Installation and Initial Setup
This section shows where the appliance fits into your network environment, provides installation and cabling instructions, and explains how to use the Web-based Setup Wizard (or alternatively use the command-line Setup Tool) to perform basic network configuration.
• Preparing for the Installation
• Installation and Deployment Process
All Dell E-Class SRA appliances can be set up in either a dual interface or single interface configuration, both of which are discussed in this section.
• The EX9000, EX7000, and EX6000 appliances include three physical network interfaces and can be set up in a cluster for high availability (see Installing and Configuring a Cluster for more information), or one that uses an external load balancer (see Configuring a High-Capacity Cluster).
Dual-homed configuration (internal and external interfaces)
One network interface is used for external traffic (that is, to and from the Internet), and the other interface is used for internal traffic (to and from your corporate network).
Single-homed interface configuration (internal interface)
A single network interface is used for both internal and external traffic. In this configuration, the appliance is usually installed in the demilitarized zone (or DMZ, also known as a perimeter network).
In both configurations, incoming requests to the Secure Mobile Access services—including HTTP/S traffic for the Web proxy service—are sent over port 80 (HTTP) and port 443 (HTTPS). Traffic from the OnDemand agent is always sent over port 443. Because most networks are configured to enable traffic over these ports, you shouldn’t need to reconfigure firewalls on your network.
You should install the appliance in a location where it can connect to resources on your network, including:
• Application servers and file servers, including Web servers, client/server applications, and Windows file servers.
• External authentication repositories (such as an LDAP, Microsoft Active Directory, or RADIUS server).
• One or more Domain Name System (DNS) servers.
• Optionally, a Windows Internet Name Service (WINS) server. This is required for browsing Windows networks using WorkPlace.
CAUTION The E-Class SRA appliance does not provide full firewall capabilities and should be secured behind a firewall. Running without a firewall makes the appliance vulnerable to attacks that can compromise security and degrade performance.
Although not required, enabling the appliance to communicate with these additional resources provides greater functionality and ease of use:
• Network Time Protocol (NTP) server for synchronizing the time on the appliance.
• External server for storing syslog output.
• Administrator’s workstation for secure shell (SSH) access.
You can configure the appliance to use a self-signed server certificate, or, for enhanced security, you can obtain a certificate from a commercial certificate authority (CA). For more information, see Obtaining a Certificate from a Commercial CA.
Preparing for the Installation
Before beginning the installation, you need to gather information about your networking environment and verify that your firewalls are properly configured to permit traffic to and from the appliance.
• Verifying Your Firewall Policies
Before configuring the appliance, you need to gather the following information. You are prompted for some of this information when running Setup Wizard (see Web-Based Configuration Using Setup Wizard) or Setup Tool (see Configuring a New Appliance Using Setup Tool), but most of it will be used when you configure the appliance in AMC (see Network and Authentication Configuration).
If you are installing a cluster, you need some additional information. See Installing and Configuring a Cluster and Configuring a High-Capacity Cluster.
Settings required to start Appliance Management Console
• The root password for administering the appliance
• The name for the appliance (because this name is used only in log files, you don’t need to add it to DNS)
• The internal IP address and, optionally, an external IP address
• Select a routing mode and supply IP addresses for the network gateways to the Internet, and your corporate network.
Certificate information
Several pieces of information are used to generate the server and AMC certificates:
• A fully qualified domain name (FQDN) for the appliance and for any WorkPlace sites that use a unique name. These names should be added to your public DNS; they are also visible to users when they connect to Web-based resources.
• A FQDN for the Appliance Management Console (AMC) server. The AMC server name is used to access AMC, which is a Web-based tool for administering the appliance.
Name lookup information
• Internal DNS domain name of the network to which the appliance is connected
• Primary internal DNS server address (additional DNS servers are optional)
• IP address for an internal WINS server and the name of your Windows domain (required to browse files on a Windows network using WorkPlace, but are otherwise optional)
Authentication information
• Server name and login information for your authentication servers (LDAP, Active Directory, or RADIUS)
Virtual Address pool information
• If you are planning to deploy either network tunnel client (Connect Tunnel or OnDemand Tunnel), you must allocate IP addresses for one or more address pools. For more information, see Configuring IP Address Pools.
Optional configuration information
• To enable SSH access from a remote machine, you need to know the remote host’s IP address.
• To synchronize with an NTP server, you need to know the IP addresses for one or more NTP servers.
• To send data to a syslog server, you need to know the IP address and port number for one or more syslog servers.
Verifying Your Firewall Policies
For the appliance to function correctly, you must open ports on your external (Internet-facing) and internal firewalls.
External Firewall
For secure access to the appliance from a Web browser or OnDemand, you must make sure that ports 80 and 443 are open on firewalls at your site. Opening your firewall to permit SSH access is optional, but can be useful for performing administrative tasks from a remote system.
|
Internal Firewall
If you have a firewall on the internal network, you may need to adjust its policy to open ports for back-end applications with which the appliance must communicate. In addition to opening ports for standard network services such as DNS and email, you may need to modify your firewall policy before the appliance can access the following services.
|
To manage the appliance from a remote system running Microsoft Windows, you may find the following management tools useful. Both of these tools use encryption to protect information from eavesdropping, unlike standard FTP or Telnet utilities:
• A Secure Shell (SSH) client enables you to securely log in to the appliance and configure it from the command line. This is useful for backing up the system, viewing log files, and configuring advanced network settings. A popular SSH client for Windows is VanDyke Software’s SecureCRT. A trial download is available at http://www.vandyke.com/products/securecrt/. Another popular client is PuTTY, a free implementation of Telnet and SSH for Windows platforms. PuTTY is recommended by Cisco.
• To connect to the appliance using SSH, you type root as the username and type the password you created using Setup Wizard.
• A Secure Copy (SCP) client makes it easy to securely transfer files from a PC running Windows to the appliance. This is useful for copying certificates and other data to the appliance. A popular Windows client is WinSCP, available at http://winscp.sourceforge.net/eng/.
Most of the configuration management tasks that you need to perform—backing up and restoring your appliance configuration, applying upgrades, and so on—can be done on the Maintenance page in AMC, as described in Managing Configuration Data. If you prefer to handle these tasks on the command line, see Saving and Restoring Configuration Data.
Installation and Deployment Process
This section outlines the process of installing, configuring, and testing the appliance, and then deploying it in a production environment. Here’s an overview of the steps:
|
The E-Class SRA appliance uses a few different types of licenses. All license files must be retrieved from www.MySonicwall.com and imported to the appliance, as described in Software Licenses:
• Administration test license: To begin setting up your E-Class SRA appliance, log in to MySonicwall to retrieve your initial user license, which is valid for one user (the administrator plus one end user) for an unlimited number of days. To become familiar with the AMC and test it in your environment with additional users, either retrieve an appliance license, or request a lab license to add a few more users.
• Appliance licenses: The number of concurrent users supported with the appliance license varies, depending on the appliance model you have:
• EX9000: up to 20,000 users
• EX7000: up to 5,000 users
• EX6000: up to 250 users
• Component licenses: If the license for an appliance component (such as OnDemand) has expired, users attempting to use that component see an error message in Secure Mobile Access WorkPlace. In the case of a Spike License, the date on which it was activated and how many days still remain is displayed in AMC.
If a license is about to expire, the AMC displays a license warning message in the status area that links to the Licensing page.
• Both Setup Wizard and AMC are Web-based applications for configuring the appliance. PCs running these applications must have JavaScript enabled. JavaScript must also be enabled on the browsers used for accessing WorkPlace.
• If you are installing a cluster, see Installing and Configuring a Cluster and Overview of Clustering.
Related Topics
• Specifications and Rack Installation
• Front Panel Controls and Indicators
• Powering Up and Configuring Basic Network Settings
• Web-Based Configuration Using Setup Wizard
• Configuring the Appliance Using the Management Console
• Moving the Appliance into Production
• Powering Down and Restarting the Appliance
Specifications and Rack Installation
After you’ve unpacked the box, you’re ready to install the appliance on your network and prepare for the configuration process. The appliances are designed to fit on a standard, 19-inch telecom rack. Before connecting the appliance, make sure that you have sufficient space and adequate power. The specifications for each appliance model are listed below.
E-Class SRA EX-9000 Hardware
The E-Class SRA EX9000 includes the following:
• Rails (in kit, not attached)
• Standard IEC 60320 C13 to NEMA 15 USA only power cords
• Crossover cable (a network cable that crosses the transmit and receive lines)
• 1 GB Ethernet ports
• 10 GB Ethernet ports
• 2 USB ports
• 1 DIAG port
• 2 80 GB SATA hard drive
• Serial connection to appliance (115,200 baud)
E-Class SRA EX-Series Hardware
The E-Class SRA EX7000 and EX6000 include the following:
• Rails (in kit, not attached)
• Standard IEC 60320 C13 to NEMA 15 USA only power cords
• Crossover cable (a network cable that crosses the transmit and receive lines)
• 1 GB Ethernet ports
• 2 USB ports
• 80 GB SATA hard drive
• Serial connection to appliance (115,200 baud)
The models differ from each other most in terms of processor power, RAM, network ports, and power supply:
|
Related Topics
• Best Practices for Rack Installation of the Appliance
Best Practices for Rack Installation of the Appliance
To mount the appliance in an equipment rack, you must install the rack hardware. The product packaging for all models of the appliance contains a slide rail kit for mounting the appliance in a four-post cabinet.
• Avoid elevated operating ambient temperature: If installed in a closed or multi-unit rack assembly, the operating ambient temperature of the rack environment may be greater than room ambient. Therefore, consideration should be given to installing the equipment in an environment compatible with the maximum ambient temperature (Tma) specified by the manufacturer.
• Avoid reduced air flow: Installation of the equipment in a rack should be such that the amount of air flow required for safe operation of the equipment is not compromised.
• Provide even mechanical loading: Mounting of the equipment in the rack should be such that a hazardous condition is not achieved due to uneven mechanical loading.
• Avoid circuit overloading: Consideration should be given to the connection of the equipment to the supply circuit and the effect that overloading of the circuits might have on overcurrent protection and supply wiring. Appropriate consideration of equipment nameplate ratings should be used when addressing this concern.
• Maintain reliable earthing: Reliable earthing of rack-mounted equipment should be maintained. Particular attention should be given to supply connections other than direct connections to the branch circuit (for example, use of power strips).
Front Panel Controls and Indicators
Before powering up the appliance, you should familiarize yourself with the front panel controls.
• EX9000 Appliance Front Panel Controls
• EX7000 Appliance Front Panel Controls
• EX6000 Appliance Front Panel Controls
• LCD Controls for the EX9000, EX7000, and EX6000
EX9000 Appliance Front Panel Controls
This section describes the front panel controls for the EX9000 appliance. The power switch is located on the rear panel.
The following table describes the controls and indicators on the front panel.
|
• EX7000 Appliance Front Panel Controls
• EX6000 Appliance Front Panel Controls
• LCD Controls for the EX9000, EX7000, and EX6000
EX7000 Appliance Front Panel Controls
This section describes the front panel controls for the EX7000 appliance. The power switch is located on the rear panel.
The following table describes the controls and indicators on the front panel.
|
EX6000 Appliance Front Panel Controls
This section describes the front panel controls for the EX6000 appliance. The power switch is located on the rear panel.
The following table describes the controls and indicators on the front panel.
|
LCD Controls for the EX9000, EX7000, and EX6000
The four-button keypad to the right of the LCD display on the E-Class SRA EX-Series appliances can be used to display status and configuration information about the appliance, and to shut down or reboot the appliance.
CAUTION EX9000,EX7000, and EX6000 appliances: Remove any USB devices from the appliance before you reboot it. If a USB device is plugged in to your appliance when it is rebooted, the appliance tries to use it as a boot device. As a result, the boot information stored in the BIOS on the appliance is overwritten, and the device becomes unusable.
The following table describes the keypad functions:
|
Follow the appropriate instructions for your appliance model to connect the appliance to your network.
• Connecting the EX9000 Appliance
• Connecting the EX7000 Appliance
• Connecting the EX6000 Appliance
• Powering Up and Configuring Basic Network Settings
Connecting the EX9000 Appliance
For a diagram of the appliance, see EX9000 Appliance Front Panel Controls.
To connect the EX9000 appliance
1. Connect a network cable from your internal network to the internal interface on the appliance (X0).
2. Optionally, connect a cable from your external network to the external interface on the appliance (X1).
3. If you are setting up a cluster, connect one end of the supplied network crossover cable to the cluster interface adapter (X2). Connect the other end to the X2 port on the other appliance in the cluster.
4. Connect a standard AC power cord to the power supply.
Connecting the EX7000 Appliance
For a diagram of the appliance, see EX7000 Appliance Front Panel Controls.
To connect the EX7000 appliance
1. Connect a network cable from your internal network to the internal interface on the appliance (X0).
2. Optionally, connect a cable from your external network to the external interface on the appliance (X1).
3. If you are setting up a cluster, connect one end of the supplied network crossover cable to the cluster interface adapter (X2). Connect the other end to the X2 port on the other appliance in the cluster.
4. Connect a standard AC power cord to the power supply.
Connecting the EX6000 Appliance
For a diagram of the appliance, see EX6000 Appliance Front Panel Controls.
To connect the EX6000 appliance
1. Connect a network cable from your internal network to the internal interface on the appliance (X0).
2. Optionally, connect a cable from your external network to the external interface on the appliance (X1).
3. If you are setting up a cluster, connect one end of the supplied network crossover cable to the cluster interface adapter (X2). Connect the other end to the X2 port on the other appliance in the cluster.
4. Connect a standard AC power cord to the power supply.
Powering Up and Configuring Basic Network Settings
After you’ve connected the appliance, you’re ready to power up for the first time and begin the configuration process. You’ll use a Web-based Setup Wizard to configure the settings needed to get the appliance up and running quickly, but to start the wizard you must first enter information that will enable a Web browser to connect to your appliance.
Once your appliance is configured you can control its configuration and operation from AMC, the Appliance Management Console. On the LCD screen of the appliance you can also see basic information about the appliance (its name and internal address, for example) or restart it, which is useful if your appliance is not in the same area as the browser you use to run AMC.
Note You cannot run Setup Wizard on an appliance that has already been configured unless you first restore the appliance’s factory default configuration settings. This applies whether you initially configured the appliance using Setup Wizard, or by running setup_tool from the command line. See Re-Running Setup Wizard.
Related Topics
• Configuring Basic Network Settings
Configuring Basic Network Settings
To start Setup Wizard you must first enter information that will enable a Web browser to connect to your appliance. The recommended procedure for initial setup is to use the LCD controls (to the right of the LCD screen on the front of your appliance) to enter minimal settings and then run Setup Wizard. Alternatively, you have the option of using Setup Tool on the command-line. Both procedures are outlined below.
Once your basic settings are entered you’ll be able to run the Web-based Setup Wizard, as described in Web-Based Configuration Using Setup Wizard.
Configuring an EX9000, EX7000, and EX6000 Appliance
To the right of the LCD screen on the front of your appliance are four buttons you'll use to enter your settings.
Configuring basic network settings using the LCD controls
1. Press the Up and Down controls to read the welcome screen, and press Right to continue past it.
2. Set the IP address for your internal interface: To change the IP address that appears, use the Left and Right buttons to position your cursor over the number you want to change, and then use Up and Down to change the number. Press Right to continue to the next screen.
3. Enter your subnet mask: Again, use the four buttons to change the IP address displayed on the LCD screen. Press Right to continue to the next screen.
4. Cluster configuration: Specify whether the appliance you are configuring will be part of a cluster (a high-availability pair of appliances), and which node it is (the master is “1” and the slave node is “2”). Press Right to continue to the next screen.
5. Confirm your settings: Review your settings and confirm them. In a few moments your settings are saved and you’ll see instructions on browsing to a URL on your desktop computer. This is the URL for continuing your appliance configuration with Setup Wizard. For instance, the LCD display might read as follows:
Please browse to: https://172.31.0.140:8443
For a description of configuring your appliance using Setup Wizard, see Web-Based Configuration Using Setup Wizard.
Configuring an Appliance Using Setup Tool on the Command Line
To set the minimum configuration items necessary for running Setup Wizard, you must use Setup Tool. Below is an overview of your steps; see Configuring a New Appliance Using Setup Tool for detailed instructions.
Overview of configuring basic network settings using Setup Tool
1. Use a terminal emulation program to establish a serial connection with the appliance from a laptop computer or terminal.
2. Turn the appliance on. The first time you start the system from a serial connection, Setup Tool automatically runs. When prompted to log in, type root for the username.
3. To configure the appliance, you are prompted to provide the following information:
– IP address and subnet mask for the internal interface
– Default gateway used to access the internal interface (optional)
– In the case of a cluster, identify whether the appliance is the master node (1) or slave node (2); a clustered deployment is possible on all appliances
For a description of configuring your appliance using Setup Wizard, see Web-Based Configuration Using Setup Wizard.
Related Topics
• Web-Based Configuration Using Setup Wizard
• Configuring a New Appliance Using Setup Tool
Web-Based Configuration Using Setup Wizard
Setup Wizard guides you through a series of required and optional steps for configuring the appliance. The AMC home page includes a Setup Checklist that indicates which items you have completed.
Running Setup Wizard requires the same system configuration as AMC (see System Requirements for details); in addition, JavaScript must be enabled in the browser.
1. License agreement: Read the terms of the End User License Agreement.
2. Basic Settings:
– Specify the password you'll use to access the AMC. Your password must be at least eight characters long, but no longer than 20 characters.
– (Optional) Select a time zone, and then click Change to set the current time. You can synchronize the time with an NTP server later in the AM. For more information, see Configuring Time Settings. It’s important to ensure that the appliance’s date and time settings are correct for your time zone before you import your license file.
3. Network Settings:
– Enter a name for the appliance (the default is AventailSSLVPN). Because this name will be used only in log files, you don’t need to add it to DNS.
– The IP address and subnet mask for the internal interface (connected to your private network) is shown here. For a dual-homed configuration, enter the IP address and subnet mask for the external interface.
4. Routing: To leverage an existing router, select the dual gateway option to reach your resources. To restrict incoming appliance traffic to just a few routes or subnets, select a single gateway option and enter the routes or subnets as static routes later in the AMC.
If the appliance is on a different network than the computer you will use to access AMC, you must set up routing to maintain access to AMC.
5. Name Resolution: The appliance must be able to perform name resolution to reach resources on your internal network. Enter a default domain, which is the domain in which the appliance is located (such as yourcompany.com).
6. User access: You can give users full network access by provisioning the OnDemand Tunnel access agent. If you do, you’ll also need to specify the Source NAT address that will appear to back-end servers as the source of client traffic. This must be an IP address that is on the same subnet as the internal interface, and is not in use elsewhere.
Decide on an initial access policy for users (you can refine it later in AMC). This can be completely permissive (granting access to the entire network protected by the SSL VPN), very strict (deny all access), or in-between (give users access to all resources as you define them in AMC).
At the end of the Setup Wizard process you’ll see your settings and then proceed to AMC, the management console, for the last steps in the configuration process. See Configuring the Appliance Using the Management Console for details.
Related Topics
After you run Setup Wizard to initially configure the appliance, you can’t re-run it unless you first restore the appliance to its factory default configuration settings. Before you can re-run Setup Wizard, you must run Config Reset Tool from the command line; this will delete all of your existing system configuration data. For more information, see Restoring Factory Default Configuration Settings.
Configuring the Appliance Using the Management Console
The final installation and deployment settings are done in AMC. The following is a checklist of configuration items and pointers to detailed information.
1. Log in to AMC.
Log in to AMC, the Web-based application used to administer the appliance, and look at the setup checklist on the right.
2. Register the appliance on MySonicwall and retrieve your license file.
When you register your appliance on www.MySonicwall.com, you must enter both your serial number and your authentication code, which is the hardware identifier for the appliance you purchased:
– The serial number is printed on a label on the outside of your appliance.
– The authentication code is displayed in AMC: click General Settings from the main navigation menu, and then look in the Licensing area.
When you receive your E-Class SRA appliance there is a single user license on it, valid for an unlimited number of days. To become familiar with the AMC and test it in your environment with additional users, request a lab license. After initial setup and testing, download your license file from www.MySonicwall.com and then import it to the appliance.
See Managing Licenses.
3. Define one or more authentication servers.
Authentication is used to verify the identity of users. When configuring an authentication server, you are prompted to specify a directory type (LDAP, Microsoft Active Directory, RADIUS, or local users) and a credential type (username/password, token, or digital certificate).
See Managing User Authentication.
4. Configure a server certificate.
The appliance encrypts information using the Secure Sockets Layer (SSL) protocol. You can create a self-signed certificate using AMC, or optionally obtain a certificate from a commercial certificate authority (CA).
See Certificates.
5. Define application resources and groups.
Application resources include TCP/IP-based resources (such as client/server applications, file servers, or databases), Web-based resources (including Web applications or Web sites) that run over HTTP, and Windows network share resources (to be accessed in WorkPlace). Resource definitions can include variables, so that a single resource can, for example, derive its network name or address based on each user.
See Creating and Managing Resources.
6. Define users and groups.
User and group definitions are used in access control rules to control access to application resources.
See Managing Users and Groups.
7. Define realms and communities.
Realms enable the appliance to directly integrate with authentication servers, eliminating the need to create and manage accounts for each user who needs access to your network. Communities aggregate users with similar access needs and End Point Control requirements.
See Managing User Authentication.
8. Create access control rules.
Access control rules determine what resources are available to users and groups.
See Access Control Rules.
9. Configure shortcuts for WorkPlace.
To provide your users with easy access to a Web, file system, or graphical terminal resource from within WorkPlace, you may want to create shortcuts in WorkPlace.
See Working with WorkPlace Shortcuts.
10. (Optional) Configure the network tunnel service.
If you plan to deploy the network tunnel clients, you must configure the network tunnel service and allocate IP address pools for the clients.
See Configuring the Network Tunnel Service.
11. (Optional) Enable and configure End Point Control.
End Point Control optionally deploys data protection components designed to safeguard sensitive data and ensure that your network is not compromised when accessed from PCs in untrusted environments. End Point Control is deployed through communities.
See End Point Control and Using End Point Control Restrictions in a Community.
12. Apply your changes.
To activate your configuration changes, you must apply them.
See Applying Configuration Changes.
13. Test system accessibility.
Now you can verify that the appliance can access your external user repositories, and make sure that the resources on your network are accessible.
See Troubleshooting.
Moving the Appliance into Production
After you have tested the appliance sufficiently in your network environment and determined how you want it to work, you’re ready to move it into its permanent home. This section describes steps you may need to perform when moving the appliance into production.
1. Reconfigure the appliance with new address information.
If the network environment changed when you moved the appliance into production, you must reconfigure the basic network settings and adjust any of the following values if they have changed:
– IP addresses for the internal and external interfaces
– Default gateway IP addresses
– Static routes
– Default DNS domain and DNS server IP address
If you have a large number of configuration changes to make, you may find it convenient to restore the appliance to its default settings and start over from scratch. This can be done using the Config Reset Tool; see Restoring Factory Default Configuration Settings for more information.
2. Register the appliance with DNS.
If you haven’t already registered the appliance with your company’s DNS, do this now. This ensures that external users can access your network resources using a fully qualified domain name instead of an IP address. Edit your DNS server’s database to include the fully qualified domain name contained in the appliance’s certificate, and any WorkPlace sites.
3. Obtain a commercial SSL certificate.
You may want to obtain a commercial certificate for the appliance to assure users of its identity. (Generally, a self-signed certificate is adequate for AMC.) For more information on generating server certificates, see Obtaining a Certificate from a Commercial CA.
4. Adjust your firewall policies.
If you have an Internet-facing firewall, you may need to adjust its policy to open ports required by the appliance. By default, the Web proxy service communicates using port 443/tcp (it uses port 443/tcp for HTTPS and port 80/tcp for HTTP). If you want to use SSH to connect to the appliance from outside the network, you'll need to open port 22/tcp.
If you have a firewall that faces the internal network, you may need to adjust the policy for that firewall to open ports for any back-end applications with which the appliance must communicate (if these ports are not already open). For instance, if you use an LDAP or Microsoft Active Directory server for authentication, you must open port 389/tcp on your internal firewall. For RADIUS, open ports 1645/ucp and 1812/udp.
If you’re using WorkPlace to access Windows network shares, you must also open internal ports on your internal firewall so that WorkPlace can perform name resolution, make browse requests, and connect to file shares. For more information, see Gathering Information.
5. Create shortcuts and deploy WorkPlace.
If you use WorkPlace as an interface to Web-based resources and to provide Web-based access to Windows network share and graphical terminal resources, you must create shortcuts (see Working with WorkPlace Shortcuts). You should also publish the WorkPlace URLs so your users know how to access resources through your VPN.
You may want to customize the appearance of WorkPlace for your environment. See Configuring WorkPlace General Settings for more information.
Powering Down and Restarting the Appliance
When it’s time to power down or restart the appliance, be sure to follow the proper procedure. The appliance stores important data in memory while it is running. That data must be written to the hard disk before you turn off the power.
CAUTION Powering down the appliance improperly can result in loss of data and leave the system’s files in an inconsistent state. EX9000, EX7000, and EX6000 appliances: Remove any USB devices from the appliance before you reboot it. If a USB device is plugged in to your appliance when it is rebooted, the appliance tries to use it as a boot device. As a result, the boot information stored in the BIOS on the appliance is overwritten, and the device becomes unusable.
To power down or restart the appliance in AMC
1. From the main navigation menu, click Maintenance.
2. On the Maintenance page, click the appropriate button:
– To restart the appliance, click Restart. AMC stops responding. After the appliance restarts, you can log in to AMC again.
– To shut down the appliance, click Shutdown. AMC stops responding and the appliance powers down. You do not need to press the power button on the front panel.
All appliance models can be shut down or restarted at the appliance:
a. On the front of the appliance, press the Down button on the four-button keypad to get to the main LCD menu.
b. Scroll down until you reach the option you want, Restart or Shutdown.
c. Both options display a confirmation message; press the Left button to continue.
d. The results are the same as restarting or shutting down in AMC:
• AMC stops responding; after the appliance restarts, you can log in to AMC again.
• AMC stops responding and the appliance automatically powers down. You do not need to press the power button on the front panel.
After you have completed the initial network setup, use AMC to continue configuring the appliance. AMC is accessible using a Web browser:
• If you’re new to AMC, you might want to read Working with Appliance Management Console.
If you’re ready to continue configuring the appliance, see Network and Authentication Configuration.