Руководство По Установке для Cisco Cisco Email Security Appliance C370
SERIAL
DATA 4 DATA 5
1
2
3
4
MGMT DATA 1
2
3
These simple-to-follow steps will allow you to install,
configure, and start using your Cisco IronPort Email Security
Appliance right away.
configure, and start using your Cisco IronPort Email Security
Appliance right away.
Before you start, be sure you have the following:
• Rack cabinet enclosure
• Appropriate rails and adaptor kits
• 10/100/Gigabit BaseT TCP/IP local area network (LAN)
• Web browser software (or SSH and terminal software)
• Network cable(s) for connecting to your network
• Appropriate rails and adaptor kits
• 10/100/Gigabit BaseT TCP/IP local area network (LAN)
• Web browser software (or SSH and terminal software)
• Network cable(s) for connecting to your network
Check to make sure the following items are present in the Cisco
IronPort Evvmail Security appliance system box:
IronPort Evvmail Security appliance system box:
•
Cisco IronPort X1070 Email Security Appliance
• Dual-head power cable
• Straight power cables (2)
• Null modem serial cable
• Cisco IronPort X1070 Quickstart Guide (this guide)
• Cisco IronPort AsyncOS for Email Configuration Guide
• Cisco IronPort AsyncOS Documentation CD
• Safety and Compliance Guide
• Null modem serial cable
• Cisco IronPort X1070 Quickstart Guide (this guide)
• Cisco IronPort AsyncOS for Email Configuration Guide
• Cisco IronPort AsyncOS Documentation CD
• Safety and Compliance Guide
Note:
The Cisco IronPort AsyncOS for Email Configuration Guide does not
ship with Email Security appliances that include a FIPS-compliant
Hardware Security Module card.
ship with Email Security appliances that include a FIPS-compliant
Hardware Security Module card.
You can download the AsyncOS Release Notes from the Cisco IronPort
Customer Support Portal located at www.cisco.com/web/ironport.
Customer Support Portal located at www.cisco.com/web/ironport.
Cisco IronPort X1070
Depending on your network configuration, your firewall may need
to be configured to allow access on the following ports.
SMTP and DNS services must have access to the Internet. For
other system functions, the following services may be required:
other system functions, the following services may be required:
• SMTP: port 25
• HTTP: port 80
• SSH: port 22
• LDAP: port 389 or 3268
• LDAP over SSL: port 636
• LDAP with SSL for Global Catalog queries: port 3269
• FTP: port 21, data port TCP 1024 and higher
• LDAP with SSL for Global Catalog queries: port 3269
• FTP: port 21, data port TCP 1024 and higher
See the appendix “Firewall Information” in the Cisco IronPort AsyncOS
for Email Configuration Guide for more information.
for Email Configuration Guide for more information.
Install in Rack
Install the Cisco IronPort Appliance into your rack cabinet. Ensure the
ambient temperature around the system is within the specified limits.
Ensure there is
ambient temperature around the system is within the specified limits.
Ensure there is
sufficient airflow around the unit.
Data
The Cisco IronPort Appliance requires at least one IP address to send
and receive email. Ideally, two IP addresses should be used:
and receive email. Ideally, two IP addresses should be used:
• Connect the Data 1 network port to your public network
• Connect the Data 2 network port to your private network
• Connect the Data 2 network port to your private network
Alternately, you can receive and deliver email from a single connection
to either network port, if your network topology dictates it. Multiple IP
addresses can be configured on one network interface.
to either network port, if your network topology dictates it. Multiple IP
addresses can be configured on one network interface.
Note: Some Cisco IronPort X1070 appliances contain fiber optic
interfaces installed as the Data 4 and Data 5 network ports. You can also
use these fiber optic interfaces if your network topology dictates it.
interfaces installed as the Data 4 and Data 5 network ports. You can also
use these fiber optic interfaces if your network topology dictates it.
Email Security appliances that include a FIPS-compliant Hardware
Security Module card have an additional serial port on the card. Cisco
IronPort’s implementation of FIPS does not use this serial port.
Security Module card have an additional serial port on the card. Cisco
IronPort’s implementation of FIPS does not use this serial port.
Setup and Management
• For access by Ethernet™, connect to the
Management Network
Port. Use a browser to access the web-based interface on the
default IP address 192.168.42.42. You can also access the
command line interface by
default IP address 192.168.42.42. You can also access the
command line interface by
SSH or terminal emulation software on
the same IP address. (The netmask is /24.)
• Or, for Serial access, connect to the Serial Port. Access the command
line interface by a terminal emulator using 9600 bits, 8 bits, no parity,
1 stop bit
1 stop bit
(9600, 8, N, 1), flowcontrol = Hardware.
Power
• Plug the female end of each straight power cable into the redundant
power supplies on the back panel of the appliance.
• Or, plug the female ends of the dual-head power cable into the
redundant power supplies on the back panel of the appliance.
Cisco IronPort Email
Security appliance
Security appliance
Clients
Firewall
Internet
Groupware Server
(Microsoft Exchange™, Lotus
Notes™, SunONE Messaging™)
(Microsoft Exchange™, Lotus
Notes™, SunONE Messaging™)
Dual-Head
Power Cable
Power Cable
Straight
Power Cables
Power Cables
Documentation
CD
Documentation
CD
Public
Network
Private
Network
Network
Public and Private
Networks
Networks
Turn on the system power by pressing the On/Off switch on the front
panel of the the appliance. You must
panel of the the appliance. You must
wait five minutes for the system to
initialize the very first time you power up before moving on to Step 5.
• Fill out the
Networking Worksheet on the back of this
Quickstart Guide. Contact your network administrator if
you need assistance.
you need assistance.
• Use a browser to
connect to the following URL:
http://192.168.42.42
• Log in as:
Username:
admin
Password:
ironport
• The System Setup Wizard begins and the end user license
agreement is displayed. Please read and accept the license
agreement to continue.
agreement to continue.
• Use the information from the Networking Worksheet to complete
the System Setup Wizard.
(Or, you may connect using SSH or terminal emulation software. Initiate
a session to the IP address 192.168.42.42. Log in as
a session to the IP address 192.168.42.42. Log in as
admin
with the
password
ironport
and, at the prompt, run the
systemsetup
command.)
��
)
��
Admin�
Choose�a�new�Password:�*
�
�
Fully-Qualified�Hostname�of�IronPort�Messaging�Gateway�appliance:�*
�
�Data�1����
�Choose�an�Interface�Name�(e.g.�ÒPrivateNetÓ):�
*
�
�
IP�Address:�*�
�
Netmask:�*�
�
Broadcast�Address:�*�
��Data�
2�
Choose�an�
Interface�Name�(e.g.�ÒPublicNetÓ)
:
�
�
IP�Address:�
�
Netmask:�
�
Broadcast�Address:
Gateway�
Default�Router�(gateway)�I
P�Address:�*�
���DNS
�
Primary�DNS�Server�Hostname:
�
�
Primary�DNS�Server�I
P�Address:�
�
Secondary�DNS�Server�Hostname:
�
�
Secondary�DNS�Server�I
P�Address:
�
Choose�an�
Injector�Name�(e.g.�ÒOutboundMailÓ):�*
�
�
IP�Interface�Name�(from�above,�e.g.�ÒPrivateNetÓ):�
*
��
�NTP�
NTP�Server�(I
P�address�or�hostname)
:�
*�Indicates�required�informatio
n
�
Mail��
Injector
IronPort�Messaging�Gateway�Networking
�Worksheet
Technical�Support:
1-877-641-IRON�(4766
Record critical information
from the Networking Work-
sheet to assist in completing
the System Setup Wizard.
from the Networking Work-
sheet to assist in completing
the System Setup Wizard.
Wait 5
minutes
minutes
Quickstart
Guide
Safety and
Compliance Guide
INSTALL
2
UNPACK
1
C ONNECT
3
POWER-UP
4
C ONFIGURE
5
• DNS: port 53
• HTTPS: port 443
• Telnet: port 23
• NTP: port 123
• HTTPS: port 443
• Telnet: port 23
• NTP: port 123
Cisc
o Iro
nPor
t C3
70
Ema
il Se
curit
y Ap
plian
ce
Cisco IronPort C370
Cisc
o Iro
nPor
t C3
70
Power
(2)
(1)
(1)
Serial
50
95
F
C
35
10
Temperature Limits
SERIAL
DATA 4 DATA 5
1
2
3
4
MGMT DATA 1
2
3
MGMT DATA 1
2
MGMT DATA 1
2
or
or
SERIAL
MGMT DATA 1
2
3
3
4
SERIAL
MGMT DATA 1
2
3
3
4
Serial via Terminal
(9600, 8, N, 1)
Ethernet via SSH or HTTP
(on 192.168.42.42)
(on 192.168.42.42)
SERIAL
or
SERIAL
MGMT DATA 1
Power
Plan the installation within your network
Your Cisco IronPort Appliance is designed to serve as your SMTP
email gateway at your network perimeter – that is, the first machine
with an IP address that is directly accessible to the Internet for sending
and receiving email. Many of the features (including Email Security
Monitor, Reputation Filtering, Spam Detection, Virus Protection, and
Encryption) require you to install the Cisco IronPort appliance into your
existing network infrastructure in the following way.
email gateway at your network perimeter – that is, the first machine
with an IP address that is directly accessible to the Internet for sending
and receiving email. Many of the features (including Email Security
Monitor, Reputation Filtering, Spam Detection, Virus Protection, and
Encryption) require you to install the Cisco IronPort appliance into your
existing network infrastructure in the following way.