: OnDemand Switch 1 XL for VirtualDirector Front Panel

Feature

Label/Description
Dual (SFP or RJ-45) GbE ports for traffic or management. The platform supports four dual GbE ports. Only one side of a dual port can be active at the same time. LEDs: SFP-port ACTFlashing indicates activity. RJ-45port ACTFlashing indicates activity. RJ-45port LINKGreen indicates 1000 Mbit/s. Yellow indicates 10 or 100 Mbit/s. Power button. Turns power on and off. Pressing the button for 1 to 4 seconds causes a graceful shutdown of the system, thus preserving system integrity. Pressing the button for more than four (4) seconds causes the hardware to power down. Reset button. Resets the device. USB port for recovery and file transfer.

Management ports. The platform supports two RJ-45 10/100/1000 Ethernet ports, which are for management only. LEDs: ACTFlashing indicates activity. LINKGreen indicates 1000 Mbit/s. Yellow indicates 10/100 Mbit/s.

86

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation

Table 43: OnDemand Switch 1 XL for VirtualDirector Front Panel

Feature

Label/Description
RS-232 DE-9 port for out-of-band management.

Status LEDs: PWRGreen indicates nominal operation. When the platform carries a dual power supply, red indicates that one of the two power cables is not supplying power or that one of the power supplies is malfunctioning. When the LED is red, a qualified service person should immediately check the power source and the power supply. FANGreen indicates nominal operation. Red indicates that one or more fans is not operating. SYS OKGreen indicates nominal operation. Red indicates that the device is booting. Red or alternating red and green indicates a warning (for example, the temperature is high, but still in the allowed range).

Figure 51: OnDemand Switch 1 XL for VirtualDirector Back Panel

Table 44: OnDemand Switch 1 XL for VirtualDirector Back Panel

Feature
Dual power supply sockets CompactFlash Ground screws

Description
The socket to which the power cable is connected. Insertion point for CompactFlash card. Only on platforms equipped with DC power supply. Screws to ground platform. 1U units have one ground screw. 2U units have two ground screws.

Notes: >> If the power is disconnected and reconnected (for example, after the power cord is removed and replaced, or after a power failure), the platform returns to its previous state. For example, if the platform was running, and then you disconnect the power cord, when you reconnect the power cord, the platform automatically switches on. Likewise, if the platform is not running, if you disconnect the power cord and reconnect it, the platform stays powered off until you press the power button. >> For additional technical information, see Table 6 - Layer 2 Features for OnDemand Switch Platforms, page 180.

Document ID: RDWR_IG_1101

87

Radware Installation and Maintenance Guide Device Installation

LCD for VirtualDirector


OnDemand Switch platforms support an LCD module, which consists of the LCD itself and LCD menu buttons.

Figure 52: OnDemand Switch LCD

You use the LCD module for the initial configuration of the VirtualDirector device. There are six functional LCD menu buttons: up arrow, down arrow, left arrow, right arrow, Enter (9), and Escape (x). Press the up or down buttons to select different menus within the menu hierarchies. Press the right button to choose the selected menu. Press the left button to return to the previous level in the hierarchy. If you are configuring the OnDemand Switch for the first time, the buttons have additional functionality (see Initial Configuration of Management Port Using the LCD Module, page 47). When you turn on the OnDemand Switch for the first time, it has default values for its IP address, subnet mask, and physical port for the management port of the device. Use the LCD module, as described in the following steps to view/change this address. The buttons of the LCD module have the following functionality: The up and down arrow buttons increase or decrease numbers. The left and right arrow buttons move the cursor to the next digit or returns the cursor to the previous number. At the end of the management IP address or subnet mask, the right arrow button moves the cursor to the next field in this menu. To return to the previous field, press the left arrow button. Enter (9) sets the values. Escape (x) leaves the value unchanged.

Connecting and Installing the OnDemand Switch for VirtualDirector

To connect and install the OnDemand Switch for VirtualDirector 1. Connect the OnDemand Switch platform to at least two network connections for all deployment scenarios: one connection for the management, messages, and commands, and the other for data capture. Turn on the OnDemand Switch. The boot process starts. Use the LCD panel, as described in the following steps to view or change the IP address: a. b. c. Select the 9 key to enter the configuration menu. Use the up and down arrow keys to navigate to Set IP Address Menu and select it with the 9 key. Enter the appropriate IP address using the arrow keys and select it with the 9 key.

2. 3.

88

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation 4. Repeat the previous step to set the netmask and gateway.

Note: Pressing the X button at any point cancels the current operation and returns you to the main menu. 5. Use the up and down arrow keys to navigate to Save & Reset and select it with the 9 key. The device resets and applies your changes. When VirtualDirector is displayed on the LCD, the device is operational.

Configuring Management Ports for VirtualDirector


To manage the device, you need to configure a management port using an IP address. You can then manage the device with either SSH Client, Web Based Management (WBM), Telnet.

To configure the management port for the first time 1. Ensure that an ASCII console is connected to the device through the serial cable and that console computer is turned on. Radware recommends using HyperTerminal as a console application. The following procedure uses HyperTerminal as the console application. 2. From the HyperTerminal open window, select File > Properties, or click the Properties icon in the toolbar. The New Connection Properties dialog box is displayed. 3. In the New Connection Properties dialog box, select Configure. The Properties window is displayed with the Port Settings pane. 4. In the Port Settings pane, set the following parameters: Bits per second: 19200 Data bits: 8 Parity: None Stop bits: 1 Flow control: None

5. Power on the device. The PWR and SYS or SYS OK LED indicators on the front panel light up. The device starts up. After approximately a minute, the Startup Configuration window is displayed.

Document ID: RDWR_IG_1101

89

Radware Installation and Maintenance Guide Device Installation 6. In the Startup Configuration window, provide the requested information for the IP address, IP subnet mask, Port Number, for the management port, and Default router IP address parameters; and press Enter for each of the remaining settings. The device reboots after the last parameter is defined. Press Enter to accept default values. If no configuration is entered within 30 seconds, the device applies the following default configuration: 7. a. b. c. IP Address: 192.168.1.1 IP subnet mask: 255.255.255.0 Port number for management. The port number depends on the platform. For OnDemand Switch platforms, the default is G-1. For Application Switch platforms, the default is 1. User name and password: radware Wait for the prompt <ProductName>>. Type login and press Enter. Enter the username and password: User: radware Password: radware

If the start-up configuration screen does not appear, do the following:

Installing Inflight 3.2


This section describes the physical platform that supports Inflight 3.2 and the Inflight 3.2 installation process. You can install Inflight 3.2 on the OnDemand Switch 1 XL platform. This section contains the following: OnDemand Switch 1 XL for Inflight 3.2, page 90 Connecting and Installing the OnDemand Switch for Inflight 3.2, page 93

OnDemand Switch 1 XL for Inflight 3.2


Figure 53: OnDemand Switch 1 XL Front Panel for Inflight 3.2
LCD LCD menu buttons

90

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation

Table 45: OnDemand Switch 1 XL Front Panel for Inflight 3.2

Feature

Label/Description
Dual (SFP or RJ-45) GbE ports for traffic. The platform supports four dual GbE ports. Only one side of a dual port can be active at the same time. LEDs: SFP-port ACTFlashing indicates activity. RJ-45port ACTFlashing indicates activity. RJ-45port LINKGreen indicates 1000 Mbit/s. Yellow indicates 10 or 100 Mbit/s. Power button. Turns power on and off. Pressing the button for 1 to 4 seconds causes a graceful shutdown of the system, thus preserving system integrity. Pressing the button for more than four (4) seconds causes the hardware to power down. Reset button. Resets the device. USB port for recovery and file transfer.

Management ports. The platform supports two RJ-45 10/100/1000 Ethernet ports, which are for management only. LEDs: ACTFlashing indicates activity. LINKGreen indicates 1000 Mbit/s. Yellow indicates 10/100 Mbit/s. RS-232 DE-9 port for out-of-band management.

Status LEDs: PWRGreen indicates nominal operation. When the platform carries a dual power supply, red indicates that one of the two power cables is not supplying power or that one of the power supplies is malfunctioning. When the LED is red, a qualified service person should immediately check the power source and the power supply. FANGreen indicates nominal operation. Red indicates that one or more fans is not operating. SYS OKGreen indicates nominal operation. Red indicates that the device is booting. Red or alternating red and green indicates a warning (for example, the temperature is high, but still in the allowed range).

Figure 54: OnDemand Switch 1 XL (with Single Power Supply) Back Panel

Document ID: RDWR_IG_1101

91

Radware Installation and Maintenance Guide Device Installation

Table 46: OnDemand Switch 1 XL Back Panel

Feature
Dual power supply sockets CompactFlash Ground screws

Description
The socket to which the power cable is connected. Insertion point for CompactFlash card. Only on platforms equipped with DC power supply. Screws to ground platform. 1U units have one ground screw. 2U units have two ground screws.

Notes: >> If the power is disconnected and reconnected (for example, after the power cord is removed and replaced, or after a power failure), the platform returns to its previous state. For example, if the platform was running, and then you disconnect the power cord, when you reconnect the power cord, the platform automatically switches on. Likewise, if the platform is not running, if you disconnect the power cord and reconnect it, the platform stays powered off until you press the power button. >> For additional technical information, see Table 6 - Layer 2 Features for OnDemand Switch Platforms, page 180.

LCD for Inflight 3.2


OnDemand Switch platforms support an LCD module, which consists of the LCD itself and LCD menu buttons.

Figure 55: OnDemand Switch LCD

You use the LCD module for the initial configuration of the Inflight 3.2 device. There are six functional LCD menu buttons: up arrow, down arrow, left arrow, right arrow, Enter (9), and Escape (x). Press the up or down buttons to select different menus within the menu hierarchies. Press the right button to choose the selected menu. Press the left button to return to the previous level in the hierarchy. If you are configuring the OnDemand Switch for the first time, the buttons have additional functionality (see Initial Configuration of Management Port Using the LCD Module, page 47). When you turn on the OnDemand Switch for the first time, it has default values for its IP address, subnet mask, and physical port for the management port of the device. Use the LCD module, as described in the following steps to view/change this address.

92

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation The buttons of the LCD module have the following functionality: The up and down arrow buttons increase or decrease numbers. The left and right arrow buttons move the cursor to the next digit or returns the cursor to the previous number. At the end of the management IP address or subnet mask, the right arrow button moves the cursor to the next field in this menu. To return to the previous field, press the left arrow button. Enter (9) sets the values. Escape (x) leaves the value unchanged.

Connecting and Installing the OnDemand Switch for Inflight 3.2

To connect and install the OnDemand Switch for Inflight 3.2 1. Connect the OnDemand Switch platform to at least two network connections for all deployment scenarios: one connection for the management, messages, and commands, and the other for data capture. 2. Turn on the OnDemand Switch. The boot process starts. 3. Use the LCD panel, as described in the following steps to view or change the IP address: a. b. c. Select the 9 key to enter the configuration menu. Use the up and down arrow keys to navigate to Set IP Address Menu and select it with the 9 key. Enter the appropriate IP address using the arrow keys and select it with the 9 key.

4. Repeat the previous step to set the netmask and gateway.

Note: Pressing the X button at any point cancels the current operation and returns you to the main menu. 5. Use the up and down arrow keys to navigate to Save & Reset and select it with the 9 key. The device resets and applies your changes. When Inflight 5000 is displayed on the LCD, the device is operational.

Installing Insite ManagePro


This section describes the physical platforms and installation process for Insite ManagePro.

Insite ManagePro
Figure 56: Insite ManagePro

Document ID: RDWR_IG_1101

93

Radware Installation and Maintenance Guide Device Installation

Table 47: Insite ManagePro Front Panel

Feature

Description
RS-232 DE-9 console port for out-of-band management.

Power LEDIndicates that the device is powered. System OK LEDIndicates that the device system is operational. The LED turns off in the event the application is still loading or has failed. Resetallows you to reset the device. This acts in the same way as the reboot command in the CLI. LAN ports (LAN 1 and LAN 2) for management and traffic. LEDs: LNK/ACTOff indicates that no physical connection is detected. On indicates that a physical connection is detected. Flashing indicates that data is being transferred via the port. 10/100/1000Off indicates a 10-MB connectionwhen the LNK/ACT LED is on or flashing. Green indicates a 100-MB connection. Red indicates a 1000-MB connection. There are four cables that need to be connected: One (1) power cable Two (2) RJ-45 network cables (not included) One (1) serial cable

Note: The Fast Ethernet interfaces of Insite ManagePro are the same as a PC LAN card, so when they are connected to a switch or hub they should be connected using a straight cable (not twisted). A twisted cable should be used only if you connect a server directly to an Insite ManagePro. With the exception of the power cable, all cables are connected to the front panel of Insite ManagePro.

Powering On and Status Check

To power on Insite ManagePro 1. 2. 3. Verify that the cables are connected properly. Ensure that the unit is connected to the main power supply and grounded according to regulations. On the rear panel, turn on the power switch. Insite ManagePro takes approximately one minute to power up. Once Insite ManagePro has powered up, LEDs on the front panel of the device indicate the status of the unit.

94

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation

To reset Insite ManagePro Press the RESET button. This has the same impact as the reboot command in the CLI. For Insite ManagePro management options, see the Insite ManagePro User Guide. check this

Installing the APSolute Vision Server


This section describes the physical platform for APSolute Vision server and the APSolute Vision server initialization. For more information on the APSolute Vision appliancethat is, the APSolute Vision platform and APSolute Vision software, see the APSolute Vision Administrator Guide. This section includes the following: APSolute Vision Platform, page 95 Initializing the APSolute Vision Server, page 97 Recommended Basic Security Procedures, page 98

APSolute Vision Platform


Figure 57: APSolute Vision Platform

Table 48: APSolute Vision Platform Front Panel

Feature

Label/Description
Power button. Turns power on and off. Pressing the button for 1 to 4 seconds causes a graceful shutdown of the system, thus preserving system integrity. Pressing the button for more than four (4) seconds causes the hardware to power down. Reset button. Resets the device. Serial RJ-45 port for out-of-band management. Note: Radware supplies a RJ-45toDE-9 adapter cable to connect the console port of the platform to a console PC. USB port for recovery and file transfer. RJ-45 GbE ports for in-band management. The platform supports two RJ-45 GbE ports for in-band management and APSolute Vision client. LEDs: ACTFlashing indicates activity. LINKGreen indicates 1000 Mbit/s. Yellow indicates 10 or 100 Mbit/s.

Document ID: RDWR_IG_1101

95

Radware Installation and Maintenance Guide Device Installation

Table 48: APSolute Vision Platform Front Panel

Feature

Label/Description
SFP GbE ports for traffic. The platform supports two SFP GbE ports for traffic ports for traffic. LEDs: ACTFlashing indicates activity. LINKGreen indicates 1000 Mbit/s. Status LEDs: PWR OKGreen indicates nominal operation. When the LED is red, a qualified service person should immediately check the power source and the power supply. SYS OK

Figure 58: APSolute Vision Platform Back Panel

Table 49: APSolute Vision Platform Back Panel

Feature
Ground screws Power supply socket(s)

Description
Screws to ground the platform chassis to the rack. 1U units have one ground screw. Typically, 2U units have two ground screws. The socket to which the power cable is connected.

Notes: >> If the power is disconnected and reconnected (for example, after the power cord is removed and replaced, or after a power failure), the platform returns to its previous state. For example, if the platform was running, and then you disconnect the power cord, when you reconnect the power cord, the platform automatically switches on. Likewise, if the platform is not running, if you disconnect the power cord and reconnect it, the platform stays powered off until you press the power button. >> For additional technical information, see Table 7 - General Specifications of APSolute Vision Appliance, page 180. Terminal settings for the APSolute Vision server are as follows: Bits per second: 19200 Data bits: 8 Parity: None Stop bits: 1 Flow control: None

96

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Device Installation

Initializing the APSolute Vision Server

To initialize the APSolute Vision server 1. Ensure that an ASCII console is connected to the device through the RJ-45toDE-9 cable and that console computer is turned on. 2. Power on the device. The PWR and SYS or SYS OK LED indicators on the front panel light up. 3. Wait for the login prompt, vision login:. 4. Type the default username radware; and then, press Enter. 5. Type the default password radware; and then, press Enter. 6. Type the IP address for the APSolute Vision server; and then, press Enter. 7. Type the value for the network mask for the APSolute Vision server; and then, press Enter. 8. Type the value for the default gateway for the APSolute Vision server; and then, press Enter. 9. Type the value for the primary DNS server for the APSolute Vision server; and then, press Enter. 10. If applicable, type the value for the secondary DNS server for the APSolute Vision server; and then, press Enter.

Note: Configuring a secondary DNS server is not mandatory. That is, if you Enter without typing anything, the installation will proceed. 11. Type the physical-interface identifier, G1 or G2 (case sensitive)that is, the interface the APSolute Vision clients access; and then, press Enter.

Note: The installation program checks whether there are connected physical interfaces, and it displays their identifiers. If there are no connected physical interfaces, a No link detected message is displayed. 12. Review the values. 13. Type one of the following values:

y yes, that is, you accept the values. N no, that is, you need to go back and change one or more values.

Note: For information on how to change the default passwords, see the APSolute Vision Administrator Guide.

Document ID: RDWR_IG_1101

97

Radware Installation and Maintenance Guide Device Installation

Recommended Basic Security Procedures


This section describes the basic procedures that Radware recommends for the security of the APSolute Vision system.

Restricting APSolute Vision CLI Access


The default username/password for the APSolute Vision CLI is radware/radware. As soon as you complete the APSolute Vision installation, initialize the server, and verify that it is operating properly, Radware recommends that you change the default password. Change the password with the relevant CLI command.

Note: For more information on APSolute Vision CLI, see the APSolute Vision Administrator Guide.

Restricting Web Access to the Vision Server


You install of APSolute Vision client software by accessing an APSolute Vision appliance using a Web browser. The default username/password for Web access to the APSolute Vision server is visionweb/radware. As soon as you complete the APSolute Vision installation, initialize the server, and verify that it is operating properly, Radware recommends that you change the default password. Change the password with the relevant CLI command.

Note: For more information on APSolute Vision CLI, see the APSolute Vision Administrator Guide.

98

Document ID: RDWR_IG_1101

Chapter 3 Installing the APSolute Vision Client


APSolute Vision enables site-wide visibility, centralized control and policy management of Radware AppDirector and DefensePro across the entire network. APSolute Vision comprises the APSolute Vision server and the APSolute Vision client. The APSolute Vision server is a hardware appliance with a three-tier management architecture. The APSolute Vision client is installed on a PC. The APSolute Vision server enables remote APSolute Vision client users to connect to, configure, and manage AppDirector and DefensePro devices. This section includes the following topics: APSolute Vision Client Requirements, page 99 Installing the APSolute Vision Client, page 100

APSolute Vision Client Requirements


Before you install the APSolute Vision client, ensure your computer meets the hardware and software requirements.

Caution: You install the APSolute Vision client by first accessing the APSolute Vision appliance using a Web browser. Therefore, APSolute Vision appliance must have a proper IP address installed already. For information on configuring the IP address of the APSolute Vision appliance, see Initializing the APSolute Vision Server, page 97. This section includes the following topics: APSolute Vision Client Hardware Requirements, page 99 APSolute Vision Software Requirements, page 100 APSolute Vision Supported Operating Systems, page 100

APSolute Vision Client Hardware Requirements


The PC on which APSolute Vision client runs requires the following hardware: 2.46 GHz or faster 2 GB RAM or more recommended 300 MB free disk space CD-ROM Network interface card (NIC) 768X1024 minimum recommended screen resolution

Document ID: RDWR_IG_1101

99

Radware Installation and Maintenance Guide Installing the APSolute Vision Client

APSolute Vision Software Requirements


The PC that APSolute Vision client runs on requires the following: Any Web browser that has a Java plug-in installed. The browser is needed only for downloading the APSolute Vision client to the PC. Java client version 1.6.0_17 or later must be installed to run the APSolute Vision Security Reporter. For the list of UDP/TCP ports that must be accessible when installing APSolute Vision client, see Verifying Accessibility of Management Communication Ports, page 30.

APSolute Vision Supported Operating Systems


The following operating systems support APSolute Vision client: Windows Vista Windows XP Windows 7

Caution: There are certain compatibility issues with Windows 7. For more information, see the APSolute Vision Release Notes.

Installing the APSolute Vision Client


To install APSolute Vision client 1. 2. Open your browser and enter the IP address of the APSolute Vision server. An Authentication Required dialog box is displayed. Do the following: In the User Name field, type, visionweb. In the Password field, type the password. Use the password that you receive from your system administrator. The initial default password is radware.

100

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Installing the APSolute Vision Client 3. Click OK. The following Web page opens.

4. Click the Download Client icon. 5. Save the EXE file to a directory on your hard drive. 6. Start the startup EXE file. The startup EXE file is named in the format

APSoluteVision_<major version>.<minor version>_Setup.exe.


7. Follow the instructions, enter the appropriate information, and accept the terms of the license agreement.

First-Time Connection to APSolute Vision Reporter for DefensePro


After installing the APSolute Vision client, you can connect to APSolute Vision Reporter. APSolute Vision Reporter can use any Web browser that has a Java plug-in installed.

To connect the first time to APSolute Vision Reporter for DefensePro 1. From the main toolbar, click your default browser. 3. To continue, click Yes. , the APSolute Vision Reporter icon. An HTTPS window opens in

2. Select to continue to the Web site. A security-warning dialog box is displayed.

Document ID: RDWR_IG_1101

101

Radware Installation and Maintenance Guide Installing the APSolute Vision Client

102

Document ID: RDWR_IG_1101

Chapter 4 Installing APSolute Insite


Radwares APSolute Insite enables site-wide visibility, centralized control and policy management of most Radware products across the entire network.

Note: APSolute Insite does not support the following Radware products: AppWall CID 3.0 and later Inflight 3.2 and later VirtualDirector

There are two modes of APSolute Insite: Insite Stand-AloneSoftware that enables management of devices with basic operation procedures. For more information, see Installing Insite Stand-Alone, page 105. Insite ManageProA hardware appliance that allows three-tier management architecture, enabling remote users to connect and configure devices simultaneously. Insite ManagePro does not need to be installed and is accessed via the Network browser.

This section explains the APSolute Insite modes, licensing options, and installation procedures. This section includes the following topics: APSolute Insite Requirements, page 103 Installing Insite Stand-Alone, page 105 APSolute Insite Licenses, page 106 Registering the Device, page 118

APSolute Insite Requirements


Before installation, ensure your computer meets the hardware and software requirements. It is necessary to download APSolute Insite with an SQL database that stores and logs security events for monitoring and reporting. This section includes the following topics: APSolute Insite Hardware Requirements, page 104 APSolute Insite Software Requirements, page 104 APSolute Insite Supported Operating Systems, page 104 APSolute Insite Ports, page 104

You can download the latest version of APSolute Insite from http://www.radware.com/matrix. From the list of products, select APSolute. For additional information about software and hardware requirements, review the APSolute Insite Installation technical note at: http://www.radware.com/content/document.asp?_v=about&document=6508.

Document ID: RDWR_IG_1101

103

Radware Installation and Maintenance Guide Installing APSolute Insite

APSolute Insite Hardware Requirements


The PC that APSolute Insite runs on requires the following: Intel Pentium IV 2.4 GHz or faster. 512 MB RAM or more recommended 40 MB free disk space for installation of APSolute Insite with no MySQL DB. 120 MB disk space for installation of APSolute Insite with the MySQL DB. In case of a large MySQL DB with over 400,000 entries, 1 GB of RAM is required. CD-ROM. Network interface card (NIC). 768X1024 minimum recommended screen resolution.

APSolute Insite Software Requirements


Table 50: APSolute Insite Software Requirements

Operation Mode
Client-Server (client to Insite ManagePro) Stand-Alone mode

Requirements
When working in Insite ManagePro mode, Internet Explorer (IE) 7.0 or earlier must be installed. The latest version is recommended. Insite ManagePro does not need to be installed. When working in Stand-Alone mode, a Java Runtime Environment (JRE) must be installed on the station. Note: The installation of APSolute Insite installs the relevant JRE automatically. Insite Stand-Alone has an internal Java version included in it, which works only with the Insite software, and therefore does not conflict with the Java version installed on the computer.

APSolute Insite Supported Operating Systems


Windows XP has been tested by Radware Quality Assurance and has been certified and approved to run APSolute Insite.

Notes: >> Java must be installed on a client PC to work with Insite. >> Insite Stand-Alone has an internal Java version installed in it, which works only with the Insite software, and therefore does not conflict with the Java version installed on the computer. >> Java 1.6 is not supported.

APSolute Insite Ports


For the list of UDP/TCP ports that must be accessible when installing your device, see Verifying Accessibility of Management Communication Ports, page 30.

Note: You can install APSolute Insite as a client stand-alone application on a PC. This configuration is referred to as APSolute Insite Stand-Alone. Its operation is limited to the particular PC.

104

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Installing APSolute Insite

Installing Insite Stand-Alone


You can install APSolute Insite as a client stand-alone application. This configuration is referred to as APSolute Insite Stand-Alone.

Note: The Web site has two versions of APSolute Insite, one with the MySQL Database and one without. Users who need Security Reporting need the MySQL database.

To install APSolute Insite Stand-Alone for the first time 1. From the Radware web site, extract the ZIP file to a directory on your hard drive. When the extraction process is complete, your directory contains the following files:

ConfigwareInsite.zip CwisExec.dll ExternalTools.jar Installation.bat Installation.jar Installation.sh SharedInsite.jar

2. Double-click on the Installation.bat file in the Insite folder to start the installation process. The APSolute Insite Installation window is displayed. 3. From the APSolute Insite Installation window, select Accept to agree to the terms of the license agreement. The Next button becomes available. 4. Click Next to continue. A window is displayed that which enables you to select an installation directory. 5. In the Installation Directory text box, type the installation directory name, or click Browse to navigate to the required directory.

Note: After the installation a folder called ConfigwareInsite is automatically added to this directory. This folder contains the APSolute Insite software, and also this is the default location of the folders that contain new sites. 6. Select Advanced Installation. 7. Click Next to continue. 8. Type the names of the directories where you want to save the configuration parameters, or click Browse to navigate to the directories. 9. Click Next to continue. The program files are copied to the selected destinations. 10. Click Next to continue. 11. Type the relevant license in the License File field, or click Browse to navigate to the required directory. 12. Click Next to continue. A dialog box is displayed, which informs you that APSolute Insite is to be installed with the selected license.

Document ID: RDWR_IG_1101

105

Radware Installation and Maintenance Guide Installing APSolute Insite 13. Click Yes. A window is displayed with a progress bar and the program files are copied. After the progress bar reaches 100%, click Next. 14. Select Install MySql to install a new MySQL database. A progress bar is displayed which shows the progress of MySql installation.

Note: You can select the Use Existing MySql Installation option only if MySQL was installed previously with a prior version of APSolute Insite. 15. Click Next to continue. 16. To enable collecting traps sent from the device when APSolute Insite is not running, select Traps Service. 17. Click Next to continue. A window is displayed with a progress bar. 18. After the progress bar reaches 100%, an Installation Completed Successfully message is displayed. 19. Click Next > Finish to complete the installation.

APSolute Insite Licenses


APSolute Insite management software operates with a licensing system that provides you with specific capabilities according to the license you purchase. The following table outlines the features supported with each license.

Table 51: License Features

License Type
Standard

Supported Features
Basic-TR, HMM, BWM, App Sec Site Map alerts Offline configuration Templates Performance Statistics Scheduler Site Explorer User Management Configuration Auditing

Security Plug-in

Automatic attack signature update Security reporting (using MySQL database) HP Open View Symantec SESA IBM Tivoli CA Unicenter

For more information about the various available licenses for APSolute Insite, visit the following link: http://www.radware.com/Customer/Portal/default.asp.

106

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Installing APSolute Insite The license is applied during the installation process, so you need to decide which license or licenses that you want to use before the installation process. The installation steps differ according to the type of license selected. For information on the installation of the special licenses, see the following: Security License, page 107 Plug-in License, page 109 HP OpenViewAPSolute Insite Plug-in, page 110 APSolute Insite Tivoli Plug-In, page 112 CA Unicenter Plug-In, page 114 Symantec SESA Plug-In, page 116

Security License
The Security license can be purchased from Radware in addition to the Standard license and requires a special license file. The Security license can be installed over the Standard APSolute Insite installation, and also over the plug-in license. The Security license requires a special APSolute Insite installation package, which includes a built-in My SQL database. After purchasing the license, you receive a serial number. This serial and the workstation MAC address are used for online registration of the plug-in license, after which you receive a license file via e-mail.

Notes: >> Before you decide to purchase the Security license, you can use a 60 days demo license, which you need to order from Radware. >> If you want to install the Security or Plug-in license, you need to reinstall APSolute Insite. The Security license is supported for the following products: AppDirector DefensePro CID 2.3x and later FireProof 3.3x and later LinkProof 4.3x and later SecureFlow WSD 8.2x and later

This license is intended for systems with APSolute OS Application Security or DoS with the following capabilities: Extensive view of Application Security and DoS (Denial of Service) Shield statistics with the use of a built-in SQL database. These statistics provide real-time and historical information on attacks and malicious traffic detected and/or blocked by the Radware device. This information includes most common attacks, attack volume, and so on. The ability to collect and store attack information for future reporting.

Document ID: RDWR_IG_1101

107

Radware Installation and Maintenance Guide Installing APSolute Insite APSolute Insite with the Security license can be installed using any of the installation modes. The following procedure describes the stand-alone installation.

Note: To upgrade APSolute Insite Stand-Alone with the Security license, install the new version, which is available from the Support section on the Radware web site over the current APSolute Insite installation. For more information, see Upgrading APSolute Insite Stand-Alone, page 147.

To install APSolute Insite Stand-Alone with the Security License (for the first time) 1. Extract the ZIP file to a directory on your hard drive. When the extraction process is complete, your directory contains the winsql folder and the Insite folder, which contains the following files:


2. 3. 4. 5.

ConfigwareInsite.zip CwisExec.dll ExternalTools.jar Installation.bat Installation.jar Installation.sh SharedInsite.jar

Double-click on the Installation.bat file in the Insite folder to start the installation process. The APSolute Insite Installation window is displayed. Select Accept to agree to the terms of the license agreement. The Next button becomes available. Click Next to continue. A window is displayed that enables you to select an installation directory. In the Installation Directory text box, type the installation directory name, or click Browse to navigate to the required directory.

Note: After the installation a folder called ConfigwareInsite is automatically added to this directory. This folder contains the APSolute Insite software and also this is the default location of the folders that contain new sites. To avoid having directories like: c:\Program files\APSolute Insite\Configware Insite... in your system, give the Installation Directory name different from just APSolute Insite. For example, you can name this directory APSolute Insite version x. 6. 7. 8. 9. Select Advanced Installation and click Next to continue. A window is displayed, which enables you to save your configuration parameters in the required location. Type the names of the directories where you want to save the configuration parameters, or click Browse to navigate to the directories. Click Next to continue. Follow the instructions to get the required license from Radware Online Support.

10. In the License File text box, type the name of the required license, or click Browse to navigate to the file. A popup is displayed asking you to verify the license that you are about to install. 11. Click OK. The pop-up closes. 12. Click Next to continue. The program files are copied to the selected destinations.

108

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Installing APSolute Insite 13. Click Next to continue. A window is displayed, which enables you to initiate the MySQL installation process.

Note: This step is available for users with the APSolute Insite Security license only. 14. Select Install MySql to install a new MySQL database, or Use Existing MySql Installation to use a previously-installed MySQL database (installed as part of an existing APSolute Insite installation).

Note: Click Next to continue. The MySQL files are copied to the selected destinations. 15. Click Next to continue. 16. To enable collecting traps sent from the device when APSolute Insite is not running, select Traps Service.

Note: If Trap Service is not selected, the traps are collected only when APSolute Insite is running. 17. Click Next to continue. A window is displayed with the progress bar that indicates the progress of the Trap Service registration. 18. Click Next to continue. A window with a success message is displayed. 19. Click Finish to exit the installation. You can access the software by double-clicking on the Insite.bat file, the APSolute Insite icon on the desktop, or from the Start menu, select Programs > Radware > APSolute Insite.

Plug-in License
The Plug-in license must be purchased from Radware and requires a special license file. This license is aimed at allowing system administrators to integrate APSolute Insite within network operations centers (NOCs), which utilize management applications from different vendors.

Note: Before you decide to purchase the plug-in license, you can use a 60-day demo license, which you need to order from Radware. The Plug-in license provides the following capabilities: Discovery of Radware devices in the management application (HPOV, CA Unicenter, and so on). Radware MIBs and icons are integrated into the application. Enables the immediate access to the map of APSolute Insite. Access to Radware devices using Telnet, SSH, WBM, and Secure WBM. Allows translating traps sent by Radware devices to CA Unicenter and presenting the traps on the CA Unicenter map. Allows translating Security traps sent by Radware devices to Symantec SESA format.

Document ID: RDWR_IG_1101

109

Radware Installation and Maintenance Guide Installing APSolute Insite The supported applications are as follows: HP Open View IBM Tivoli CA Unicenter (for Windows operating systems) Symantec SESA

HP OpenViewAPSolute Insite Plug-in


The HP OpenView plug-in license allows HPOV users to manage all Radware devices while working with the OpenView management software. This license must be purchased separately.

Notes: >> HP OpenView plug-in license can be installed on three workstations only. >> The software version required to work with APSolute Insite is HP OpenView 6.2 or 7.5. After purchasing the license, you receive a serial number. This serial and the workstation MAC address are used for online registration of the plug-in license, after which you receive a license file via e-mail.

Note: To upgrade APSolute Insite Stand-Alone with HPOV plug-in License, install the new version, which is available from the Support section on the Radware web site over the current APSolute Insite installation. Alternatively, see Upgrading APSolute Insite StandAlone, page 147.

To install APSolute Insite Stand-Alone with HPOV plug-in (for the first time) 1. Extract the ZIP file to a directory on your hard drive. When the extraction process is complete, your directory contains the Insite folder with the following files:


2. 3. 4.

ConfigwareInsite.zip CwisExec.dll ExternalTools.jar Installation.bat Installation.jar Installation.sh SharedInsite.jar

Double-click on the Installation.bat file in the Insite folder to start the installation process. The APSolute Insite Installation window is displayed. Select Accept to agree to the terms of the license agreement. The Next button becomes available. Click Next to continue. A window is displayed, which enables you to select an installation directory.

110

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Installing APSolute Insite 5. In the Installation Directory text box, type the installation directory name, or click Browse to navigate to the required directory.

Note: After the installation a folder called ConfigwareInsite is automatically added to this directory.

This folder contains the APSolute Insite software and also this is the default location of the folders that contain new sites. To avoid having directories like: c:\Program files\APSolute Insite\Configware Insite... in your system, give the Installation Directory name different from just APSolute Insite. For example, you can name this directory APSolute Insite version x.
6. Select Advanced Installation and click Next to continue. A window is displayed, which enables you to save your configuration parameters in the required location. 7. Type the names of the directories where you want to save the configuration parameters, or click Browse to locate the directories. A popup is displayed asking you to verify the license that you are about to install. 8. Click OK. The pop-up closes. 9. Click Next to continue. The program files are copied to the selected destinations. 10. Click Next to continue. The Plug-in Installation window is displayed. 11. Select Install HPOV Plug-in and click Next. The HPOV Plug-in window is displayed. 12. In the HPOV Directory text box, type the name of the directory in which you want to install the HPOV software, or click Browse and navigate to the required directory. 13. In the Community text box, type the community password required to access Radware devices via APSolute Insite. 14. In the CWInsite Communication Port text box, type the number of the port on which the HPOV software and the APSolute Insite software communicate. HPOV uses this communication port to communicate with APSolute Insite. When you right-click on the device icon in HPOV and you select the APSolute Insite option, HPOV sends a packet over this port. If there is no response on this port, HPOV will launch APSolute Insite. If there is an answer, HPOV will add this device to APSolute Insite. 15. Click Next to continue. 16. To enable collecting traps sent from the device when APSolute Insite is not running, select Traps Service.

Note: If Trap Service is not selected, the traps are collected only when APSolute Insite is running. 17. Click Next to continue. A window is displayed with the progress bar that indicates the progress of the Trap Service registration. 18. Click Next to continue. The window with the success message is displayed. 19. Click Finish to exit the installation. You can access the software by double-clicking on the Insite.bat file, the APSolute Insite icon on the desktop, or from the Start menu, select Programs > Radware > APSolute Insite.

Document ID: RDWR_IG_1101

111

Radware Installation and Maintenance Guide Installing APSolute Insite

APSolute Insite Tivoli Plug-In


APSolute Insite provides support for the Tivoli program using a special plug-in.

Notes: >> The Tivoli plug-in license can be installed on three workstations only. >> The software versions required to work with APSolute Insite are IBM Tivoli Intelligent ThinkDynamics Orchestrator V2.1 and Tivoli NetView version 7.1. The Tivoli plug-in enables the discovery of Radware devices in Tivoli software and also enables the immediate access to APSolute Insite using Telnet, SSH, WBM, and Secure Web Based Management of Radware devices. The Tivoli plug-in license must be purchased separately and allows Tivoli users to work with all Radware devices. After purchasing the license, users receive a serial number. The serial number and the workstation MAC address are used for online registration of the plug-in license, after which you receive a license file. The license can be added during the installation process, or after APSolute Insite is installed using Upgrade Insite License.

Note: To upgrade APSolute Insite Stand-Alone with Tivoli plug-in License install the new version, which is available from the Support section on the Radware web site over the current APSolute Insite installation. Alternatively, see Upgrading APSolute Insite StandAlone, page 147.

To install APSolute Insite Stand-Alone with Tivoli plug-in (for the first time) 1. Extract the ZIP file to a directory on your hard drive. When the extraction process is complete, your directory contains the Insite folder with the following files folder:


2. 3. 4.

ConfigwareInsite.zip CwisExec.dll ExternalTools.jar Installation.bat Installation.jar Installation.sh SharedInsite.jar

Double-click on the Installation.bat file in the Insite folder to start the installation process. The APSolute Insite Installation window is displayed. Select Accept to agree to the terms of the license agreement. The Next button becomes available. Click Next to continue. A window is displayed, which enables you to select an installation directory.

112

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Installing APSolute Insite 5. In the Installation Directory text box, type the installation directory name, or click Browse to navigate to the required directory.

Note: After the installation a folder called ConfigwareInsite is automatically added to this directory. This folder contains the APSolute Insite software and also this is the default location of the folders that contain new sites. To avoid having directories like c:\Program files\APSolute Insite\APSolute Insite... in your system, give the Installation Directory name different from just APSolute Insite. For example, you can name this directory APSolute Insite version x. 6. Select Advanced Installation and click Next to continue. A window is displayed, which enables you to save your configuration parameters in the required location. 7. Type the names of the directories where you want to save the configuration parameters, or click Browse to navigate to the directories. A pop-up is displayed asking you to verify the license that you are about to install. 8. Click OK. The pop-up closes. 9. Click Next to continue. The program files are copied to the selected destinations. 10. Click Next to continue. The Plug-in Installation window is displayed. 11. Select Tivoli NetView and click Next. The Tivoli NetView Plug-in window is displayed. 12. In the Tivoli NetView Directory text box, type the name of the directory in which you want to install the Tivoli software, or click Browse to navigate to the required directory. 13. In the Community text box, type the community password required to access Radware devices via APSolute Insite and via NetView. 14. In the APSolute Insite Communication Port text box, type the number of the port on which the Tivoli software and the APSolute Insite software communicate. Tivoli uses this communication port to communicate with APSolute Insite. When you right click on the device icon in Tivoli you select the APSolute Insite option, Tivoli sends a packet over this port. If there is no response on this port, Tivoli will launch APSolute Insite. If there is an answer, Tivoli will add this device to APSolute Insite. 15. Click Next to continue. The following window is displayed. 16. To enable collecting traps sent from the device when APSolute Insite is not running, select Traps Service.

Note: If Trap Service is not selected, the traps are collected only when APSolute Insite is running. 17. Click Next to continue. A window is displayed with the progress bar that indicates the progress of the Trap Service registration. 18. Click Next to continue. The window with the success message is displayed. 19. Click Finish to exit the installation. 20. You can access the software by double-clicking on the Insite.bat file, the APSolute Insite icon on the desktop, or from the Start menu, select Programs, Radware, then APSolute Insite.

Document ID: RDWR_IG_1101

113

Radware Installation and Maintenance Guide Installing APSolute Insite

CA Unicenter Plug-In
APSolute Insite supports Computer Associates Unicenter plug-in that enables managing Radware devices in CA Unicenter software, enables the immediate access to APSolute Insite, and access to Radwares devices using Telnet, SSH, WBM, and Secure WBM. In addition, the plug-in allows translating regular SNMP traps and security traps sent by Radware devices to CA Unicenter format and presenting the traps on the CA Unicenter map.

Notes: >> CA Unicenter plug-in license can be installed on three workstations only. >> The software version required to work with APSolute Insite is CA Unicenter version 5.1. The Computer Associates Unicenter plug-in license must be purchased separately and allows CA Unicenter users to work with all Radware devices. The license can be installed on three workstations only. After purchasing the license, you receive a serial number. This serial number and the workstation MAC address are used for online registration of the plug-in license, after which you receive a license file via e-mail. The license can be added during the installation process, or after APSolute Insite is installed using Upgrade Insite License.

Note: To upgrade APSolute Insite Stand-Alone with CA Unicenter plug-in License install the new version, which is available from the Support section on the Radware web site over the current APSolute Insite installation, see Upgrading APSolute Insite Stand-Alone, page 147.

To install APSolute Insite Stand-Alone with CA Unicenter plug-in (for the first time) 1. 2. Extract the ZIP file to a directory on your hard drive. When the extraction process is complete, your directory contains the Insite folder, which contains the following files:


3. 4. 5.

ConfigwareInsite.zip CwisExec.dll ExternalTools.jar Installation.bat Installation.jar Installation.sh SharedInsite.jar

Double-click on the Installation.bat file in the Insite folder to start the installation process. The APSolute Insite Installation window is displayed. Select Accept to agree to the terms of the license agreement. The Next button becomes available. Click Next to continue. A window is displayed, which enables you to select an installation directory.

114

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Installing APSolute Insite 6. In the Installation Directory text box, type the installation directory name, or click Browse to navigate to the required directory.

Note: After the installation a folder called ConfigwareInsite is automatically added to this directory. This folder contains the APSolute Insite software and also this is the default location of the folders that contain new sites. To avoid having directories like: c:\Program files\APSolute Insite\APSolute Insite... in your system, give the Installation Directory name different from just APSolute Insite. For example, you can name this directory APSolute Insite version x. 7. Select Advanced Installation and click Next to continue. A window is displayed, which enables you to save your configuration parameters in the required location. 8. Type the names of the directories where you want to save the configuration parameters, or click Browse to locate those directories. A pop-up is displayed asking you to verify the license that you are about to install. 9. Click OK. The pop-up closes. 10. Click Next to continue. The program files are copied to the selected destinations. 11. Click Next to continue. The Plug-in Installation window is displayed. 12. Select Install CA Unicenter Plug-in and click Next. The CA Unicenter Plug-in window is displayed. 13. Do one of the following: When the Unicenter Manager is installed on this workstation, select Unicenter Manager. APSolute Insite copies to this workstation all the necessary files and compiles them. When the Remote administration client is installed on this workstation, select Remote Administration Client. APSolute Insite copies only the relevant icons to this workstation.

14. In the CA Unicenter Directory text box, type the name of the directory in which you want to install the CA Unicenter software, or click Browse to navigate to the required directory. 15. In the CWInsite Communication Port text box, type the number of the port on which the CA Unicenter software and the APSolute Insite software communicate. CA Unicenter uses this communication port to communicate with APSolute Insite. When you right click on the device icon in CA Unicenter you select the APSolute Insite option, CA Unicenter sends a packet over this port. If there is no response on this port, CA Unicenter will launch APSolute Insite. If there is an answer, CA Unicenter will add this device to APSolute Insite 16. Click Next to continue. 17. In the Username text box, type your CA Unicenter name. The user name is required to access the CA Unicenter SQL database (TNGDB). 18. In the Repository text box, type the repository name (the repository is the database where the information is located and queried by APSolute Insite), click Next. 19. Click Next to continue. 20. To enable collecting traps sent from the device when APSolute Insite is not running, select Traps Service.

Note: If Trap Service is not selected, the traps are collected only when APSolute Insite is running. 21. Click Next to continue. A window is displayed with the progress bar that indicates the progress of the Trap Service registration. 22. Click Next to continue. The window with the success message is displayed.

Document ID: RDWR_IG_1101

115

Radware Installation and Maintenance Guide Installing APSolute Insite 23. Click Finish to exit the installation. 24. You can access the software by double-clicking on the Insite.bat file, the APSolute Insite icon on the desktop, or from the Start menu, select Programs, Radware, then APSolute Insite.

Symantec SESA Plug-In


APSolute Insite supports Symantec SESA management program using a special plug-in. The Symantec SESA plug-in enables managing Radware devices in Symantec SESA software and also enables the immediate access to APSolute Insite and enabling Telnet, SSH, Web Based Management, and Secure Web Based Management of Radware devices. In addition, the plug-in allows translating regular SNMP traps and security traps sent by Radware devices to Symantec SESA format and presenting the traps on the Symantec SESA map.

Notes: >> The Symantec SESA plug-in license can be installed on three workstations only. >> The software version required to work with APSolute Insite is Symantec SESA version 1.1. The Symantec SESA plug-in license must be purchased separately and allows Symantec SESA users to work with all Radware devices. After purchasing the license, you receive a serial number. The serial number and the workstation MAC address are used for online registration of the plug-in license, after which you receive a license file. The license can be added during the installation process, or after APSolute Insite is installed using Upgrade Insite License.

Note: To upgrade APSolute Insite Stand-Alone with SESA plug-in License install the new version, which is available from the Support section on the Radware web site over the current APSolute Insite installation. Alternatively, see Upgrading APSolute Insite StandAlone, page 147.

To install APSolute Insite Stand-Alone with SESA plug-in (for the first time) 1. 2. Extract the ZIP file to a directory on your hard drive. When the extraction process is complete, your directory contains the Insite folder, which contains the following files:


3. 4.

ConfigwareInsite.zip CwisExec.dll ExternalTools.jar Installation.bat Installation.jar Installation.sh SharedInsite.jar

Double-click on the Installation.bat file in the Insite folder to start the installation process. The APSolute Insite Installation window is displayed. Select Accept to agree to the terms of the license agreement. The Next button becomes available.

116

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Installing APSolute Insite 5. Click Next to continue. A window is displayed, which enables you to select an installation directory. 6. In the Installation Directory text box, type the installation directory name, or click Browse to navigate to the required directory.

Note: After the installation a folder called ConfigwareInsite is automatically added to this directory. This folder contains the APSolute Insite software and also this is the default location of the folders that contain new sites. To avoid having directories like: c:\Program files\APSolute Insite\APSolute Insite... in your system, give the Installation Directory name different from just APSolute Insite. For example, you can name this directory APSolute Insite version x. 7. Select Advanced Installation and click Next to continue. A window is displayed, which enables you to save your configuration parameters in the required location. 8. Type the names of the directories where you want to save the configuration parameters, or click Browse to locate those directories. A pop-up is displayed asking you to verify the license that you are about to install. 9. Click OK. The pop-up closes. 10. Click Next to continue. The program files are copied to the selected destinations. 11. Click Next to continue. The Plug-in Installation window is displayed. 12. Select Install SESA Plug-in and click Next. 13. Click Next to continue. 14. To enable collecting traps sent from the device when APSolute Insite is not running, select Traps Service.

Note: If Trap Service is not selected, the traps are collected only when APSolute Insite is running. 15. Click Next to continue. The window is displayed with the progress bar that indicates the progress of the Trap Service registration. 16. Click Next to continue. The window with the success message is displayed. 17. Click Finish to exit the installation. 18. You can access the software by double-clicking on the Insite.bat file, the APSolute Insite icon on the desktop, or from the Start menu, select Programs > Radware > APSolute Insite.

Document ID: RDWR_IG_1101

117

Radware Installation and Maintenance Guide Installing APSolute Insite

Registering the Device


When you purchase a new device, or if you have not registered the device before, once you access Insite, the Device Registration window is displayed. The registration information is sent to Radware by E-mail.

To register a device 1. Launch APSolute Insite by clicking on the APSolute Insite icon on your desktop and entering your user name and password, or connect to an unregistered Radware device from the main window. The Device Registration window is displayed. Enter the following information: 3. Name (optional) Your name Phone (optional)Your telephone number E-mail AddressYour e-mail address CompanyYour company name Address The companys address City (optional) The companys city State/Province (optional)The state or province of your company Country (optional) The country of residence Zip/Postal Code (optional) The companys zip code or postal code Device Serial Number The serial number of the Radware device (optional)

2.

In the Device Registration window, click Register to send the registration information immediately; or, click Register Later to save the information for another time. The information is sent by e-mail to Radware and APSolute Insite is registered to you.

118

Document ID: RDWR_IG_1101

Chapter 5 Initial Configuration


This chapter explains how to initially configure Radware devices and includes the following topics: Connecting to a Device Using APSolute Vision, page 119 Connecting to a Device Using APSolute Insite Stand-Alone, page 119 Connecting to a Device Using Insite ManagePro, page 121 Configuring Target Parameters, page 125 Connecting to a Device Using Web Based Management, page 127 Connecting a Device Using the Command Line Interface, page 127 Connecting to an AppWall Device for the First Time, page 128 Connecting to a VirtualDirector Device, page 129 Connecting to an Inflight 3.2 Device, page 129

Notes: >> You connect to and configure AppWall policies only through the AppWall Management Application. For more information see the AppWall Management Application User Guide. >> You connect to and configure CID 3.0 and later only via a Web browser or a CLI. >> You connect to and configure Inflight 3.2 and later only via a Web browser or a CLI. >> You connect to and configure VirtualDirector only via a Web browser or a CLI.

Connecting to a Device Using APSolute Vision


You can connect to and manage AppDirector and DefensePro devices using an APSolute Vision client. For information on how to set up your APSolute Vision site with AppDirector and DefensePro, see the APSolute Vision Administrator Guide. For information on how to use AppDirector and DefensePro with APSolute Vision, see the APSolute Vision User Guide.

Connecting to a Device Using APSolute Insite StandAlone


You can connect to and manage certain Radware devices using APSolute Insite Stand-alone. This section is not relevant for the following products: AppWall CID 3.0 and later Inflight 3.2 and later VirtualDirector

Document ID: RDWR_IG_1101

119

Radware Installation and Maintenance Guide Initial Configuration

To connect to your device using APSolute Insite Stand-Alone 1. Click the icon on your desktop. The following window is displayed.

2. 3. 4. 5. 6.

Type in the User Name and Password. By default the User Name and Password are radware. Click OK. The main APSolute Insite window is displayed. Click . Select Radware Device > (Device Name). A Device icon is displayed in the main window. To connect the device, double-click the Device icon. The Connect <Device Type> Device dialog box is displayed.

7. 8.

Type in the IP Address and the Device Community Name. The default community of Radware products is public. Click OK. The device is connected after a few seconds.

To log in to Insite ManagePro Connect with Web or CLI (console and SSH), with radware as the user name and password.

120

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Initial Configuration

Connecting to a Device Using Insite ManagePro


You can connect to and manage certain Radware devices using Insite ManagePro. This section is not relevant for the following products: AppWall CID 3.0 and later Inflight 3.2 and later VirtualDirector

Initial Insite ManagePro Settings


The following procedures describe the initial settings required before the connection of a device to Insite ManagePro.

To configure a device using Insite ManagePro 1. Connect the Insite ManagePro device to the power supply. Do not power on the device at this stage. 2. Connect the Insite ManagePro to the network using LAN1 Ethernet port and straight cable. 3. Connect an RS-232 cable to the serial port. 4. From the computer you intend to manage your device, open HyperTerminal software or any other terminal software. 5. Turn the device on. The boot-up sequence might take several minutes. Wait for the following display:

APSoluteInsite boot: Loading APSoluteInsite Radware APSolute Insite Version 2.50.13 Build 5/24/2007 10:46:15 AM(Id: 9) localhost login:
6. Use radware as both the user name and password.

Note: There is a terminal idle time-out of 300 seconds. When the time-out elapses, you are required to log in again. After login, the following information is displayed:

Radware APSolute Insite Version 2.50.13 Build 5/24/2007 10:46:15 AM(Id: 9) MAC of Lan1: MAC of Lan2: exit help net ping reboot 0010F30A4C78 0010F30A4C79 Logs out of the device. Displays help. Network configuration. Ping a host. Reboot the device.

Document ID: RDWR_IG_1101

121

Radware Installation and Maintenance Guide Initial Configuration

shutdown statistics system

Shutdown the device. Statistics parameters. System parameters.

To view the currently configured IP address Enter the following command:

[APSOLUTE-INSITE]$ net management-ip get

To delete the currently configured IP address Enter the following command:

[APSOLUTE-INSITE]$ net management-ip destroy [ip address]

To configure a new management IP address Enter the following command:

net management-ip create <management IP> <netmask> [-inf <1|2>]


Use -inf 1 to configure the management IP address on LAN1 port.

Notes: >> Accessing Insite ManagePro is only possible using HTTPS. >> The connection between the Client (browsers station) and Insite ManagePro is secured and is established using a TCP connection on port 1306. >> The connection between Insite ManagePro and Radware devices is established through SNMP. The SNMP connection to a device depends on SNMP (v1 or v3) version supported by the Radware device.

122

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Initial Configuration

To log in to Insite ManagePro 1. After you have configured the management IP address, open your browser and type in the IP address of the device to access Insite ManagePro. 2. Click Yes in all pop-ups. The APSolute Insite Login dialog box is displayed.

3. In the Login dialog box type the User Name, Password; and then, and click OK. The main APSolute Insite window is displayed.

Note: The default user name and password is radware.

Adding an Administrator User

To add an Administrator user 1. From the Insite ManagePro main window, select ManagePro > User Management > Groups > Administrators > Users. The Users window is displayed. 2. In the Users window, click Add. The User Management window is displayed. 3. In the User Name window, enter the necessary information, as follows: 4. User Name, Password, and Verify password accordingly: User Name (read only)Name of the User/Administrator. Password Users encrypted password Verify Verify users encrypted password Updated by The user identification of the user who last changed this users properties.

5. Click OK to save the change and return to the Users window or click Apply to save the change and add another user. 6. At this point you can change or remove the default radware user. After a new administrator user has added, log in with the new account, and then remove or change the default account. This is a recommended security measure.

Document ID: RDWR_IG_1101

123

Radware Installation and Maintenance Guide Initial Configuration

Adding a Device to Insite ManagePro


The following procedures explain how to add a device to Insite ManagePro. To manage the devices you are required to perform this procedure.

To add a device 1. 2. In the User Management, from the tree menu, click Devices. A list of devices is displayed in the Device pane. In the Device pane, click Add. The Devices window is displayed.

3. 4. 5. 6. 7. 8.

Select the Device Type from the drop down list. Enter the Device Name and IP address. If youre using SNMPv1, do not modify the Community Name. Default: public Test connectivity to the device by clicking the Test Device Connection button. Click Apply to save changes. Click OK to close the User Management.

Connecting to a Device Using Insite ManagePro


The following procedures explain how to connect to a device using Insite ManagePro.

Note: You can connect to a device only if you configured it in the User Management window.

124

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Initial Configuration

To connect a device using Insite ManagePro 1. From the main APSolute Insite window, click the button and select Add Radware Device > (name of device). The Add Devices window is displayed.

2. Select the checkbox and click OK. The device is connected to Insite ManagePro.

Configuring Target Parameters


For SNMP versions 1, 2, and 3, the table in APSolute Insites Device Permissions is used to restrict the range of addresses from which SNMP requests are accepted, and to which SNMP traps may be sent.

To configure Target Parameters 1. From the main APSolute Insite window, select Device > Device Permissions. The Device Permissions window is displayed.

Document ID: RDWR_IG_1101

125

Radware Installation and Maintenance Guide Initial Configuration 2. In the Device Permissions window, click SNMP > Targets. The Target Address dialog box is displayed.

3.

Click Add. The Edit Target Address window is displayed and contains the following parameters: Target Address The IP address of the management station. This address is used both to allow access only to the specified IP address and to send SNMP traps to that IP address. Target Mask The network (subnet) mask of the management station. Target Port The TCP port to be used. 161 for SNMP Access and 162 for SNMP Traps. Tag List The tag to be used. This tag must be the same tag as the Community Transport Tag in the Community Table. Parameters The name of the entry in the Target Parameters table to be used when sending the SNMP Traps.

4.

In the Edit Target Address dialog box, set the required parameters:

5.

Click OK. For more information about SNMPv3 settings, refer to Radwares Technical Note at: http://www.radware.com/content/document.asp?_v=about&document=4531. In the case of DefensePro, you are ready to configure security policies.

126

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Initial Configuration

Connecting to a Device Using Web Based Management


The Web Based Management (WBM) graphical user interface does not require any client installation, and is designed for easy and fast single device management. When using WBM, on-line help is also available from the Radware corporate Web site. WBM is supported using Internet Explorer version 6 or 7 (running on Windows). A Java runtime environment must be installed to facilitate WBM.

Note: Web Based Management online help is available by clicking on the Help icon, which is displayed in every screen.

To connect to a device using WBM 1. Connect over HTTPS to the management IP address you configured by the serial terminal console. That is, in your browser address field, enter https://x.x.x.x, where x.x.x.x is the management IP address you configured by serial terminal console. 2. Log in with a valid user in the Device User Table: Default User: radware Password: radware

3. Click OK.

Connecting a Device Using the Command Line Interface


You can manage your device with a proprietary CLI. You can connect to CLI either by serial terminal, SSH, or Telnet.

To connect a device using CLI 1. Connect to the serial interface and use a terminal emulation application to access the CLI.

Note: If you choose to use Telnet or SSH, open a session to the management IP address of the device. 2. From the CLI, type ? at the prompt for a list of commands, or after you type a command, for a command parameters description. Use the Tab key for automatic command completion.

Document ID: RDWR_IG_1101

127

Radware Installation and Maintenance Guide Initial Configuration

Connecting to an AppWall Device for the First Time


You configure and manage AppWall devices with the AppWall Management Application. For the requirements, see Installing AppWall Management Application Client Software, page 84. For information on using AppWall, see the AppWall Management Application User Guide.

To connect to an AppWall device 1. 2. Open your browser and enter the IP address of the device, HTTPS://<Device IP address>. The AppWall Cluster Manager or AppWall Gateway window is displayed. Select System Configuration > Settings to verify that the Cluster Manager Mode is compatible with your license typeeither for AppWall Gateway or AppWall Cluster Manager.

3.

If you need to change the Cluster Manager Mode, do the following: a. b. c. d. Click Setup Cluster Manager. Select the required alternative option button Gateway or Cluster Manager. At the prompt, click OK. Reboot the device.

4.

If you have not already done so, obtain a Cluster Manager license from Radware and install it using the AppWall Management Application from Configuration > AppWall Server > Management > Licenses. For more information, see the AppWall Management Application User Guide. Double-click the AppWall icon on your desktop or run it from the Start menu.

5.

128

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Initial Configuration

Connecting to a VirtualDirector Device


You connect to and manage a VirtualDirector device using a Web browser. You must have Adobe Flash Player 9 or later installed.

Note: For basic device setup, VirtualDirector supports CLI via SSH, Telnet, or a direct serial connection.

To connect to your VirtualDirector device 1. Open a Web browser and enter the IP address or URL of the VirtualDirector management port. 2. Enter the user name and password. The default user name and password are radware. 3. Click Login. The main VirtualDirector window is displayed. For information on configuring and using your VirtualDirector device, see the VirtualDirector Quick Start Guide.

Connecting to an Inflight 3.2 Device


You connect to an Inflight 3.2 device using a Web browser. To connect to an Inflight 3.2 device, you must have Adobe Flash Player 9 or later installed.

To connect to an Inflight 3.2 device 1. Open a Web browser and enter the IP address or URL of the Inflight management port. 2. Enter the user name and password. The default user name and password are admin. 3. Click Login. The main Inflight window is displayed. For information on configuring and using your Inflight device, see the Inflight Getting Started Guide.

Document ID: RDWR_IG_1101

129

Radware Installation and Maintenance Guide Initial Configuration

130

Document ID: RDWR_IG_1101

Chapter 6 Maintenance and Upgrade


This chapter describes maintenance procedures and how to upgrade devices and licenses. This chapter includes the following topics: Shutting Down Devices, page 131 Rebooting Devices, page 132 Upgrading Most Radware Devices, page 141 Upgrading AppWall, page 146 Upgrading APSolute Insite Stand-Alone, page 147 Boot Version Update, page 148

Shutting Down Devices


To shut down most OnDemand Switch or Application Switch devices For OnDemand Switch platforms, using the CLI, at the prompt enter:

shutdown
For Application Switches, using the CLI, at the prompt enter:

reboot -s
Using WBM, select Device > Reset. Using APSolute Vision: a. b. In the Monitoring & Control perspective navigation pane System tab, right-click the device name and select Shutdown. Click Yes in the Confirmation Required dialog box.

Note: The Shutdown command powers-off the devices. Using APSolute Insite, right-click on the device icon and select Shutdown.

Note: The Shutdown command does not power-off the devices, and therefore, needs to be done manually. The same applies to XS devices.

To shut down an APSolute Vision server Using the CLI, at the prompt enter:

shutdown

Document ID: RDWR_IG_1101

131

Radware Installation and Maintenance Guide Maintenance and Upgrade

To shut down a VirtualDirector device 1. 2. From the VirtualDirector main screen displayed in the browser, select System > Control tab. In the right pane, click Power Off Appliance.

To shut down an Inflight device 1. 2. From the Inflight main screen displayed in the browser, select System > Control tab. In the right pane, click Power Off Appliance.

Rebooting Devices
To reboot most Application Switch or OnDemand Switch devices For CLI, at the prompt, enter:

reboot
Using WBM, select Device > Reset. Using APSolute Vision: a. b. In the Monitoring & Control perspective navigation pane System tab, right-click the device name and select Reboot. Click Yes in the Confirmation Required dialog box.

Using APSolute Insite, right-click on the device and select Reboot.

To reboot an APSolute Vision server For CLI, at the prompt, enter:

reboot

To reboot your VirtualDirector device 1. 2. From the VirtualDirector main screen displayed in the browser, select System > Control tab. In the right pane, click Reboot Appliance.

To reboot your Inflight device 1. 2. From the Inflight main screen displayed in the browser, select System > Control tab. In the right pane, click Reboot Appliance.

132

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Maintenance and Upgrade

Managing Device Configuration Files


You should always save existing configurations on each Radware device thus ensuring off-device configuration backup. You can save the configuration by downloading a configuration file (see Downloading and Saving Configuration Files, page 134). You can restore or change a device configuration by uploading a configuration file to the relevant device (see Uploading Configuration Files, page 136). This section contains the following topics: Device Configuration File Format, page 133 Configuration File Content, page 133 Downloading and Saving Configuration Files, page 134 Uploading Configuration Files, page 136

Device Configuration File Format


The latest Radware devices use device configuration files in text format only. When using older versions of Radware devices, the downloaded configuration file is in BER format. To view the BERformat file, you must convert it to ASCII format. However, the configuration file that you upload to the device must be in BER format. The device version window shows the versions that enable or require you to convert formats.

To convert a BER file to ASCII format using APSolute Insite 1. From the APSolute Insite main window, select Device > Configuration File. The Configuration File window is displayed. 2. Select the Edit tab. 3. Select the device or device type as necessary. 4. Select Convert from BER to ASCII. 5. Click the Browse button and navigate to the BER file you wish to convert to ASCII. 6. Select the required configuration file and click OK. The file format is converted to ASCII.

Configuration File Content


The configuration file content is divided into two sections: Commands that require rebooting the deviceThese include BWM Application Classification Mode, Application Security status, Device Operation Mode, tuning parameters modification, and so on. Copying and pasting a command from this section takes effect only after the device is rebooted. The section has the heading: The following commands require resetting the device in order to take effect. Commands that do not require rebooting the deviceCopying and pasting a command from this section takes effect immediately after pasting. The commands in the section are not bound to SNMP. The section has the heading: The following commands take effect immediately.

The commands are printed within each sectionin the order of implementation. At the end of the file, the device prints the signature of the configuration file. This signature is used to verify the authenticity of the file and that it has not been corrupted. The signature is validated each time the configuration file is uploaded to the device. If the validity check fails, the device

Document ID: RDWR_IG_1101

133

Radware Installation and Maintenance Guide Maintenance and Upgrade accepts the configuration, but a notification is sent to the user that the configuration file has been tampered with and there is no guarantee that it works. The signature looks like File Signature: 063390ed2ce0e9dfc98c78266a90a7e4.

Note: The device validates the signature only when you send the complete configuration to the device using replace mode (see Uploading Configuration Files, page 136).

Downloading and Saving Configuration Files


This section contains the following: Downloading Configuration Files Using APSolute Vision, page 134 Downloading Configuration Files Using APSolute Insite, page 135 Downloading Configuration Files Using Web Based Management, page 135 Downloading Configuration Files Using CLI, page 136 Saving an Existing Inflight Configuration, page 136 Saving an Existing VirtualDirector Configuration, page 136

Downloading Configuration Files Using APSolute Vision


You can download a devices configuration file from the device to APSolute Vision. For more information, see the APSolute Vision Administrator Guide and the APSolute Vision User Guide.

To download a devices configuration file using APSolute Vision 1. 2. In the Monitoring & Control perspective navigation pane System tab, right-click the device name and select Get Device Configuration File. Configure the download parameters, and click OK.

Device Configuration File Download Parameters

Parameter
Download to Download Via File Name

Description
Where to back up the device configuration file. Values: Client, Server The protocol used to download the configuration file. Values: HTTP, HTTPS, TFTP Save the downloaded configuration file as a text file on the client system. On the server, the default name is a combination of the device name and backup date and time. You can change the default name.

Type (Not available in AppDirector 1.07.12) Include Private Keys (Not available in AppDirector 1.07.12)

An AppDirector device can generate configuration files for itself, its peer device (active-active configuration), and its backup device (active-backup configuration). You can select any of these files for download. Values: Device, Peer, Backup When enabled, the certificate private key information is included in the downloaded file. You must include the private key information to restore the private keys; otherwise, the device will revert to default keys.

134

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Maintenance and Upgrade

Downloading Configuration Files Using APSolute Insite


You can download the configuration file using Insite ManagePro or APSolute Insite Stand-Alone, to the machine running APSolute Insite.

To download a configuration file using APSolute Insite 1. From the APSolute Insite main window, select Device > Configuration File. The Configuration File window is displayed. 2. Select the Download tab. 3. From the Select Device drop-down list, select the device whose configuration you need to save. 4. Configure the file location and name as required. 5. Click OK. The configuration file is saved.

Downloading Configuration Files Using Web Based Management


If you are downloading a configuration file using Web Based Management, you cannot download to a device configured to use only SNMPv3.

To download a configuration file using Web Based Management 1. Select File > Configuration > Receive from Device. The Download Configuration File window is displayed. 2. For AppDirector devices, from the Configuration Type drop-down list, select one of the following: RegularYou receive the device configuration file. Peer (Active-Active)You receive the device configuration file created for the peer device to support configuration synchronization in an Active-Active topology. You upload this configuration to the peer device. To enable the device to create such a configuration, you need to provide the IP address for the same interface on the peer device for each IP interface that you configured on this device (Router > IP Router > Interface Parameters > Create > Peer Address). This feature (configuration file for Active-Active synchronization) is supported for proprietary redundancy only. Backup (Active-Backup)You receive the device configuration file created for the backup deviceto support configuration synchronization in an Active-Backup topology. You upload this configuration to the backup device. To enable the device to create such a configuration, you need to provide the IP address for the same interface on the backup device for each IP interface that you configured on this device (Router > IP Router > Interface Parameters > Create > Peer Address).

3. If you want the file to include private keys, select the Include Private Keys checkbox. 4. Click Set. The Opening DeviceConfigurationFile<yyyy-MM-dd-hh-mm-ss> dialog box is displayed. 5. Configure the file location and name as required. 6. Click OK. The file is downloaded.

Document ID: RDWR_IG_1101

135

Radware Installation and Maintenance Guide Maintenance and Upgrade

Downloading Configuration Files Using CLI


If you are downloading a configuration file using CLI and SNMPv3, you cannot download to a device supporting only SNMPv1.

To download a configuration file using CLI Enter the following command:

system config download <File> <Server IP address>

Note: You can display the existing configuration using CLI using the command system config immediate. Then, you can copy the configuration file text to a text editor and save it as you require.

Saving an Existing Inflight Configuration

To save an existing Inflight configuration 1. 2. 3. Select Global Settings > Save Points. Click Create and write a comment that describes the save point. Click Create. The current configuration is saved and is displayed in the list of saved points.

Saving an Existing VirtualDirector Configuration

To save an existing VirtualDirector configuration 1. 2. 3. Select Global Settings > Save Points. Click Create and write a comment that describes the save point. Click Create. The current configuration is saved and is displayed in the list of saved points.

Uploading Configuration Files


This section contains the following: Upload Mode, page 137 Uploading a Configuration File Using APSolute Vision, page 138 Uploading a Configuration File Using APSolute Insite, page 139 Uploading a Configuration File Using Web Based Management, page 139 Uploading a Configuration File Using CLI, page 139 Restoring an Existing Inflight Configuration, page 140 Restoring an Existing VirtualDirector Configuration, page 140

136

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Maintenance and Upgrade

Note: The configuration file of a device that contains SNMPv3 users with authentication can only be used by the specific device that the users configured. When you upload a configuration file to another device, passwords need to be re-entered, since passwords (of SNMPv3 users) cannot be exported from one device to another. Therefore, there must be at least one user in the user table (to be able to change the password) in order to upload a configuration to another device.

Upload Mode
With WBM and APSolute Insite, you can upload a configuration file to a device using one of the following modes: Append Commands to Configuration File Append Commands to Configuration File with Reboot Replace Configuration File

Append Commands to Configuration File


Using the Append Commands to Configuration File mode, it is possible to add parts of a configuration into a device. The Append Commands to Configuration File method is supported using the following management options: By pasting the configuration into the terminal using the command

system config paste start. Once all the data is pasted, you must enter the command system config paste stop.
By uploading the file using Web Based Management and selecting the option Append Commands to Configuration File in the Upload Configuration File to Device window. By executing the terminal command system config upload append.

Using the Append Commands to Configuration File method, you can only append commands that do not require rebooting the device for the commands to take effect, for example, defining a Server or adding an IP Interface. If a command that requires reboot is pasted or uploaded to the device using the Append Commands to Configuration File method, the command is not implemented. To log the command outputs in the terminal, you need to run the command system config upload append with the -v option, whereby the output to the terminal displays each command and its resultthat is, whether the action succeeded or not.

Append Commands to Configuration File with Reboot


Using the Append Commands to Configuration File with Reboot mode, it is possible to add parts of a configuration to a device. The difference between this option and the Append Commands to Configuration File option is that this option also supports commands that require rebooting the device for the commands to take effect. This includes commands like enabling BWM or modifying a Tuning value. The flow of commands implementation when using the Append Commands to Configuration File with Reboot option is as follows: 1. All commands that require rebooting the device are implemented. 2. The device is rebooted. 3. All commands that do not require rebooting the device are implemented.

Document ID: RDWR_IG_1101

137

Radware Installation and Maintenance Guide Maintenance and Upgrade The Append Commands to Configuration File with Reboot, method is supported using the following management options: By performing the terminal command system config upload append-reboot. By uploading the file using Web Based Management and selecting the option Append Commands to Configuration File with Reboot in the Upload Configuration File to Device window.

To log the command outputs in the terminal, you need to run the command system config upload append-reboot with the -v option, whereby the output to the terminal displays each command and its resultthat is, whether the action succeeded or not.

Replace Configuration File


Using the Replace Configuration File mode, it is possible to replace the complete configuration file with a new configuration file. Performing this action requires rebooting the device. The Replace Configuration File method is supported using the following management options: By performing the terminal command system config upload replace. By uploading the file using Web Based Management and selecting the option Replace Configuration File in the Upload Configuration File to Device window.

When using this option, it is possible to upload to the device either a configuration file in ASCII or BER format. When using the Replace Configuration File option, it is possible to upload either a configuration file in ASCII or BER format.

Uploading a Configuration File Using APSolute Vision

To upload a devices configuration using APSolute Vision 1. 2. 3. In the Monitoring & Control perspective navigation pane System tab, right-click the device name and select Send Configuration File to Device. Configure upload parameters, and click OK. When upload completes, reboot the device.

Device Configuration File Upload Parameters

Parameter
Upload from Upload Via File Name

Description
The location of the backup device configuration file to send. Values: Client, Server The protocol used to download the configuration file. Values: HTTP, HTTPS, TFTP When uploading from the client system, enter or browse to the name of the configuration file to upload. When uploading from the server, select the configuration to upload.

138

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Maintenance and Upgrade

Uploading a Configuration File Using APSolute Insite

To upload a configuration file using APSolute Insite 1. From the APSolute Insite main window, select Device > Configuration File. The Configuration File window is displayed. 2. Select the Upload tab. 3. Type the file path of the file, or click Browse to navigate to the required file. 4. Select the required upload mode (see Upload Mode, page 137). 5. Click OK. The selected configuration is restored. 6. After the restored configuration has been applied to the Radware device, reboot the unit.

Uploading a Configuration File Using Web Based Management

To upload a configuration file using Web Based Management 1. Select File > Configuration > Send to Device. The Upload Configuration File to Device window is displayed. 2. Select the required upload mode (see Upload Mode, page 137). 3. Type the file path of the file, or click Browse to navigate to the required file. 4. Click OK. The selected configuration is restored. 5. After the restored configuration has been applied to the Radware device, reboot the unit.

Uploading a Configuration File Using CLI

To upload a configuration file using CLI Enter the following command

config upload <append|append-reboot|replace> [-v]


where:

append represents the Append Commands to Configuration File upload mode (see Upload Mode, page 137). append-reboot represents the Append Commands to Configuration File with Reboot upload mode (see Upload Mode, page 137). replace represents the Replace Configuration File upload mode (see Upload Mode, page 137). -v causes the output to the terminal displays to include the resultthat is, whether the
action succeeded or not.

Document ID: RDWR_IG_1101

139

Radware Installation and Maintenance Guide Maintenance and Upgrade

Restoring an Existing Inflight Configuration

To restore an existing Inflight configuration 1. 2. 3. Select Global Settings > Save Points. Choose the configuration to restore from the list of available saved configurations. Click Restore button and answer Yes in the confirmation popup.

Restoring an Existing VirtualDirector Configuration

To restore an existing VirtualDirector configuration 1. 2. 3. Select Global Settings > Save Points. Choose the configuration to restore from the list of available saved configurations. Click Restore button and answer Yes in the confirmation popup.

Configuration Log
The configuration log includes every error printout that occurs when uploading text files.

Notes: >> In addition to the log file, each event is also issues to Email, syslog, SNMP, and the console. >> Errors occurring during the upload of BER files are not logged. You can manage the configuration log using the following management options: APSolute VisionIn the Monitoring & Control perspective navigation pane System tab, rightclick the device name, select Get Log File from Device, configure the download parameters, and click OK. APSolute InsiteSelect Device > Configuration File > Download tab. Web Based ManagementSupports the following functions: Clear the file Select File > Configuration > Log File > Clear. Download the file Select File > Configuration > Log File > Get. Display the file Select File > Configuration > Log File > Show.

CLIUse the following command:

system config logfile <get|reset>

Note: If there is no room to store the file on the devices compact flash, the device does not log any information within the log file.

140

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Maintenance and Upgrade

Upgrading Most Radware Devices


You can upgrade Radware devices to newer versions with a straightforward FLASH process. Depending on the maintenance contract, you may be eligible for new versions with new features or only for the maintenance versions. Device upgrade involves two steps: 1. Saving the current device configuration. 2. Upgrading the device software. A device upgrade enables the new features and functions on the device without altering the existing configuration. In exceptional circumstances, new firmware versions are incompatible with legacy configuration files from earlier firmware versions. This most often occurs when users attempt to upgrade from very old firmware to the most recently available version. New firmware versions require a password. You can obtain this password from the Radware corporate Web site. You must obtain this password before you load the upgrade file onto the Radware device. If you do not supply the correct password during the upgrade process, you cannot upgrade, the device will abort the upgrade process, and will revert to the installed version of software. For a maintenance-only upgrade, the password is not required. The password is based on the firmware version file and on the Base MAC address of the unit.

Note: Before upgrading to a newer software version, save the existing configuration file.

Upgrading Device Software


You can upgrade your device software with newer software releases from Radware. Your maintenance contract determines whether you are entitled to new software versions with new features or only maintenance versions. To upgrade, download the software file and obtain a special upgrade password from http://www.radware.com/content/support/Software_upgrade/default.asp. The upgrade password is based on the Base MAC address (that is, the address of the first interface) of your device and on the version software file size. You will be asked for that password during the upgrade of your device. This section contains the following topics: Upgrading Device Software Using APSolute Vision, page 141 Upgrading Device Software Using APSolute Insite, page 142 Upgrading Device Software Using Web Based Management, page 143 Upgrading Device Software via CLI for AppXcel, page 144

Upgrading Device Software Using APSolute Vision


You can upgrade the software version on managed devices from APSolute Vision. A device upgrade enables the new features and functions on the device without altering the existing configuration. In exceptional circumstances, new software versions are incompatible with legacy configuration files from earlier software versions. This most often occurs when attempting to upgrade from a very old version to the most recently available version. The software version file must be located on the APSolute Vision client system. APSolute Vision automatically transfers it to the APSolute Vision server and uploads it to the device. New software versions require a password, which can be obtained from the Radware corporate Web site. For a maintenance-only upgrade, the password is not required.

Document ID: RDWR_IG_1101

141

Radware Installation and Maintenance Guide Maintenance and Upgrade After the device upgrade is complete, you must reboot the device.

Notes: Before upgrading to a newer software version: >> Back up the existing configuration file. >> Ensure that you have configured on the device the authentication details for the protocol used to upload the file.

To update the device software version 1. 2. 3. In the Monitoring & Control perspective navigation pane System tab, right-click the device name and select Manage Software Versions. Configure software upgrade parameters, and click OK. When the device upgrade is complete, reboot the device.

Software Upgrade Parameters

Parameter
Upload Via

Description
The protocol used to upload the software file from APSolute Vision to the device. Values: HTTP, HTTPS, TFTP The name of the file to upload. The software version number as specified in the new software documentation. Enter the password received with the new software version, and verify. The password is case sensitive.

File Name Software Version Password

Upgrading Device Software Using APSolute Insite


You can download a new software version of most Radware products using APSolute Insite. For versions using File Systems mechanism, the firmware file is in TAR format; whereas for nonfilesystem versions, the firmware file is in binary (BIN) format.

Notes: >> Before initiating a software-version update on Application Switches running file system version, ensure that a back-up application is installed in the internal flash. To do this, run the following CLI command on the device:

system file-system files copy-to-internal-flash <N> where <N> is the index of the software to be copied.
>> You obtain the index by looking at the software versions available on the device. To display the index, run the following command:

system file-system software

142

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Maintenance and Upgrade

To upgrade device software using APSolute Insite 1. From the main APSolute Insite window, double-click the device icon. The device Set-Up window is displayed. 2. Click Device Upgrade. The Device Upgrade window is displayed. 3. In the File Name text box, type the file path of the file, or click Browse to navigate to the required file. 4. In the Password text box, type the password received with the new software version.

Note: The password is case sensitive. 5. In the New Version text box, type the software version number as specified in the new software documentation.

Note: If Enable New Version is selected (default), the device operates according to the new version after the software download process is complete, otherwise the device operates according to the previous version. 6. Click Send. The status of the upload is displayed in the Progress Status bar. You are prompted to restart the device.

Note: If you are using an external TFTP server to upload or download files, the TFTP server does not provide information on the status or progress of the file transfer, so APSolute Insite cannot display this information.

Upgrading Device Software Using Web Based Management

To upgrade device software using Web Based Management 1. Select File > Software Update. The Software Update window is displayed. 2. In the Password text box, type the password received with the new software version.

Note: The password is case sensitive. 3. In the Software version text box, type the software version number as specified in the new software documentation. 4. In the File text box, type the name of the file, or click Browse and browse to the required file.

Document ID: RDWR_IG_1101

143

Radware Installation and Maintenance Guide Maintenance and Upgrade 5. Do one of the following: 6. 7. If you want the device to operate according to the new version after the software download process is complete, select the Enable New Version checkbox (default). If you want the device to operate according to the previous version, clear the Enable New Version checkbox.

Click Set. The device reboots, which takes a few minutes. Verify that the console message shows the upgraded version.

Upgrading Device Software via CLI for AppXcel

To upgrade Device software via CLI for AppXcel 1. 2. Copy the upgrade software image to your device. At the prompt in the relevant location, enter the following command as appropriate: 3. 4. 5. For Windows use: pscp <full path> radware@<IP address>:/tmp For Unix use: scp

At the device console, type the command: system upgrade <password>. Enter the password generated by the password generator. After the device reboots, verify that the console message shows the upgraded software version.

Upgrading Licenses
You can upgrade the software capabilities of Radware devices using the licensing mechanism, for example, to add APSolute OS support.

Notes: >> For Application Switch 5, you can add support for the 10 Gigabit Ethernet port using the hardware licensing mechanism. >> For more information on licenses, contact Radware Technical Support. When you order a part number for the license upgrade, you receive from Radware a new license code and depending on the type of upgrade, a RAM extension that you should physically install in the device.

Licensing Mechanism
To change the license, you need to insert a new license code. The license provided to you, is a onetime license, meaning that once this license is changed, the old license code cannot be re-used. For example, if an APSolute OS license was given to you on a trial basis and not purchased, Radware provides you with another license. The old license cannot be reused without APSolute OS support. The license is based on the MAC address of the device, and on a license ID that is changed every time a new license is inserted. To get a license upgrade, you need to send the MAC address and the current license ID of the device. To perform a license downgrade, send the MAC address and the current license ID of the device. Once you receive and insert this new license, a screen capture of the License Upgrade window, or the output of system license get CLI command, must be sent to Radware to prove that you are using the new license.

144

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Maintenance and Upgrade

Upgrading Software Licenses

To upgrade a software license using APSolute Insite 1. From the main APSolute Insite window, double-click the device icon. The device Set-Up window is displayed. 2. Click Device Upgrade. The Device Upgrade window is displayed. 3. Click License Upgrade. The License Upgrade pane is displayed with the current license in the New License Code text box. 4. In the New License Code text box, type your new license code.

Note: The license code is case sensitive. 5. Click OK. The Information box prompts you to reset the device to validate the license. 6. Click OK to perform the reset. The reset may take a few minutes. A success message is displayed on completion.

Upgrading Hardware Licenses


Note: For Application Switch 5, you can add support for 10-Gigabit Ethernet port by means of the hardware licensing mechanism. This feature is only available for Application Switch 5.

To upgrade a hardware license using APSolute Insite 1. From the main APSolute Insite window, double-click the device icon. The device Set-Up window is displayed. 2. Click Device Upgrades. The Device Upgrades window is displayed. 3. Click the Hardware License tab. The License Upgrade pane is displayed with the current license in the New License Code text box. 4. Type your new license code.

Note: The license code is case sensitive. 5. Click OK. The Information box prompts you to reset the device to validate the license. 6. Click OK to perform the reset. The reset may take a few minutes. A success message is displayed on completion.

Document ID: RDWR_IG_1101

145

Radware Installation and Maintenance Guide Maintenance and Upgrade

Upgrading AppWall
The following section describes the upgrade procedure for AppWall. The AppWall upgrade procedure comprises the following: Upgrading an AppWall Device, page 146 Upgrading AppWall Management Application, page 147

AppWall upgrade prerequisites: Console access to the device that you are upgrading. AppWall upgrade and recovery imageYou can download the AppWall upgrade and recovery image for your device version from the Radware Web site. AppWall Management Application packageYou can download the AppWall Management Application package from the Radware Web site.

Upgrading an AppWall Device

To upgrade an AppWall device 1. 2. 3. 4. In the Management Console, select System Configuration > Backup/Restore. In the AppWall Upgrade/Repair section, click Upload. Select the Upgrade package that you downloaded from the Radware Web site; and then, click Upload. Choose the image file; and then, click Upgrade Image.

Note: If the image file does not appear in the list after upload completes, switch to another window and then return to the Restore/Backup window. 5. 6. 7. 8. A dialog box is displayed prompting to reboot the device. Connect to the machine console and reboot the device. After rebooting, log in through the console window. The console boot menu is displayed. Select Temporary Upgrade boot, and press Enter. The following CLI menu is displayed.

9.

Choose 1. Upgrade.

10. After the procedure completes, reboot the device again.

146

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Maintenance and Upgrade

Upgrading AppWall Management Application


You must upgrade AppWall Management Application on each host that manages AppWall devices.

To upgrade the AppWall Management Application 1. Run the AppWall Management Application package that you downloaded from the Radware Web site. 2. Follow the instructions in the installation wizard and select Upgrade.

Upgrading APSolute Insite Stand-Alone


You may want to upgrade APSolute Insite Stand-Alone to benefit from new features and device version support. The new version ZIP package can be downloaded from the Support section on the Radware Web site.

To upgrade a stand-alone standard APSolute Insite version 1. Extract the ZIP file to a directory on your hard drive. 2. When the extraction process is complete, your directory contains the Insite folder, which contains the following files:

ConfigwareInsite.zip CwisExec.dll ExternalTools.jar Installation.bat Installation.jar Installation.sh SharedInsite.jar

3. Double-click on the Installation.bat file to start the installation process. The APSolute Insite Installation window is displayed. 4. From the APSolute Insite Installation window, select Accept to agree to the terms of the license agreement. The Next button becomes available. 5. Click Next to continue. A window is displayed, enabling you to select an installation directory. 6. In the Installation Directory text box, type the installation directory name in which APSolute Insite is currently installed or click Browse to navigate to the required directory.

Note: After the installation a folder called ConfigwareInsite is automatically added to this directory. This folder contains the new APSolute Insite software and also this is the default location of the folders that contain new sites. To avoid having directories like: c:\Program files\APSolute Insite\APSolute Insite... in your system, give the Installation Directory name different from just APSolute Insite. For example, you can name this directory APSolute Insite version x.

Document ID: RDWR_IG_1101

147

Radware Installation and Maintenance Guide Maintenance and Upgrade 7. 8. 9. Click Next to continue. A window is displayed, enabling you to save your configuration parameters in the required location. Type the names of the directories where you want to save the configuration parameters, or click Browse to locate those directories. Click Next to continue. The program files are copied to the selected destinations.

10. Click Next to continue. 11. To enable collecting traps sent from the device when APSolute Insite is not running, select Traps Service.

Note: If Trap Service is not selected, the traps are collected only when APSolute Insite is running. 12. Click Next to continue. A window is displayed with a progress bar that indicates the progress of the Trap Service registration. 13. Click Next to continue. A window is displayed with a success message, indicating that the procedure has been completed successfully. 14. Click Finish to exit the installation. 15. You can access the software by double-clicking on the Insite.bat file, the APSolute Insite icon on the desktop, or from the Start menu, select Programs > Radware > APSolute Insite.

Boot Version Update


As Radwares product line develops, it may become necessary to upgrade a devices boot code to support new firmware. For more information regarding boot code compatibility with older firmware versions and configurations, go to http://www.radware.com/content/support/software/bootprom/default.asp. Radware Application Switch units are supplied with two boot PROMs, only one of which is used for the active boot process. The second PROM can be flash upgraded through the CLI only to a newer version. Once the process is completed, you can configure the device to boot from the secondary PROM (the one with the new boot code) using a DIP switch. The information below provides the steps for upgrading and switching a devices boot code. Compact Application Switch has only one PROM. OnDemand Switch platforms have two PROMs, but these are BIOS and have no DIP switch.

Application Switch Boot Version Update


On Application Switch 1, whenever a new boot version is required you must update it manually prior to downloading the new software version. On Application Switch 2 and Application Switch 3, new boot versions are updated automatically during the software download processif the new software version includes a new boot version. For Application Switch 2, you will be prompted to change the position of the DIP switch that defines which boot is used.

148

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Maintenance and Upgrade

To upgrade the boot version manually 1. Obtain the file with the new boot version from Radware Technical Support. 2. Reboot the device, press any key to stop the auto boot. Type u to download new boot version. The following message appears: >u port (com1, com2 or Enter to choose the default (com1)): com1 baud rate (valid baudrate) or Enter to choose the current: 19200 Please download program using XMODEM. For port use: com1. 3. Send the new boot file to the device using the Xmodem protocol. The new boot version is written into the non-active boot. 4. To boot the device with the existing boot, type @ when prompted with Download completed. boot flash address 0x1c000000 boot flash number 0 update done. > 5. To start using the non-active boot, the position of the DIP switch needs to be changed (Application Switches 1 and 2 only). Before changing the position of the DIP switch turn the power off. Locating the active boot selection switch: Devices with an external DIP switch at the rear of the device: Looking at the rear panel of the device, the boot selection switch is the first switch from the left and is labeled ACT and BOOT and with the number 1. Devices with internal DIP switch: The device has to be powered off and opened up to access the DIP switch. Looking at the rear of the open device, the switch for the boot selection is located above the right corner of the power supply. The active boot selection switch is the first switch from the left of the eight (8) switches, labeled with the number 1. The Application Switch platform has two boot EPROMs, labeled Boot1 and Boot2. With the switch in the down position, which is the default position, the device uses Boot1. Changing the switch to the up position sets the device to use Boot2.

6. After the DIP switch position is changed, turn the power on.

Note: On Compact Application Switch (CAS), whenever a new boot version is required, you must replace the boot EPROM prior to downloading the new software version. For more information, see the CAS Boot EPROM Replacement document. You can get the document from http://www.radware.com/content/document.asp?_v=about&document=3961.

Document ID: RDWR_IG_1101

149

Radware Installation and Maintenance Guide Maintenance and Upgrade

150

Document ID: RDWR_IG_1101

Chapter 7 Troubleshooting
The chapter includes the following topics: Troubleshooting Most Radware Products, page 151 Troubleshooting AppXcel, page 158 Reinstalling APSolute Vision, page 161 Troubleshooting APSolute Insite, page 161 Troubleshooting Fan Failure, page 162

Troubleshooting Most Radware Products


This section provides troubleshooting information for the following Radware products and related devices: AppDirector AppWall CID DefensePro LinkProof SecureFlow SIP Director

This section includes the following topics: Troubleshooting for OnDemand Switch Platforms, page 151 Troubleshooting for Application Switches 1, 2, 4, and 5, page 156

Troubleshooting for OnDemand Switch Platforms


This section includes the following: Troubleshooting Table for OnDemand Switch Platforms, page 152 OnDemand Switch Software Recovery, page 152

Document ID: RDWR_IG_1101

151

Radware Installation and Maintenance Guide Troubleshooting

Troubleshooting Table for OnDemand Switch Platforms


The following table describes problems, possible causes, and solutions.

Table 52: Troubleshooting for OnDemand Switch Platforms

Problem
The device cannot install an application and stops at boot ROM CLI, indicating the reason.

Possible Cause
Either no valid application found, the TAR file on the USB or CF device includes an invalid application, or there is a hardware problem.

Solution
Remove the TAR files from the USB or CF device. Add a new TAR file to the USB or CF device, and try to reinstall (see OnDemand Switch Recovery With Bootable USB Mass Storage Device, page 153 or OnDemand Switch Recovery with Non-bootable USB Device or CompactFlash Device, page 155 as appropriate). If the error persists, it is a hardware issue.

The device tries to run an application but resets.

Either there is an invalid BIOS Remove the TAR files from the USB or or there is a hardware CF device. Add a new TAR file to the problem. USB or CF device and try to reinstall. If the error persists, it is a hardware issue, and contact Radware Technical Support. Restart the device. An ordinary upgrade process is also available.

The application started, Some minor mismatch in but a warning was printed. configuration.

OnDemand Switch Software Recovery


The following sections contain the procedures to salvage an OnDemand Switch platform that failed during system boot. Before starting the procedure, contact Radware Technical Support to validate that this is the only rescue-measure option. This section includes the following: OnDemand Switch Recovery With Bootable USB Mass Storage Device, page 153 OnDemand Switch Recovery with Non-bootable USB Device or CompactFlash Device, page 155

The procedure that you use depends on the OnDemand Switch model. Some OnDemand Switch models use a recovery procedure with a bootable USB mass storage (UMS) device. Other models use a recovery procedure with a non-bootable UMS device or a CompactFlash device.

Note: For information on the various OnDemand Switch models, see General Specifications of OnDemand Switch Platforms, page 172. The following table lists the OnDemand Switch models and the recovery procedure.

Table 53: OnDemand Switch Model and Recovery Procedure

Model
OnDemand Switch VL OnDemand Switch VL EL OnDemand Switch VL XL OnDemand Switch 1

Recovery with Bootable USB Device


9 9 9

Recovery with Non-bootable USB or CompactFlash

152

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Troubleshooting

Table 53: OnDemand Switch Model and Recovery Procedure

Model
OnDemand Switch 1 XL OnDemand Switch 2 OnDemand Switch 2 S1 OnDemand Switch 2 S2 OnDemand Switch 2 XL OnDemand Switch 3 OnDemand Switch 3 S1 OnDemand Switch 3 S2 OnDemand Switch 3 v.2 OnDemand Switch 3 XL

Recovery with Bootable USB Device

Recovery with Non-bootable USB or CompactFlash


9 9 9 9 9 9 9 9

9 9

OnDemand Switch Recovery With Bootable USB Mass Storage Device


This section describes OnDemand Switch recovery with a bootable USB mass storage (UMS) device.

Note: The following procedure is current supported only using Windows. Prerequisites: A supported UMS device. Radware has verified that the following USB devices are compatible with the relevant OnDemand Switch devices. Apacer Handy Steno AH223 2 GB and 4 GB Kingston DataTraveller 512MB, 1 GB, and 2 GB SanDisk 2 GB

The USB must be first in the boot sequence (as defined in the BIOS).

Note: The USB is, by default, first in the boot sequence. The archive bootUsbRcvry.zip file. You can obtain the file from the Radware Web site. You can obtain the file from one of the following links: For all OnDemand Switch VL platforms, use https://www.radware.com/content/document.asp?_v=about&document=12869 For OnDemand Switch 3 v.2 or OnDemand Switch 3 XL, use https://www.radware.com/content/document.asp?_v=about&document=12944

A valid TAR application file for the relevant version of your product. You can obtain the file from https://www.radware.com/content/support/software/statusmatrix/default.asp?_v=statusmatrix. A valid system license.

Document ID: RDWR_IG_1101

153

Radware Installation and Maintenance Guide Troubleshooting

To reinstall the software using Windows 1. 2. 3. 4. Extract the archive bootUsbRcvry.zip file into a directory on your computer. Open the command shell, and change the working directory to the directory into which you extracted the contents of the archive file. Plug the UMS device into your computer. Run the following command:

mkusb.bat <Drive letter associated with your USB device>:

Note: The trailing colon (:) is required (for example: mkusb.bat k:). 5. Follow the instructions displayed on the console. The batch file formats the UMS device and copies the required files into it. You need to confirm some steps of the batch job by pressing Enter. The new volume label after formatting is not essential, so you may leave it empty by pressing Enter. When the USB device is ready, copy the TAR application file to the root directory of the USB device. Unplug the USB device from your host computer. Insert the USB device into the OnDemand Switch. Turn on the OnDemand Switch. The OnDemand Switch device boots from the USB. When successful, the application installation process runs automatically and displays progress information on the console.

6. 7. 8. 9.

10. When the primary installation is completed, remove the USB device from the OnDemand Switch. The OnDemand Switch device will prompt and wait for this confirmation. 11. Press Enter to confirm the USB is out of the OnDemand Switch. 12. When prompted, enter the license, which you obtain from Radware Technical Support. 13. Enter the password. 14. When prompted, restart the OnDemand Switch.

Note: In case of failure, an appropriate message is printed to the terminal.

154

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Troubleshooting

OnDemand Switch Recovery with Non-bootable USB Device or CompactFlash Device


This section describes OnDemand Switch recovery with a non-bootable UMS device or a CompactFlash device. Prerequisites: An OnDemand Switch Recovery Executable file. You can obtain the (compressed) OnDemand Switch Recovery Executable file from https://www.radware.com/content/document.asp?_v=about&document=8216. A valid TAR application file for the relevant version of your product. You can obtain the file from https://www.radware.com/content/support/software/statusmatrix/default.asp?_v=statusmatrix. One of the following: A supported USB storage device with the uncompressed OnDemand Switch Recovery Executable file and TAR application file. The TAR file must be located at the root of the USB device. To avoid problems, make sure to have only one TAR at the root of the USB device. Radware has verified that the following USB devices are compatible with the relevant OnDemand Switch devices: A-DATA Nobility PD4 4 GB Apacer Handy Steno AH223 2 GB and 4 GB Kingston DataTraveller 512MB, 1 GB and 2 GB PQI Intelligent Drive i810 Plus 2 GB and 4 GB SanDisk 2 GB CompactFlash device with the uncompressed OnDemand Switch Recovery Executable file and TAR application file. The TAR file must be located at the root of the USB device. To avoid problems, make sure to have only one TAR at the root of the CompactFlash device.

A valid system license.

To reinstall the software 1. Insert the USB storage device or CompactFlash device with the required files into the OnDemand Switch. 2. Connect a terminal to the serial port located to the front panel of the OnDemand Switch. 3. Open the Command Line Interface (CLI). 4. From the CLI, enter reset to reboot the device. A line similar to the following line is displayed:

FILO version 0.5 (root@linux) Tue Jul 10 12:23:09 IDT 2009


5. Press Esc. The bootprompt is displayed. 6. For USB reinstallation, do the following: a. From the CLI, enter the following command:

uda:/install b. If the message Unknown filesystem type is displayed, enter the following command: uda1:/install
c. a. b. Wait for the license prompt (up to approximately three minutes). From the CLI, enter the following command: 7. For CompactFlash reinstallation, do the following:

hda1:/install
Wait for the license prompt (up to approximately three minutes). 8. At the prompt, enter the license, which you obtain from Radware Technical Support. 9. Enter the password.

Document ID: RDWR_IG_1101

155

Radware Installation and Maintenance Guide Troubleshooting

Troubleshooting for Application Switches 1, 2, 4, and 5


This section provides hardware troubleshooting for Application Switches 1, 2, 4, and 5.

Note: Most cases of suspected hardware problems are usually incorrectly identified and may be software related.

Table 54: Troubleshooting for Application Switch 1, Application Switch 2, Application Switch 4, and Application Switch 5

Platform
Application Switch 1 Application Switch 2 Application Switch 4 Application Switch 5

Problem
After powering up the device, the power LED remains unlit.

Possible Solution
Check the following: Verify that the power lead is correctly connected to the main supply and to the device. Ensure that the On/ Off switch located on the back panel of the device is in the On position.

Outcome
If all the previously described requirements are met and the device power LED remains unlit, contact Radware Technical Support.

Application Switch 1 Application Switch 2 Application Switch 4 Application Switch 5

The device Power LED is lit, however there is no console response.

Do the following: Check that the serial cable is properly connected to the device. Use the Radware-supplied console cable only, as other cables may not be compatible. Check that the serial port parameters, including speed, are correctly configured.

If the problem persists, contact Radware Technical Support.

156

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Troubleshooting

Table 54: Troubleshooting for Application Switch 1, Application Switch 2, Application Switch 4, and Application Switch 5

Platform
Application Switch 1 Application Switch 2 Application Switch 4 Application Switch 5

Problem
The Device LEDs are lit, however the device does not communicate via the LAN ports.

Possible Solution

Outcome

Connect to the device If the problem persists, serial port and open a contact Radware terminal connection. If Technical Support. fatal error messages appear on the terminal and no product prompt is displayed, this indicates an incomplete boot process. The following process should be implemented to eliminate possible causes: 1. Stop during boot countdown and erase the configuration (q1 command). 2. Reboot (@) and enter the connectivity data (IP address) in the Startup Configuration window. If the problem persists, check the Release Notes to verify that the product matches the running boot version. If not, update the boot version.

Application Switch 1 Application Switch 2

Boot upgrade failure: After the boot upload is complete (via XMODEM), a Write Protection Error message is displayed on the ASCII terminal.

Perform the following steps: 1. Change the position of DIP switch 1. 2. Upload the boot image again.

If a Write Protection Error is displayed again, contact Radware Technical Support.

Document ID: RDWR_IG_1101

157

Radware Installation and Maintenance Guide Troubleshooting

Table 54: Troubleshooting for Application Switch 1, Application Switch 2, Application Switch 4, and Application Switch 5

Platform
Application Switch 1 Application Switch 2

Problem
After a successful boot image upload and change of the DIP switch 1 position, followed by reboot, the device still boots up with the older version. Device-port communication failure. (If the device fails to communicate through one or more of its LAN ports).

Possible Solution
Verify that DIP switch 1 (the left-most on the DIP switch bank) was moved (not 8 by mistake).

Outcome
If the correct DIP switch was moved, this indicates DIP switch failure. Contact Radware Technical Support.

Application Switch 1 Application Switch 2 Application Switch 4 Application Switch 5

Do the following: 1. Check that the correct cable was used. Radware strongly recommends using cross-over cables when connecting to other switches, and straight cables when connecting to hosts/ routers and so on. 2. Verify that the correct speed and duplex mode are configured on both the Radware device and the device (switch, router, or host) connected to its ports.

If the problem persists, contact Radware Technical support.

Troubleshooting AppXcel
This section describes AppXcel troubleshooting and includes the following topics: Resetting the Device Password, page 159 Tcpdump, page 159 Safe Mode, page 160 Exporting a Configuration for Radware Technical Support, page 161

158

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Troubleshooting

Resetting the Device Password


You can reset the devices login password. Reset reverts to AppXcel default configuration and erases existing configuration.

To reset the password Connect with a console to the serial port, reboot AppXcel and log in with the following: Username = emerg Password =!reset!

Note: Resetting the password causes AppXcel to reboot (type: YES in uppercase when prompted to confirm reboot) and revert to its default configuration, effectively erasing the previous configuration.

Tcpdump
You can use tcpdump on any AppXcel interface. You can output the dump to the CLI prompt or export it to a file (over zmodem or SSH). Use the following tcpdump commands at the prompt:

system tcpdump print [-t <time-out (sec)>] [-c <max number of packets>] [-s <size>]
Displays the TCP dump at the prompt. The information is continuously printed to the screen until the collection time-out is over.

system tcpdump export [-t <time-out (sec)>] [-c <max number of packets>] [-s <size>]
Exports the TCP dump information to a text file. Information is saved in the file until the collection time-out is over.

where:

-t is the period for the TCP dump to collect data. Default: 60 seconds. -c is the maximum number of packets to collect. Default: 10000 packets. -s is the maximum packet length to be captured. Default: 0 (capture whole packet).

It is possible to apply traffic filters to the dump. AppXcel uses the Ethereal format of expressions. For a complete description refer to http://www.ethereal.com/docs/man-pages/tcpdump.8.html.

Examples Commonly used filters


A B To filter by destination IP, enter and the IP. To filter by source IP, enter src host and the IP. To filter by destination TCP port, enter dst port and the port. To filter by source port, src port and the port.

Document ID: RDWR_IG_1101

159

Radware Installation and Maintenance Guide Troubleshooting

Safe Mode
AppXcel may encounter software problems in certain cases such as the following: Software upgrade or downgrade to an unsupported version, or a corrupt software file Connection disruption when importing a configuration file to AppXcel Forgotten login or password

To troubleshoot these, you can use Safe Mode. Safe Mode is a basic operation mode you can enter after rebooting the device. From Safe Mode you can upgrade or downgrade to a supported version to restore the device and its configuration.

To enter Safe mode 1. 2. 3. 4. Connect to AppXcel with a serial console. Reboot AppXcel. Press the Tab key when the following message is printed to the console: AppXcel boot Choose Safe Mode from the available options displayed within 5 seconds. If successful, AppXcel displays the following:

Radware AppXcel Safe Mode Safe-Mode login:

The default user name and password is safe-mode. Safe Mode provides the following commands:

net management-ip net physical-interface net route net arp system bypass system date system terminal system upgrade ping reboot help exit

Notes: >> During an upgrade from safe-mode, the configuration file and system logs are erased. >> It is recommended to define a management IP and use the LAN connection to upload a new software version to the device. >> The configuration for safe-mode is not saved and needs to be re-defined if safe mode is used again.

160

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Troubleshooting

Exporting a Configuration for Radware Technical Support


If you open a support call with Radwares help desk, you may be asked to export the AppXcel configuration in text format for troubleshooting purposes.

To export the text file 1. At the CLI prompt, use

system config text export


2. Type in the password, radware. You can print the configuration to console and copy it or export a text file by ZMODEM or send it via SSH. You can use this configuration for backup (e.g. before an upgrade) and the exported file can be imported into a device providing it has the same Software version.

To export the RDWR file 1. At the CLI prompt, use

system config export


2. Type in the password, radware. You can only export the file by ZMODEM.

Reinstalling APSolute Vision


You can perform a fresh install of APSolute Vision. For more information, see the see the APSolute Vision 1.07.00 Server-USB Installation Technical Bulletin.

Troubleshooting APSolute Insite


If problems occur during the APSolute Insite installation, perform one of the following procedures.

To install APSolute Insite utilizing an existing MySQL database 1. Shut down the current APSolute Insite instance. 2. From the Start menu select Settings > Control Panel > Administrative Tools > Services. The Services window is displayed. In the Services window select the Radware Data Collection service and click Stop. In the Service window, select the Radware Traps Service and click Stop. 3. Right-click on the task bar and select Task Manager. The Task Manager window is displayed. In the Task Manager window check that the process mysqld-nt.exe is not running. 4. Install the new APSolute Insite version in the same location that your previous APSolute Insite was installed.

Document ID: RDWR_IG_1101

161

Radware Installation and Maintenance Guide Troubleshooting 5. During the installation, you are asked whether to install a new MySQL or use an existing one. Select use an existing one, and the default MySQL location will point to the current installed MySQL (this must not be changed).

To install APSolute Insite utilizing a new MySQL database 1. 2. Shut down the current APSolute Insite instance. From the Start menu select Settings > Control Panel > Administrative Tools > Services. The Services window is displayed. In the Services window select the Radware Data Collection service and click Stop. In the Service window, select the Radware Traps Service and click Stop. Right-click on the task bar and select Task Manager. The Task Manager window is displayed. In the Task Manager window check that the process mysqld-nt.exe is not running. Run uninstall.bat, and select the delete the MySQL option. Install the new APSolute Insite version in the same location that your previous APSolute Insite was installed. During the installation, you are is asked whether to install a new MySQL or to use an existing one, select install a new MySQL database.

3. 4. 5.

Troubleshooting Fan Failure


This section describes fan failure and how to handle it.

User Interface
When the device boots and all fans are working, the following message is displayed:

info: <date> <time> All fans are operational


When fan failure is detected, the following message is displayed:

Warning:<date> <time> INFO Fan failure was detected. <Number> fans are not operational
The device can send the warning in SNMP, Syslog, or mail traps. The following checks are done to detect fan failure: Every 60 seconds, the platform checks for fan failure. If there is a fan failure, a single message is displayed. A trap is sent every 10 minutes thereafter if the problem persists. With the problem is resolved, the platform checks every 60 seconds to ensure there is no further failure. A single message is displayed that confirms all fans are operational.

162

Document ID: RDWR_IG_1101

Appendix A Hardware-Component Replacement


This appendix contains the following sections: Upgrading Memory, page 163 Replacing a Power Supply, page 165 Replacing CompactFlash, page 168 Fan Filter Replacement on NEBS-certified Platforms, page 168

Upgrading Memory
This section explains how to perform memory upgrades and includes the following: Upgrading Memory in Application Switches, page 163 Upgrading Memory in XS, page 165

Note: OnDemand Switch platforms with memory configurations other than the default memory configuration for the product are factory installed. No field memory upgrades are allowed. If you require a larger memory configuration, make sure to order it with your initial product purchase.

Upgrading Memory in Application Switches


The following table lists the relevant memory configurations.

Table 3: Memory Configurations for Application Switches

Platform
Application Switch 1 Application Switch 2 Application Switch 3 Application Switch 4 Application Switch 5

Default Memory Size


256 MB 256 MB 256-MB master, 512-MB accelerator 512-MB master, 1-GB accelerator 1-GB master, 2-GB accelerator

Supported Upgrade Size


512 MB for AS1 rev. 2 only 512 MB 512-MB master, 1-GB accelerator 1-GB master, 2-GB accelerator 2- GB master, 4-GB accelerator

The details of the following procedure relate to Application Switch 1, but the procedure for all Applications Switches is similar.

Document ID: RDWR_IG_1101

163

Radware Installation and Maintenance Guide Hardware-Component Replacement

To upgrade the memory for Application Switch 1 1. 2. Turn off the device and unplug the power cord as well as the LAN cables. Connect the antistatic cable provided by Radware.

Warning: Ensure that the antistatic cable is attached to your wrist and grounded. 3. 4. 5. 6. 7. Remove the device from the rack. Remove all screws from the mounting rail. Remove all screws from the cover of the device. Slide back the device cover. The two memory slots are located on the upper area of the main board, as shown in the following figure.

8. 9.

Loosen the nut that connects the slot to the main board which allows for easier access to the memory module. Remove the old memory module by pushing the latches of the slot outwards until the memory module pops up.

10. Remove the old memory module and insert the new one. 11. Ensure the new memory module is firmly positioned in the slot and then close the latches as shown in the following places.

12. Tighten the nut that connects the slot to the main board.

164

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Hardware-Component Replacement

Upgrading Memory in XS
See Table 14 - XS General Specifications, page 189 for the supported memory configurations.

To upgrade the memory for XS 1 and XS 2 1. Turn off the device and unplug the power cord as well as the LAN cables. 2. Connect the antistatic cable provided by Radware.

Warning: Ensure that the antistatic cable is attached to your wrist and grounded. 3. Remove all eight (8) screws from the device cover. 4. Remove the device cover. 5. Remove the memory module from the slot by pushing the latches on either side of the slot outwards until the memory module pops up. 6. Remove the old memory module and insert the new one. 7. Ensure the new memory module is firmly positioned in the slot and then close the latches. 8. Replace the cover.

Replacing a Power Supply


This section contains the following: Replacing a Power Supply on the Application Switch 4 and 5, page 165 Replacing a Power Supply on OnDemand Switch VL-Series Platforms, page 167 Replacing a Power Supply on OnDemand Switch 1, 2, and 3 Platforms, page 167

Replacing a Power Supply on the Application Switch 4 and 5


Dual power supplies are hot-swappable.

Replacing a DC Power Supply on the Application Switch 4 and 5

To replace a DC power supply on the Application Switch 4 or 5 1. Turn off the device.

Note: If you are replacing a power supply and the device is operating under power from the second power supply, there is no need to turn off the device. 2. Disconnect the power cable from the faulty power supply. 3. Remove the screw that secures the faulty power supply to the chassis. 4. Remove the faulty power supply from the chassis.

Document ID: RDWR_IG_1101

165

Radware Installation and Maintenance Guide Hardware-Component Replacement 5. 6. 7. Insert the new power supply into the chassis. Insert and tighten the screw that secures the new power supply to the chassis. Use M4 Phillips-head stainless-steel screws to connect each cable lug to the proper place on the DC power source or DC mains according to the label attached to each wire.

Figure 59: DC Power Supply on the Application Switch 4 and 5

8. 9.

Tighten the screws using a Phillips-head screwdriver. Hand torque force is sufficient. Attach the power supply blue plug to the Application Switch device.

Replacing an AC Power Supply on the Application Switch 4 or 5

To replace an AC power supply on the Application Switch 4 or 5 1. Turn off the device.

Note: If you are replacing a power supply and the device is operating under power from the second power supply, there is no need to turn off the device. 2. 3. 4. 5. 6. 7. Disconnect the power cable from the faulty power supply. Remove the screw that secures the faulty power supply to the chassis. Remove the faulty power supply from the chassis. Insert the new power supply into the chassis. Insert and tighten the screw that secures the new power supply to the chassis. Connect the power cable to the new power supply.

166

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Hardware-Component Replacement

Replacing a Power Supply on OnDemand Switch VL-Series Platforms


Dual power supplies are hot-swappable.

To replace a power supply on OnDemand Switch VL-series platforms 1. Turn off the OnDemand Switch.

Note: If you are replacing a power supply and the device is operating under power from the second power supply, there is no need to turn off the OnDemand Switch. 2. Disconnect the power cable from the faulty power supply. 3. Remove the faulty power supply from the OnDemand Switch. 4. Fully insert the new power supply into the OnDemand Switch until the click. 5. Connect the power cable to the new power supply.

Replacing a Power Supply on OnDemand Switch 1, 2, and 3 Platforms


Dual power supplies are hot-swappable.

To replace a power supply on OnDemand Switch 1, 2, and 3 platforms 1. Turn off the OnDemand Switch.

Note: If you are replacing a power supply and the device is operating under power from the second power supply, there is no need to turn off the OnDemand Switch. 2. Disconnect the power cable from the faulty power supply. 3. Remove the screw that secures the faulty power supply to the chassis. 4. Remove the faulty power supply from the OnDemand Switch. 5. Insert the new power supply into the OnDemand Switch. 6. Insert and tighten the screw that secures the new power supply to the chassis. 7. Connect the power cable to the new power supply.

Replacing a Power Supply on the APSolute Vision Platform

To replace a power supply on the APSolute Vision platform 1. Turn off the APSolute Vision platform. 2. Disconnect the power cable from the faulty power supply. 3. Remove the faulty power supply from the APSolute Vision platform.

Document ID: RDWR_IG_1101

167

Radware Installation and Maintenance Guide Hardware-Component Replacement 4. 5. Fully insert the new power supply into the APSolute Vision platform until the click. Connect the power cable to the new power supply.

Replacing CompactFlash
The following procedure explains how to replace the CompactFlash (CF) on OnDemand Switch 1-, 2-, and 3-series platforms.

To replace the CompactFlash 1. 2. 3. 4. 5. Turn off the device. Unscrew the CompactFlash cover and remove the old CompactFlash. Install the new CompactFlash. Close the cover and switch on the device. Re-install the OnDemand Switch. For more information, see OnDemand Switch Boot Commands, page 49.

Fan Filter Replacement on NEBS-certified Platforms


It is recommended to replace the fan filter on Radware NEBS-certified platforms once a year.

Note: For the availability status of Radware's OnDemand Switch NEBS-compliant platforms, please contact Radware Operations.

To replace the fan filter 1. 2. 3. Loosen the screws of the fan-filter-sleeve cover (see Figure 20 - OnDemand Switch 2 NEBS Front Panel, page 42). Remove the fan-filter sleeve. Replace the fan filter as shown in the following figures. The filter has a small rubber handle for insertion of the filter into the sleeve and extraction out of the filter out the sleeve. Insert the filter so the handle is here.

4.

Return the fan-filter sleeve as shown in the following figures.

168

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Hardware-Component Replacement

5. Fasten the screws of the fan-filter-sleeve cover.

Document ID: RDWR_IG_1101

169

Radware Installation and Maintenance Guide Hardware-Component Replacement

170

Document ID: RDWR_IG_1101

Appendix B Specifications
This appendix contains specifications for all Radware platforms and devices and includes the following sections: OnDemand Switch Specifications, page 171 APSolute Vision Platform Specifications, page 180 Application Switch Specifications, page 182 XS Specifications, page 189 AppXcel Additional Specifications, page 190 DefensePro Specifications, page 192 Serial Cable Pin Assignment, page 193 Transceiver-Module Specifications, page 193

OnDemand Switch Specifications


This section contains the following: General Specifications of Switches, page 171 DC Power Supply Connectors for OnDemand Switch Platforms, page 179 Power Factors for OnDemand Switch Platforms, page 180 Layer 2 Features for OnDemand Switch Platforms, page 180

General Specifications of Switches


The following table lists general technical specifications for the versions of the OnDemand Switch platform. The values for some items may differ according to the model of the product, or they may not be applicable for the product. The table includes specific values for models with a NEBS-certified chassis only if there is a significant difference between the value for the NEBS-certified chassis and the value for the nonNEBS-certified chassis. For the availability status of Radware's OnDemand Switch NEBS-compliant platforms, please contact Radware Technical Support.

Document ID: RDWR_IG_1101

171

Radware Installation and Maintenance Guide Specifications

Table 4: General Specifications of OnDemand Switch Platforms

Item
Nominal throughput

VL
OnDemand Switch VL: AppDirector 208: Up to 200 Mbit/s AppDirector 508: Up to 500 Mbit/s AppDirector 1008: Up to 1 Gbit/s AppDirector 2008: Up to 2 Gbit/s AppDirector 4008: Up to 4 Gbit/s LinkProof 108: Up to 200 Mbit/s LinkProof 208: Up to 200 Mbit/s LinkProof 1008: Up to 1 Gbit/s LinkProof 2008: Up to 2 Gbit/s LinkProof 4008: Up to 4 Gbit/s

1
OnDemand Switch 1: AppDirector 204: Up to 200 Mbit/s AppDirector 504: Up to 500 Mbit/s AppDirector 1004: Up to 1 Gbit/s AppDirector 2004: Up to 2 Gbit/s AppDirector 4004: Up to 4 Gbit/s SIP Director 100, 300: Up to 1 Gbit/s SIP Director 1000, 3000, 10000: Up to 4 Gbit/s AppDirector 1004 XL: Up to 1 Gbit/s AppDirector 2004 XL: Up to 2 Gbit/s AppDirector 4004 XL: Up to 4 Gbit/s

2
OnDemand Switch 2: AppDirector 1016: Up to 1 Gbit/s AppDirector 2016: Up to 2 Gbit/s AppDirector 4016: Up to 4 Gbit/s LinkProof 1016: 1 Gbit/s LinkProof 2016: 2 Gbit/s LinkProof 4016: 4 Gbit/s DefensePro 1016: Up to 1 Gbit/s DefensePro 2016: Up to 2 Gbit/s DefensePro 3016: Up to 3 Gbit/s DefensePro 1016: Up to 1 Gbit/s DefensePro 2016: Up to 2 Gbit/s DefensePro 3016: Up to 3 Gbit/s AppDirector 1016 XL: Up to 1 Gbit/s AppDirector 2016 XL: Up to 2 Gbit/s AppDirector 4016 XL: Up to 4 Gbit/s

3
OnDemand Switch 3: CID 8016: Up to 8 Gbit/s CID 12016: Up to 12 Gbit/s CID 16016: Up to 16 Gbit/s LinkProof 8016: Up to 8 Gbit/s LinkProof 12016: Up to 12 Gbit/s LinkProof 16016: Up to 16 Gbit/s DefensePro 4412 Behavioral Protections: Up to 4 Gbit/s DefensePro 8412 Behavioral Protections: Up to 8 Gbit/s DefensePro 12412 Behavioral Protections: Up to 12 Gbit/s DefensePro 4412 IPS and Behavioral Protections: Up to 4 Gbit/s DefensePro 8412 IPS and Behavioral Protections: Up to 8 Gbit/s AppDirector 8016: Up to 8 Gbit/s AppDirector 12016: Up to 12 Gbit/s AppDirector 16016: Up to 16 Gbit/s AppDirector 20016: Up to 20 Gbit/s

OnDemand Switch 2 S1:

OnDemand Switch 3 S1:

OnDemand Switch 1 XL:

OnDemand Switch 2 S2:

OnDemand Switch 3 S2:

OnDemand Switch VL EL: LinkProof 58 EL: Up to 100 Mbit/s AppWall: 987 Mbit/s OnDemand Switch VL XL: Note: Inflight and AppDirector 208 XL: Up to VirtualDirector are 200 Mbit/s measured in transactions per AppDirector 508 XL: Up to second, not Gbit/s. 500 Mbit/s AppDirector 1008 XL: Up to 1 Gbit/s AppDirector 2008 XL: Up to 2 Gbit/s AppDirector 4008 XL: Up to 4 Gbit/s

OnDemand Switch 2 XL:

OnDemand Switch 3 v.2:

172

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Specifications

Table 4: General Specifications of OnDemand Switch Platforms

Item
Nominal throughput (continued)

VL

3
OnDemand Switch 3 XL: AppDirector 8016 XL: Up to 8 Gbit/s AppDirector 12016 XL: Up to 12 Gbit/s AppDirector 16016 XL: Up to 16 Gbit/s AppDirector 20016 XL: Up to 20 Gbit/s

Non-blocking switch fabric Layer 2 switching Simultaneous sessions

N/A N/A OnDemand Switch VL: AppDirector devices: Up to 7M For LinkProof models, refer to the LinkProof Tuning Guide

N/A N/A OnDemand Switch 1: Up to 5M

48 Gbit/s Wire-speed OnDemand Switch 2: AppDirector models, up to 3M For LinkProof models, refer to the LinkProof Tuning Guide

400 Gbit/s Wire-speed OnDemand Switch 3: CID: Up to 8M For LinkProof models, refer to the LinkProof Tuning Guide

OnDemand Switch 1 XL: AppDirector XL devices: Up to 5M AppWall: N/A

OnDemand Switch VL EL: Refer to the LinkProof Tuning Guide OnDemand Switch VL XL: Up to 7M

OnDemand Switch 2 S1: Up to 2M OnDemand Switch 2 S2: Up to 2M OnDemand Switch 2 XL: AppDirector models, up to 8M

OnDemand Switch 3 S1: Up to 4M OnDemand Switch 3 S2: Up to 4M OnDemand Switch 3 v.2: AppDirector: Up to 11.5M OnDemand Switch 3 XL: Up to 11.5M

Routing protocols

OSPF, RIP, RIP 2as applicable

Document ID: RDWR_IG_1101

173

Radware Installation and Maintenance Guide Specifications

Table 4: General Specifications of OnDemand Switch Platforms

Item
Processor

VL
OnDemand Switch VL: AppDirector devices: Intel quad-core 2.66 GHz LinkProof devices: Intel dual-core 2.8 GHz

1
OnDemand Switch 1: AMD dualcore 2.2 GHz OnDemand Switch 1 XL: Two (2) AMD dual-core 2.2 GHz

2
OnDemand Switch 2: AMD dualcore 2.6 GHz OnDemand Switch 2 S1: Two (2) AMD dual-core 2.6 GHz OnDemand Switch 2 S2: Two (2) AMD dual-core 2.6 GHz OnDemand Switch 2 XL: Two (2) AMD dual-core 2.6 GHz

3
OnDemand Switch 3: Two (2) AMD dual-core 2.6 GHz OnDemand Switch 3 S1: Two (2) AMD dual-core 2.6 GHz OnDemand Switch 3 S2: Two (2) AMD dual-core 2.6 GHz OnDemand Switch 3 v.2: Two (2) AMD quad-core 2.5 GHz OnDemand Switch 3 XL: Two (2) AMD quad-core 2.5 GHz

OnDemand Switch VL EL: Intel dual-core 2.8 GHz OnDemand Switch VL XL: Hard disk AppDirector devices: Intel quad-core 2.66 GHz Yes

OnDemand Switch VL: Yes OnDemand Switch VL EL: No OnDemand Switch VL XL: Yes

OnDemand Switch 2: Yes OnDemand Switch 2 S1: No OnDemand Switch 2 S2: No OnDemand Switch 2 XL: Yes

OnDemand Switch 3 for CID: Yes OnDemand Switch 3 for LinkProof: Yes OnDemand Switch 3 S1: No OnDemand Switch 3 S2: No OnDemand Switch 3 v.2: Yes OnDemand Switch 3 XL: Yes

RAM

OnDemand Switch VL: AppDirector devices: Up to 8 GB LinkProof: 2 GB

OnDemand Switch 1: AppDirector devices: Up to 4 GB SIP Director devices: 4 GB AppDirector XL devices: Up to 12 GB AppWall: Up to 6 GB Inflight 3.2: 6 GB VirtualDirector: 6 GB

OnDemand Switch 2: AppDirector: Up to 4 GB LinkProof: 2 GB

OnDemand Switch 3: 8 GB OnDemand Switch 3 S1: 8 GB OnDemand Switch 3 S2: 10 GB OnDemand Switch 3 v.2 for AppDirector: Up to 32 GB OnDemand Switch 3 XL: Up to 32 GB

OnDemand Switch 2 S1: 6 GB OnDemand Switch 2 S2: 6 GB OnDemand Switch 2 XL: Up to 12 GB

OnDemand Switch VL EL: 1 GB OnDemand Switch VL XL: Up to 8 GB

OnDemand Switch 1 XL:

CompactFlash Physical ports generali

1 GB Six (6) 8P8C Gigabit Ethernet ports Two (2) Gigabit Ethernet fiber ports (SFP-GBIC mini) Four (4) Gigabit Ethernet ports (copper or fiber) 12 Gigabit Ethernet ports Four (4) Gigabit Ethernet fiber ports (SFP-GBIC mini) Eight (8) Gigabit Ethernet ports Four (4) Gigabit Ethernet fiber ports (SFP-GBIC Mini) Four (4) 10 Gigabit Ethernet fiber ports (XFP-GBIC)

174

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Specifications

Table 4: General Specifications of OnDemand Switch Platforms

Item

VL

1000BASE-SX/LX/ZX All relevant, fiber ports support SX/LX/ZX interfaces depending on the transceiver module. ports 10GBASE-SR/LR ports USB port LCD screen RS-232 console All relevant, fiber ports support SR/LR interfaces depending on the transceiver module. On front panel No Via RJ-45. Radware supplies a RJ-45toDB-9 adapter cable to connect the console port of the platform to a console PC. Width: 424 mm (17 in.) Depth: 457 mm (18 in.) Height: 44 mm (1.7 in.) On front panel DE-9 serial connection Female DCE interface for out-of-band management

Dimensions

1U: Width: 424 mm (17 in.) Depth: 600 mm (24 in.)

EIA rack or stand-alone: 483 mm Height: 44 mm (1.7 in.) (19 in.) 2U: Width: 424 mm (17 in.) Depth: 600 mm (24 in.) Height: 88 mm (3.4 in.) Width: 424 mm (17 in.) Depth: 559 mm (22 in.) Height: 88 mm (3.4 in.)

2U NEBS-certified chassis:

EIA rack or stand-alone: 483 mm (19 in.)

Document ID: RDWR_IG_1101

175

Radware Installation and Maintenance Guide Specifications

Table 4: General Specifications of OnDemand Switch Platforms

Item
Weight

VL
OnDemand Switch VL: Single power supply: 7.6 kg (16.8. lbs) Dual power supply: 8.8 kg (19.5 lbs)

1
OnDemand Switch 1: 1U: 9.6 kg (21.2 lbs) 2U: 13.1 kg (29 lbs) 1U: 10.1 kg (22.1 lbs) 2U: 13.6 kg (30 lbs)

2
OnDemand Switch 2: 1U: 9.7 kg (21.4 lbs) 2U: 13.2 kg (29.1 lbs)

3
OnDemand Switch 3: 15.0 kg (33.0 lbs) OnDemand Switch 3 XL: 15.1 kg (33.3 lbs) OnDemand Switch 3 S1: 15.5 kg (34.2 lbs) OnDemand Switch 3 S2: 15.1 kg (33.3 lbs) OnDemand Switch 3 v.2: 15.0 kg (33.0 lbs)

OnDemand Switch 1 XL:

OnDemand Switch 2 S1: 9.5 kg (20.9 lbs) OnDemand Switch 2 S2: 10.9 kg (24 lbs) OnDemand Switch 2 XL: 1U: 10.2 kg (22.5 lbs) 2U: 13.7 kg (30.2 lbs)

OnDemand Switch VL EL: Single power supply: 7.0 kg (15.4 lbs) OnDemand Switch VL XL: Single power supply: 7.7 kg (17.0 lbs) Dual power supply: 8.9 kg (19.7 lbs)

OnDemand Switch 2 XL NEBScertified chassis (2U, dual DC power supply): 13.2 kg (29 lbs) Operating temperature: 0C to 40C (32F to 104F) Humidity: 5% to 95% non-condensing

Environmental

Operating temperature: 0C to 40C (32F to 104F) Humidity: 10% to 90% noncondensing

Auto-range supply

AC: 100V240V Frequency: 47Hz63Hz

DC: 36V~72V Dual power supply (AC/DC) in 2U form for relevant models

176

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Specifications

Table 4: General Specifications of OnDemand Switch Platforms

Item
Power consumption

VL

2
AppDirector 10164016 single/ dual PSU with 2 GB RAM: 192 W AppDirector 10164016 XL with 6 GB RAM: 316 W DefensePro 10162016 IPS + Behavioral Protection with 6 GB RAM: 302 W DefensePro 10163016 IPS + Behavioral Protection with 8 GB RAM: 317 W

3
CID 8016, 12016, 16016 with 8 GB RAM: 356 W AppDirector 801616016 with 8 GB RAM: 343 W DefensePro 441212412 Behavioral Protection with 8 GB RAM: 412 W DefensePro 44128412 IPS + Behavioral Protection with 10 GB RAM: 427 W

AppDirector 204-4004 with 2 GB AppDirector single PSU with 2 GB RAM: 151 W AppDirector 1004-4004 XL with 6 RAM: 168 W AppDirector single PSU with 4 GB GB RAM: 275 W RAM: 175 W AppDirector dual PSU with 2 GB RAM: 135 W AppDirector dual PSU with 4 GB RAM: 140 W AppDirector XL platform single PSU with 4 GB RAM: 188 W AppDirector XL platform single PSU with 6 GB RAM: 195 W AppDirector XL platform dual PSU with 6 GB RAM: 157 W LinkProof VL platform single PSU with 2 GB RAM: 128 W LinkProof VL EL: 114 W

LinkProof 10164016 single/dual DefensePro 4.24 on OnDemand Switch S1 with 8 GB RAM: 431 W PSU with 2 GB RAM: 192 LinkProof 10164016 single/dual DefensePro 4.24 on OnDemand Switch S2 with 10 GB RAM: PSU with 2 GB RAM: 181 W 446 W AppDirector v.2 with 16 GB RAM: 488 W AppDirector XL with 16 GB RAM: 510 W LinkProof 801616016 dual PSU with 8 GB RAM: 356 W

Document ID: RDWR_IG_1101

177

Radware Installation and Maintenance Guide Specifications

Table 4: General Specifications of OnDemand Switch Platforms

Item
Heat dissipation

VL
OnDemand Switch VL XL: 641 BTU/h

1
AppDirector 204-4004 with 2 GB RAM: 515 BTU/h

3
CID 8016, 12016, 16016 with 8 GB RAM: 1214 BTU/h AppDirector 801616016 with 8 GB RAM: 1170 BTU/h DefensePro 441212412 Behavioral Protection with 8 GB RAM: 1405 BTU/h DefensePro 44128412 IPS + Behavioral Protection with 10 GB RAM: 1456 BTU/h

AppDirector 10164016 single/ dual PSU with 2 GB RAM: 655 AppDirector single PSU with 2 GB AppDirector 1004-4004 XL with 6 BTU/h GB RAM: 938 BTU/h AppDirector 10164016 XL with RAM: 573 BTU/h 6 GB RAM: 1078 BTU/h AppDirector single PSU with 4 GB DefensePro 10162016 IPS + RAM: 597 BTU/h Behavioral Protection with 6 GB AppDirector dual PSU with 2 GB RAM: 1030 BTU/h RAM: 460 BTU/h AppDirector dual PSU with 4 GB RAM: 477 BTU/h AppDirector XL platform single PSU with 4 GB RAM: 641 BTU/h AppDirector XL platform single PSU with 6 GB RAM: 665 BTU/h AppDirector XL platform dual PSU with 6 GB RAM: 535 BTU/h LinkProof VL platform single PSU with 2 GB RAM: 436 BTU/h LinkProof VL EL: 389 BTU/h DefensePro 10163016 IPS + Behavioral Protection with 8 GB RAM: 1081 BTU/h

DefensePro 4.24 on OnDemand LinkProof 10164016 single/dual Switch S1 with 8 GB RAM: 1470 BTU/h PSU with 2 GB RAM: 655 BTU/h LinkProof 10164016 single/dual DefensePro 4.24 on OnDemand Switch S2 with 10 GB RAM: 1521 PSU with 2 GB RAM: 617 BTU/h BTU/h AppDirector v.2 with 16 GB RAM: 1664 BTU/h AppDirector XL with 16 GB RAM: 1739 BTU/h LinkProof 801616016 dual PSU with 8 GB RAM: 1214 BTU/h

CPU temperature

SNMP traps are sent in response to high temperatures: Warning: 74 C Critical: 81 C

SNMP traps are sent in response to high temperatures: Warning: 69 C Critical: 74 C

Certifications

Safety: EN 60950-1:2006, CB - IEC 60950-1, cTUVus, CCC, cULus ii EMC: CE - EN 55022iii , EN 55024iii, EN 61000-3-2iii, EN 61000-3-3iii, IEC 61000 4-2 to 4-6iii, IEC 61000 4-8 and IEC 61000-4-11iii, FCC Part 15B Class Aiii, ICES-003iii, VCCI Class Aiii, C-Tick iii RoHS 6 Compliant

i For more information, see OnDemand Switch Platforms, page 36 and Transceiver-Module Specifications for OnDemand Switch Platforms, page 193. ii For OnDemand Switch 1, 1 XL, 2, 2XL, and 3 models only.

178

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Specifications

iii Pending for OnDemand Switch VL dual power-supply and OnDemand Switch VL XL dual power-supply models.

DC Power Supply Connectors for OnDemand Switch Platforms


Use the 12-gauge insulated copper DC-input cables for the connection to each DC power supply. This section contains the following: DC Power Supply Connector for OnDemand Switch VL, 1- and 2-Series 1U Platforms DC Power Supply Connector for OnDemand Switch 1, 2, and 3 2U Platforms

DC Power Supply Connector for OnDemand Switch VL, 1- and 2-Series 1U Platforms
Figure 60: DC Power Supply Connector OnDemand Switch VL, 1- and 2-Series 1U Platforms
Black wire 0V Blue wire 48V

Label

Label

DC Power Supply Connector for OnDemand Switch 1, 2, and 3 2U Platforms


Figure 61: DC Power Supply Connector OnDemand Switch 1, 2, and 3 2U Platforms
48V Blue wire 4 5 6 1 2 3 0V Black wire

Table 5: DC Power Supply Connector OnDemand Switch 1, 2, and 3 2U Platforms

Pin Number
1 4

Functionality
RTN 48V

Document ID: RDWR_IG_1101

179

Radware Installation and Maintenance Guide Specifications

Power Factors for OnDemand Switch Platforms


The power factor of an AC electric power system is defined as the ratio of the real power to the apparent power, and is a number between 0 and 1. Real power is the capacity of the circuit for performing work in a particular time. Apparent power is the product of the current and voltage of the circuit. The power factor for OnDemand Switch platforms is 0.95.

Layer 2 Features for OnDemand Switch Platforms


Table 6: Layer 2 Features for OnDemand Switch Platforms

Layer 2 Feature
STP 802.1d Link aggregation 802.3ad VLAN tagging 802.1q VLAN switching Radware Segmentation (physical port and VLAN) Port mirroring (Copy port) Regular VLAN (bridging)

OnDemand Switch VL

OnDemand Switch 1

OnDemand Switch 2

OnDemand Switch 3

9 9 9 9 9 9 9 9 9 9 9 9 9 9 9

9 9 9 9 9 9 9

Note: For DefensePro, bypass is supported.

APSolute Vision Platform Specifications


This section contains the following: General Specifications of the APSolute Vision Platform, page 180 DC Power Supply Connectors for APSolute Vision Appliance, page 182 Power Factors for APSolute Vision Appliance, page 182

General Specifications of the APSolute Vision Platform


The following table lists general technical specifications for the APSolute Vision platform.

Table 7: General Specifications of APSolute Vision Appliance

Item
Processor Hard disk RAM CompactFlash

OnDemand Switch VL
Intel quad-core 2.66 GHz Yes 8 GB 1 GB

180

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Specifications

Table 7: General Specifications of APSolute Vision Appliance

Item
Physical portsgenerali USB port LCD screen RS-232 console Dimensions

OnDemand Switch VL
Two (2) 8P8C Gigabit Ethernet ports On front panel No Via RJ-45. Radware supplies a RJ-45toDB-9 adapter cable to connect the console port of the platform to a console PC. Width: 424 mm (17 in.) Depth: 457 mm (18 in.) Height: 44 mm (1.7 in.) EIA rack or stand-alone: 483 mm (19 in.)

Weight Environmental Auto-range supply

7.6 kg (16.8. lbs) Operating temperature: 0C to 40C (32F to 104F) Humidity: 10% to 90% non-condensing AC: 100V240V Frequency: 47Hz63Hz DC: 36V~72V

Power consumption Heat dissipation CPU temperature

168 W 573 BTU/h SNMP traps are sent in response to high temperatures: Warning: 74 C Critical: 81 C

Certifications

Safety: EN 60950-1:2006, CB - IEC 60950-1, cTUVus, CCC, cULus EMC: CE - EN 55022, EN 55024, EN 61000-3-2, EN 61000-3-3, IEC 61000 4-2 to 4-6, IEC 61000 4-8 and IEC 61000-4-11, FCC Part 15B Class A, ICES-003, VCCI Class A, C-Tick RoHS 6 Compliant

i For more information, see Installing the APSolute Vision Server, page 95 and TransceiverModule Specifications for APSolute Vision Appliance, page 194.

Document ID: RDWR_IG_1101

181

Radware Installation and Maintenance Guide Specifications

DC Power Supply Connectors for APSolute Vision Appliance


Use the 12-gauge insulated copper DC-input cables for the connection to each DC power supply.

Figure 62: DC Power Supply Connector for APSolute Vision Appliance


Black wire 0V Blue wire 48V

Label

Label

Power Factors for APSolute Vision Appliance


The power factor of an AC electric power system is defined as the ratio of the real power to the apparent power, and is a number between 0 and 1. Real power is the capacity of the circuit for performing work in a particular time. Apparent power is the product of the current and voltage of the circuit. The power factor for APSolute Vision Appliance is 0.95.

Application Switch Specifications


This section contains the following: General Specifications for Application Switches, page 182 DC Power Supply Connectors for Application Switches, page 185 Power Factors for Application Switches, page 188 Layer 2 and Other Features for Application Switches, page 188

General Specifications for Application Switches


The following table lists general technical specifications for versions of the Application Switch platform. The specifications for some features differ according to the model of the product that you purchase.

182

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Specifications

Table 8: General Specifications for Application Switches

Item
Architecture Backplane Flash RAM Fast Ethernet (10/100BASE-T) Auto-negotiation of speed and duplex mode. IEEE 802.3 compliant.

Application Switch 1
Two-tier 48 Gbit/s 16 MB Internal 256 MB Eight (8) or none

Application Switch 2
Two-tier 816 Gbit/s 8 MB internal + 1 GB CompactFlash 256 MB or 512 MB 16 or none

Application Switch 4
Three-tier 44 Gbit/s 8 MB internal Master: 512 MB Network processor: 1 GB 12 10/100/100 copper ports

Application Switch 5
Three-tier 88 Gbit/s 8 MB internal + 1 GB CompactFlash Master: 1 GB Network processor: 1 GB eight (8) 10/100/1000

Gigabit Ethernet (1000BASE-T/ Two (2) or none (SFP fiberoptic or copper) SX/LX) Auto-negotiation of speed and duplex mode. For copper GBIC, auto-negotiation status depends on the vendor. IEEE 802.3 compliant. Out of Band Management Power Supply 9-pin female RS-232 connector

Five (5) or seven (7) GBIC fiber-optic or copper

Eight (8) SFP fiber-optic or copper 12 10/100/1000 copper ports

nine (9) SFP

DCE setup: 19200 bit/s, 8 bits, one stop bit, no parity Auto-range supply: Power Consumption Heat Dissipation Width AC: 100250V Frequency: 50Hz60Hz DC: 38V~72V Auto-range supply: AC: 100250V Frequency: 50Hz60Hz DC: 38V~72V 35 W 119.5 BTU/h 432 mm (17 in.) EIA rack or standalone: 482.6 mm (19 in.) 44 W 150.3 BTU/h Regular models (1U and 2U): 432 mm (17 in.) EIA rack or standalone: 482.6 mm (19 in.) NEBS model: 455 mm (17.9 in.) Auto-range supply, single or dual: AC: 100250V Frequency: 50Hz60Hz DC: 38V~72V Auto-range supply single or dual: AC: 100250V Frequency: 50Hz60Hz DC: 38V~72V

108 W 368.7 BTU/h 432 mm (17 in.) EIA rack or standalone: 482.6 mm (19 in.)

110. 8 W 378.32 BTU/h 440 mm

Document ID: RDWR_IG_1101

183

Radware Installation and Maintenance Guide Specifications

Table 8: General Specifications for Application Switches

Item
Depth

Application Switch 1
470 mm (18.5 in.)

Application Switch 2

Application Switch 4

Application Switch 5
486 mm

Regular 1U model: 456 mm (18 489 mm (19.25 in.) in.) Regular 2U model: 451 mm (17.8 in.) NEBS model: 444 mm (17.5 in.)

Height

44 mm (1.73 in.)

Regular 1U model: 44 mm (1.73 in.) NEBS model: 45 mm Regular 2U (dual power supply) model: 88 mm

1U model: 44 mm (1.73 in.) 2U (dual power supply) model: 88 mm (3.4 in.)

88 mm

Weight

3.85 kg (8.5 lbs)

Regular 1U model: 5.3 kg (11.7 Single power supply model lbs) without SME card: 6.25 kg (13.8 lbs) Regular 2U (dual power supply): 6.55 kg (14.5 lbs) NEBS model: 5.95 kg (13.1 lbs) Single power supply model with SME card: 6.65 kg (14.7 lbs) Dual power supply model without SME card: 7.05 kg (15.5 lbs) Dual power supply model with SME card: 7.45 kg (16.4 lbs)

2U unit: 6.6 kg (14.6 lbs)

Operating Temperature Non-operating Temperature Humidity (non-condensing) Operating Altitude Safety

0C to 40C N/A 5% to 95% 0 to 2500 m UL 60950-1, EN 60950-1:2006, UL 60950-1, EN 60950-1:2006, TUV 60950-1 (single AC unit TUV 60950-1, CB, IEC 60950-1 TUV 60950-1, CB, IEC 60950-1 only), EN 60950-1:2006, CB, IEC 60950-1 RoHS 6 Compliant RoHS 6 Compliant NEBS (Application Switch 2 with NEBS certification has a different part number) RoHS 6 Compliant TUV 60950-1, EN 609501:2006, CB, IEC 60950-1 RoHS 6 Compliant 20C to +60C 5% to 95% N/A 5% to 95% 0C to 40C 20% to 80%

184

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Specifications

Table 8: General Specifications for Application Switches

Item
Electromagnetic Emission

Application Switch 1
EN 55022 class B, EN 55024, FCC part 15B class B, VCCI Class B (AC unit only), C-Tick (AC unit only)

Application Switch 2
EN 55022, class B, EN 55024, FCC part 15B class B, VCCI Class B (1U AC unit only), CTick (1U AC unit only)

Application Switch 4
EN 55022 class A, EN 55024, FCC part 15B, class A, VCCI Class A, C-Tick, GOST-R (AC unit only)

Application Switch 5
EN 55022, class A, EN 55024, FCC part 15B class A, VCCI Class A, GOST-R (2U units only)

DC Power Supply Connectors for Application Switches


This section contains: DC Power Supply Connectors for Application Switch 2, page 185 DC Power Supply Connector for Application Switch 4 and Application Switch 5, page 187

DC Power Supply Connectors for Application Switch 2


The configuration of the DC power supply connector for the Application Switch 2 platform varies depending on the following released versions: Application Switch 2 1U Rev. 3 Application Switch 2 1U Rev. 4 Application Switch 2 1U NEBS Application Switch 2 2U

DC Power Supply Connector for Application Switch 2 1U Rev. 3 Figure 63: DC Power Supply Connector Application Switch 2 1U Rev. 3

Document ID: RDWR_IG_1101

185

Radware Installation and Maintenance Guide Specifications

Table 9: DC Power Supply Connectors Application Switch 2 1U Rev. 3

Pin Label
+ GND

Functionality
RTN (+) chassis 48V ()

DC Power Supply for Application Switch 2 1U Rev. 4 Figure 64: DC Power Supply Connectors Application Switch 2 1U Rev. 4

Table 10: DC Power Supply Connector Application Switch 2 1U Rev. 4

Pin Label
+ GND

Functionality
RTN (+) chassis 48V ()

DC Power Supply Connector for Application Switch 2 2U NEBS Figure 65: DC Power Supply Connector Application Switch 2 2U NEBS

Table 11: DC Power Supply Connector 2U NEBS

Pin Label
RTN GND 48V

Functionality
RTN (+) NC 48V ()

186

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Specifications

DC Power Supply Connector for Application Switch 2 2U Figure 66: DC Power Supply Connector Application Switch 2 2U

Table 12: DC Power Supply Connector Application Switch 2 2U

Pin Number
1 3 4

Functionality
RTN (+) Chassis 48V ()

Note: The names of the pins (1, 3, and 4) are labeled on the connector.

DC Power Supply Connector for Application Switch 4 and Application Switch 5


In Application Switch 4 and 5 with dual power supply, the pin assign of the DC power connector is: black wire is RTN, yellow wire 48VDC. The following figure shows the cable connector for the DC power supply.

Figure 67: DC Power Supply Connector

Note: In addition, there is a protection circuit in the system. The device is not damaged if the connector is wired incorrectly, but will not start.

Document ID: RDWR_IG_1101

187

Radware Installation and Maintenance Guide Specifications The following figures depict the front and back view of the DC power supply.

Figure 68: DC Power Supply Front Panel

Figure 69: DC Power Supply Back Panel

Power Factors for Application Switches


The power factor of an AC electric power system is defined as the ratio of the real power to the apparent power, and is a number between 0 and 1. Real power is the capacity of the circuit for performing work in a particular time. Apparent power is the product of the current and voltage of the circuit. The power factors for Radware Application Switches 1 through 5 are as follows: Application Switch 1: 0.7 Application Switch 2: 0.9 Application Switch 3 (Argo): 0.95 Application Switch 3 (VoyagerM): 0.98 Application Switch 4: 0.95 Application Switch 5: 0.95

Layer 2 and Other Features for Application Switches


Table 13: Layer 2 Features for Application Switches

Layer 2 Feature
STP 802.1d Link aggregation 802.3ad VLAN tagging 802.1q VLAN switching

Application Switch 1

Application Switch 2

Application Switch 4

Application Switch 5

9 9 9 9 9 9 9 9 9 9

9 9 9 9

188

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Specifications

Table 13: Layer 2 Features for Application Switches

Layer 2 Feature
Radware Segmentation (physical port and VLAN) Port mirroring (Copy port) Regular VLAN (bridging)

Application Switch 1

Application Switch 2

Application Switch 4

Application Switch 5

9 9 9

9 9 9

9 9 9

9 9 9

XS Specifications
The following table lists general technical specifications for versions of the XS platform. The specifications for some items differ according to the model of the product that you purchase.

Table 14: XS General Specifications

Item
SSL transactions per second

XS 1
300 1,000 2,000 1,500 3,000 10,000 256 MB 512 MB

XS 2
4,000 8,000 16,000 20,000 50,000 150,000 512 MB 1 GB 3 GB

XS 3
32,000

Concurrent connections

150,000

Memory

4 GB

Network interfaces

Two (2) 10/100 BASE-TX One of two options: ports Two (2) 10/100/ 1000 BASE-TX ports One (1) 10/100/ 1000 BASE-TX and one (1) 1000BASESX

Two (2) 10/100/1000 BASE-TX ports Four (4) 10/100/1000 BASE-TX traffic ports

Operating environment Dimensions

Temperature: 0C40C Temperature: 0C40C Temperature: 040C Relative humidity: 5% to Relative humidity: 5% to Relative humidity: 5% to 95% (non-condensing) 95% (non-condensing) 95% (non-condensing) Width: 430 mm Height: 44 mm (1U) Depth: 534 mm (maximum) Standard 19-inch EIA rack or stand-alone Width: 430 mm Height: 44 mm (1U) Depth: 534 mm (maximum) Standard 19-inch EIA rack or stand-alone 7.25 kg (16 lbs) 17.3 kg (38.1 lbs) Width: 430 mm Height: 131.7 mm (3U) Standard 19-inch EIA rack or stand-alone

Weight

7.25 kg (16 lbs)

Document ID: RDWR_IG_1101

189

Radware Installation and Maintenance Guide Specifications

Table 14: XS General Specifications

Item
Power

XS 1
Auto-range supply: AC: 100V240V; Frequency: 50Hz 60Hz DC: 38V~72V Power consumption: 122 W Heat dissipation: 417 BTU/h

XS 2
Auto-range supply: AC: 100V240V; Frequency: 50Hz 60Hz DC: 38V~72V Power consumption: 148 W Heat dissipation: 505 BTU/h

XS 3
Auto-range supply: AC: 100V240V; Frequency: 50Hz 60Hz Power consumption: 330 W Heat dissipation: 1127 BTU/h

Safety

TUV 60950-1, EN 60950- TUV 60950-1, EN 60950- TUV 60950-1, EN 609501:2006, CB, IEC 60950-1 1:2006, CB, IEC 60950-1 1:2006, CB, IEC 60950-1 RoHS RoHS RoHS FCC part 15B class B, CE, FCC part 15B class B, CE, FCC part 15B class B, CE, VCCI Class B, C-Tick (AC VCCI Class B, C-Tick (1U VCCI Class B unit only) AC unit only)

Electromagnetic Emission

AppXcel Additional Specifications


AppXcel runs on XS platforms. For general technical specifications of the XS platforms, see XS Specifications, page 189. This section contains the following addition information: Technical Specifications per AppXcel Type, page 190 SSL Specifications for AppXcel, page 191 Cipher Suite Lists, page 191

Technical Specifications per AppXcel Type


Table 15: AppXcel Specifications per License Type

Licence
AppXcel 32000 AppXcel 16000 AppXcel 8000 AppXcel 4000 AppXcel 2000 AppXcel 1000 AppXcel 300

Platform
XS 3 XS 2 XS 2 XS 2 XS 1 XS 1 XS 1

RAM
4 GB 3 GB 1 GB 512 MB 512 MB 256 MB 256 MB

SSL Transactions per Second


32,000 16,000 8,000 4,000 2,000 1,000 300

Concurrent Connections
150,000 150,000 50,000 20,000 10,000 3,000 1,500

190

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Specifications

SSL Specifications for AppXcel


Table 16: AppXcel SSL Specifications

Unit
Maximum number of tunnels Maximum number of certificates Maximum number of keys Key sizes (bits) Supported key exchange methods Supported protocols

Value
1000 1000 1000 512, 1024, 2048 PEM, PKCS-12 SSLv2, SSLv3, TLS

Cipher Suite Lists


Table 17: Cipher Suite Lists

Cipher List
RSA ALL ALL (not including Null ciphers) SSLv3 TLSv1 Export Low

Cipher List Explanation


Cipher suite using RSA key exchange All cipher suites All cipher suites except the NULL ciphers and anonymous Diffie-Hellman ciphers SSL v3.0 cipher suites TLS v1.0 cipher suites

Open SSL Translation


RSA ALL:eNULL ALL:!ADH SSLv3 TLSv1

Export encryption algorithms. Including 40 EXP and 56-bit algorithms Low encryption cipher suites, currently using 64- or 56-bit encryption algorithms but excluding export cipher suites Low

Medium High

Medium encryption cipher suites, currently Medium using 128-bit encryption High encryption cipher suites. Currently High this means that key lengths are larger than 128 bits Cipher suites using RSA key exchange, 128-bit RC4 for encryption and MD5 for MAC RC4-MD5

RSA with RC4 128 and MD5

RSA with RC4 128 and SHA1 Cipher suite using RSA key exchange, 128- RC4-SHA bit RC4 for encryption and SHA1 for MAC RSA with DES and SHA1 RSA with 3DES and SHA1 Cipher suite using RSA key exchange, 128- DES-CBC-SHA bit RC4 for encryption and SHA1 for MAC Cipher suite using RSA key exchange, 3DES for encryption and SHA1 for MAC DES-CBC3-SHA

RSA with AES 128 and SHA1 Cipher suite using RSA key exchange, 128- AES128-SHA bit AES for encryption and SHA1 for MAC

Document ID: RDWR_IG_1101

191

Radware Installation and Maintenance Guide Specifications

Table 17: Cipher Suite Lists

Cipher List

Cipher List Explanation

Open SSL Translation


AES256-SHA

RSA with AES 256 and SHA1 Ciphers suite using RSA key exchange, 256-bit AES for encryption and SHA1 for MAC MSIE Export 56 Cipher suite list that excludes all bit export encryption algorithms, which have a broken SSLv3 implementation in certain 56-bit export versions of MSIE 5.x browsers

ALL:!ADH:!EXPORT56:R C4+RCA:+HIGH:+MEDI UM:+LOW:+SSLv2:+EX P:+eNULL

DefensePro Specifications
The following table describes the additional standards that DefensePro supports. For additional information, see the DefensePro User Guide.

Table 18: Supported Standards for DefensePro

Topic
IP routing

Standard
RIPv1, RIPv2RFC1058, 2453 OSPFv2RFC 2328 IPv4RFC 1812, 2644

SNMP

SNMPv1RFC 1155, 1157, 1212, 1215 SNMPv2RFC 1901, 2578-2580, 3416-3418 SNMPv3RFC 3414, 3415

Interface level

Full duplex mode, IEEE 802.3 VLAN tagging IEEE 802.1Q Ethernet Prioritization and CoS IEEE 802.1Q, 802.1p

192

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Specifications

Serial Cable Pin Assignment


The following table lists the pinout for the serial console port on Radware devices.

Table 19: Serial Port-Radware Device Pinout

Standard PC DE-9i Serial DE-9F to DE-9M Straight Port (DTE) Cable


DE-9M Pin Signal 1 2 3 4 5 6 7 8 9 DCD RxD TxD DTR GND DSR RTS CTS RI DE-9F Pin 1 2 3 4 5 6 7 8 9 DE-9M Pin 1 2 3 4 5 6 7 8 9

Radware Device ASCII Port (DCE)


DE-9F Pin Signal 2 3 5 RxD TxD GND -

OnDemand Switch VL CONSOLE Port


8P8Cii Pin Signal 1 2 3 4 5 6 7 8 RTS/CTS DTR TxD GND DCD RxD DSR CTS -

i Commonly referred to as DB-9. ii Commonly referred to as RJ-45. On the OnDemand Switch VL platforms, the console port uses an 8P8C connector. Radware supplies a RJ-45-to-DE-9 adapter cable to connect the console port of the platform to a console PC.

Transceiver-Module Specifications
This section contains the following: Transceiver-Module Specifications for OnDemand Switch Platforms, page 193 Transceiver-Module Specifications for APSolute Vision Appliance, page 194 Transceiver-Module Specifications for Application Switches, page 194

Transceiver-Module Specifications for OnDemand Switch Platforms


The following table lists the transceiver-module specifications for OnDemand Switch platforms.

Table 20: Transceiver-Module Specifications for OnDemand Switch platforms

Switch/Component

Description

Manufacturer
Optech

Part Number
OP6C-MX5-85-C4

SFP module for OnDemand Switch SFP transceiver VL, VL XL, 1, 1 XL, 2, 2 XL, 3 Multimode - 3.3V Fiber - SX - Multimode 850nm - 1.25Gbps - RoHS 6

SFP module for OnDemand Switch SFP transceiver Sanoc VL, VL XL, 1, 1 XL, 2, 2 XL, 3 Singlemode - 3.3V - Optech Fiber - LX - Singlemode 1310nm - 1.25Gpbs - RoHS 6

SI1312-10ATO OP6C-S10-13-C4

Document ID: RDWR_IG_1101

193

Radware Installation and Maintenance Guide Specifications

Table 20: Transceiver-Module Specifications for OnDemand Switch platforms

Switch/Component

Description

Manufacturer

Part Number
SI1512-80ATO OP6C-S70-15-C4 SI0012-X1ATO[N]ii OP6C-TX1-00-C2ii TRF2000EN-LF000-W TRF2001EN-GA000-W OP7K-MX3-85-C FTRX-1411D3 TRF5013FN-GA000

SFP module for OnDemand Switch SFP transceiver Sanoc VL, VL XL, 1, 1 XL, 2, 2 XL, 3 Singlemode - 3.3V - Optech Fiber - ZX - Singlemode 1550nm - RoHS 6 SFP module for OnDemand Switch SFP Copper - 10/ VL, VL XL, 1, 1 XL, 2, 2 XL, 3 100/1000Mbit/s Copperi 3.3V - RoHS 6 10GbE GBIC with license for OnDemand Switch 3, 3 XL - SR Multimode 10GbE GBIC with license for OnDemand Switch 3, 3 XL - LR Singlemode Sanoc Optech

XFP transceiver Hitachi-Opnext Multimode - 10GbE Hitachi-Opnext - 850nm - RoHS 6 Optech XFP transceiver Singlemode 10GbE - 1310nm RoHS 6 Finisar Hitachi-Opnext Finisar

i Radware platforms support only /1000 Mbit/s. ii Limitation: The device displays the port on an autonegotiation-off link UP even if the cable is not connected to the GBIC.

Transceiver-Module Specifications for APSolute Vision Appliance


The following table lists the transceiver-module specifications for OnDemand Switch platforms and the and APSolute Vision Appliance.

Table 21: Transceiver-Module Specifications for OnDemand Switch platforms

Switch/Component
SFP module - Fiber - SX Multimode

Description
SFP transceiver Multimode - 3.3V 850nm - 1.25Gbps - RoHS 6

Manufacturer
Optech

Part Number
OP6C-MX5-85-C4

SFP module - Fiber - LX Singlemode

SFP transceiver Sanoc Singlemode - 3.3V - Optech 1310nm - 1.25Gpbs - RoHS 6 SFP transceiver Sanoc Singlemode - 3.3V - Optech 1550nm - RoHS 6

SI1312-10ATO OP6C-S10-13-C4

SFP module - Fiber - ZX Singlemode

SI1512-80ATO OP6C-S70-15-C4

Transceiver-Module Specifications for Application Switches


The following table lists the transceiver-module specifications for Application Switch platforms.

194

Document ID: RDWR_IG_1101

Radware Installation and Maintenance Guide Specifications

Table 22: Transceiver-Module Specifications for Application Switches

Switch/Component

Description

Manufacturer
Optech

Part Number
OP6C-MX5-85-C4

SFP module for Application SFP transceiver Switches 1, 3, 4, 5 - Fiber - SX Multimode - 3.3V - Multimode 850nm - 1.25Gbps RoHS 6 SFP module for Application Switches 3, 4, 5 - Fiber - LX Singlemode SFP module for Application Switch 1 ver 2, Application Switches 3, 4, 5 - Fiber - ZX Singlemode SFP module for Application Switches 1, 3, 4, 5 - Copperi GBIC module for Application Switches 2 rev 3 & 4 - Fiber SX - Multimode GBIC module for Application Switches 2 rev 3 & 4 - Fiber LX - Singlemode SFP transceiver Singlemode - 3.3V 1310nm - 1.25Gpbs RoHS 6 SFP transceiver Singlemode - 3.3V 1550nm - RoHS 6

Sanoc Optech

SI1312-10ATO OP6C-S10-13-C4

Sanoc Optech

SI1512-80ATO OP6C-S70-15-C4

SFP Copper - 10/100/ Sanoc 1000 Mbps - 3.3V - RoHS Optech 6 Multimode - 3.3V/5V 1.25Gbps - 850nm RoHS 6 Singlemode - 3.3V/5V 1.25Gbps - 1310nm RoHS 6 HG_Genuine Sanoc Sanoc HG_Genuine Sanoc

SI0012-X1ATO[N]ii OP6C-TX1-00-C2 MGB-248S-G SP8512-X5CTO SP1312-10CTO MGB-243S-G SP0012-X1CTOii

GBIC module for Application Copper - 3.3V-5V Switches 2 rev 3 & 4 - Copper 1.25Gbps - RoHS 6 3.3V-5V GBIC module - 1000BaseTX for Copper - 3.3V/5V with Application Switch 2 - Copper Auto Negotiation 1.25Gbps - RoHS 6 10GbE GBIC with license for Application Switch 3 - SR Multimode

Optech

OP5C-TX1-00-C2ii

Activation Key for 10GbE Hitachi-Opnext + GBIC Connector for 10GbE port for Application Switch 3 Ethernet XENPAK transceiver - Multimode 10GbE - 850nm - RoHS 6 Activation Key for 10GbE Hitachi-Opnext + GBIC Connector for 10GbE port for Application Switch 3 Ethernet XENPAK transceiver - Singlemode - 10GbE - 1310nm - RoHS 6 - Not available for DefensePro

TRE2000EN-SW-x

10GbE GBIC with license for Application Switch 3 - LR Singlemode

TRE5023EN-SW-X

Document ID: RDWR_IG_1101

195

Radware Installation and Maintenance Guide Specifications

Table 22: Transceiver-Module Specifications for Application Switches

Switch/Component
10GbE GBIC with license for Application Switch 5 - SR Multimode

Description

Manufacturer

Part Number
TRF2000EN-LF000-W TRF2001EN-GA000-W OP7K-MX3-85-C FTLX1411D3 TRF5013FN-GA000

XFP transceiver Hitachi-Opnext Multimode - 10GbE Hitachi-Opnext 850nm - For Application Switch 5 only, a license is Optech also provided - RoHS 6 XFP transceiver Finisar Singlemode - 10GbE Hitachi-Opnext 1310nm - For Application Switch 5 only, a license is Finisar also provided - RoHS 6

10GbE GBIC with license for Application Switch 5 - LR Singlemode

i Radware platforms support only /1000 Mbit/s. ii Limitation: The device displays the port on an autonegotiation-off link UP even if the cable is not connected to the GBIC.

196

Document ID: RDWR_IG_1101