WatchGuard x1000 参考指南
Initializing using Remote Provisioning
Reference Guide
103
•
The management station is running System 4.1 or later that has IP
connectivity to the network on which the Firebox is connected
connectivity to the network on which the Firebox is connected
•
The network address and the netmask of the net behind the router
must be known
must be known
•
One or more unused IP connections are behind the router.
In order to provision a Firebox remotely via an IP connection, the Firebox
must belong to one of the following categories:
•
must belong to one of the following categories:
•
New Firebox– By default, newly shipped Fireboxes boot into
Enhanced System Mode which supports remote provisioning.
Enhanced System Mode which supports remote provisioning.
•
Older Firebox– For Fireboxes shipped before Firebox System 4.1,
initialize the Firebox with Firebox System 4.1 software. Then use the
red cross-over cable supplied with the Firebox to connect the Trusted
and Optional Ethernet interfaces in a loopback configuration.
initialize the Firebox with Firebox System 4.1 software. Then use the
red cross-over cable supplied with the Firebox to connect the Trusted
and Optional Ethernet interfaces in a loopback configuration.
During remote provisioning, one light appears on the front panel Traffic
Volume Indicator for each successful IP address the Firebox claims. The
Firebox can claim up to eight addresses.
Volume Indicator for each successful IP address the Firebox claims. The
Firebox can claim up to eight addresses.
The Processor Load Indicator marks the total number of different MAC
addresses the Firebox sees on the cable. If the number exceeds eight, the
Firebox stops claiming addresses; the Sys A light remains lit. This feature
is designed to prevent an uninitialized Firebox from claiming addresses
on a busy LAN. (If this happens, reboot into Enhanced System Mode and
try again.)
addresses the Firebox sees on the cable. If the number exceeds eight, the
Firebox stops claiming addresses; the Sys A light remains lit. This feature
is designed to prevent an uninitialized Firebox from claiming addresses
on a busy LAN. (If this happens, reboot into Enhanced System Mode and
try again.)
The Firebox and the router should be the only two devices on the LAN.
Complete the following:
Complete the following:
1
Attach both the Firebox External interface and the router’s interface to
a common local area network, or use the red cross-over cable to
connect them directly.
a common local area network, or use the red cross-over cable to
connect them directly.
2
Turn the Firebox off and then on. Allow time for the Firebox to boot.
Confirm that there is a flashing pattern with a red, blinking, Trusted
deny light on the lower edge of the Security Triangle Display.
Confirm that there is a flashing pattern with a red, blinking, Trusted
deny light on the lower edge of the Security Triangle Display.
3
Flush the router ARP cache.
Rebooting the router will usually accomplish this.
4
From Policy Manager on the Management Station, select File => Open
Firebox.
Firebox.