Chapter 2: Installation

This section describes the overall installation steps of cOS Core in a virtual environment. It includes details of customer registration and license installation. The steps are organized into the following stages:

A. Register as a User and Download cOS Core.

B. Create a Virtual Machine for cOS Core.

C. Configure cOS Core for Management Access.

D. Register a License and Bind it to cOS Core.

A. Register as a User and Download cOS Core

  1. Go to the URL in a web browser.

  1. The MyClavister login page is presented. If you are already registered, log in and skip to step 8. If you are a new customer accessing MyClavister for the first time, click the Create Account link.

  1. The registration page is now presented. The required information should be filled in. In the example below, a user called John Smith is registering.

  1. When the registration is accepted, an email is sent to the email address given so that the registration can be confirmed.

  1. Below is an example of the heading in the email that would be received.

  1. The confirmation link in the email leads back to the Clavister website to show that confirmation has been successful and logging in is now possible.

  1. After logging in, the customer name is displayed with menu options for changing settings and logging out. Note also that multi-factor authentication can be enabled for increased security in Settings.

  1. To download cOS Core for VMware, select Downloads and then cOS Core.

  1. Press the Download button next to the desired product and version number to get a list in a popup window of all the different distributions available for that version. The button for the latest version is always at the top.

  1. Select and download the ZIP file containing the cOS Core distribution to the local disk. Note that sometimes the Base distribution may not be available for a minor bug-fix revision (for example, version 12.00.05) so the latest Base distribution (for example, version 12.00.00) must be installed first and then the single upgrade distribution applied to get to the desired version.

B. Create a Virtual Machine for cOS Core

Unzip the downloaded file and create a virtual machine for cOS Core using the instructions in Chapter 3, Creating Virtual Machines.

C. Configure cOS Core for Management Access

cOS Core can now be configured using the CLI to allow management access via the If1 interface over a network and to optionally enable Internet access. This is more fully covered in Section 6.4, Manual CLI Setup but a shorter summary of the steps is the following:

  1. For management access, assign an IP address to the default management interface If1 if this has not already been done through DHCP. First, the DHCP client that is initially enabled on all interfaces must be disabled:
    Device:/> set Interface Ethernet If1 DHCPEnabled=No
    Next, assign an IP address to the interface. For example:
    Device:/> set Address IP4Address InterfaceAddresses/If1_ip
    This is followed by setting a network for the interface. For example:
    Device:/> set Address IP4Address InterfaceAddresses/If1_net
  2. For Internet access, an all-nets default route needs to be added to the main routing table which includes the gateway address of a router for public Internet access. Unless there is a narrower route that matches for traffic, this route will be used. To add the route, the CLI context needs to be changed to be the main routing table:
    Device:/> cc RoutingTable main
    The command prompt will change to show that the current context is the main routing table:
    Now, routes can be added to the main table. Assuming that the If1 interface is connected to a router with the IPv4 address then a default route is added with the following CLI:
    Device:/main> add Route Interface=If1 Network=all-nets
  3. For management access using a web browser, the RemoteMgmtHTTP object needs to be changed to allow the source IP to connect. A specific source IPv4 address or network could be specified but here it is set to all-nets so any IP will be acceptable. A particular interface could also be specified but the value any could be used instead:
    Device:/> set RemoteManagement RemoteMgmtHTTP HTTP_If1
    For maximum security, the allowed network and interface should be as specific as possible. Note that normally, an IP rule set entry would be created to allow any data traffic to to flow to or from cOS Core but management access does not require this.
  4. If the admin password has not been changed earlier to a strong password and strong passwords are enabled (by default, they are) then activating configuration changes will not be allowed by cOS Core. One solution is to change the admin password to a strong one, for example:
    Device:/> cc LocalUserDatabase AdminUsers
    Device:/AdminUsers> set User admin Password=Mynew*pass99
    Alternatively, turn off strong passwords with the following command:
    Device:/> set Settings MiscSettings EnforceStrongPasswords=No
  5. The cOS Core configuration changes can now be activated:
    Device:/> activate
    Following activation, the changes must be committed permanently within 30 seconds using the commit command otherwise the system will revert back to the original configuration and all changes will be lost. This acts as a check by cOS Core that the administrator has not been locked out by any change:
    Device:/> commit

Finally, open a web browser and navigate to the IP address of the If1 interface. The cOS Core login dialog should appear and the default administrator credentials of username admin with password admin can be used to log in. By default, only the HTTPS protocol can be used so the connection will be encrypted. With HTTPS, cOS Core will send a self-signed certificate and the browser will prompt for that certificate to be accepted.

It is possible to enable unencrypted HTTP for the management connection but this is not recommended.

When connecting through the Web Interface for the first time, the cOS Core Setup Wizard will automatically try to start as a browser popup window which may have to be explicitly allowed by the user. Using the wizard is described further in Section 6.2, Web Interface and Wizard Setup.

D. Register a License and Bind it to cOS Core

  1. A license for cOS Core must be associated with a MAC address on the virtual machine. To get a MAC address, open the cOS Core Web Interface and go to Status > Run-time Information > Interfaces and make a note of the MAC address for the If1 interface.

    Alternatively, the following CLI command can be used to obtain the MAC address:

    Device:/> ifstat If1

  1. Now, log into the MyClavister website and select the Register License menu option.

  1. Select the NetWall option.

  1. The registration fields will be displayed. After selecting the product type as Virtual Model, enter the License Number and the MAC Address. The license number will be supplied by the product reseller and the MAC address which was noted in an earlier step.

  1. After the license is registered and associated with the MAC address, select the Licenses menu, then the License List option and select the newly registered license from the displayed list.

  1. Clicking on an entry in the list will open a display of the license details with a Download License button displayed at the top. An example button is shown below.

  1. After clicking the button and downloading the license, go back to the cOS Core Web Interface and go to Status > Maintenance > License. Select Upload to upload the license file from the management computer to cOS Core.

The two hour evaluation time limit will now be removed and cOS Core will only be restricted by the capabilities defined by the license.