Chapter 2: Installation

This section describes the installation steps in a virtual environment. It includes details of customer registration and license installation. The steps are organized into the following stages:

Register as a User and Download

  1. Go to the URL https://my.clavister.com in a web browser.

  1. The MyClavister login page is presented. If you are already registered, log in and skip to step 8. If you are a new customer accessing MyClavister for the first time, click the Create Account link.

  1. The registration page is now presented. The required information should be filled in. In the example below, a user called John Smith is registering.

  1. When the registration details are accepted, an email is sent to the email address given so that the registration can be confirmed.

  1. Below is an example of the heading in the email that would be received.

  1. The confirmation link in the email leads back to the Clavister website to show that confirmation has been successful and logging in is now possible.

  1. After logging in, the customer name is displayed with links for changing settings and logging out.

  1. To download cOS Stream for VMware, select Downloads and then cOS Stream.

  1. Press the Download button next to the desired product and version number to get a list in a popup window of all the different distributions available for that version. The button for the latest version is always at the top.

  1. Select and download the relevant files. Disk images are available in the .ova format (for VMware) and qcow2 format (for KVM). Alternatively, an upgrade package can be downloaded which can be applied to an existing virtual firewall in any environment.

Create a Virtual Machine

After downloading the relevant disk image file, follow the instructions for creating a virtual machine using the instructions in one of the following sections:

Setting Up Management Access

The hypervisor's console for the virtual machine will now be available for entering CLI commands. If this was not a virtual environment, the console would be directly connected to a port on system hardware. It allows the administrator to issue any CLI command and can be used to configure cOS Stream.

SSH Management access via a network connection to an Ethernet interface is not yet possible because management access must be configured for one of these interfaces. On initial startup, cOS Stream will detect the available Ethernet interfaces. By default, the interfaces if1 and if2 will be present.

The following list of steps is used for setting up network management access:

  1. Configure SSH management access via one of the Ethernet interfaces. In this example, if1 is used. First, enable the predefined RemoteMgmtSSH rule:

    System:/> set RemoteManagement RemoteMgmtSSH RemoteMgmtSSH -enable

    Then the allowed interface and network must be set:

    System:/> set RemoteManagement RemoteMgmtSSH RemoteMgmtSSH
    			SourceInterface=if1
    			SourceNetwork=if1_net

    The default SSH login credentials for RemoteMgmtSSH are:

    • Username: admin
    • Password: admin

  2. The system's address book is automatically filled with address objects for all the available Ethernet interfaces. For network access, the if1 interface will need an IP address and IP network assigned to it. First, assign the IP address. Suppose that 203.0.113.10 will be used, then the command would be:

    System:/> set Address IPAddress if1_ip Address=203.0.113.10

    Secondly, assign the network to which the IP address belongs:

    System:/> set Address IPAddress if1_net Address=203.0.113.0/24

    Note that the interface address of the connecting SSH client computer must belong to the network if1_net (in this example, 203.0.113.0/24). If a Windows computer is used as the client, the console command ipconfig could be used to check the interface IP address.

  3. For public Internet access, an all-nets default route needs to be added to the main routing table which includes the gateway address of a router. Unless there is a narrower route that matches for outgoing traffic, this route will always be used. To add the route, the CLI context needs to be changed to be the main routing table:

    System:/> cc RoutingTable main

    The command prompt will change to show that the current context is the main routing table:

    System:/RoutingTable/main> 

    Now, routes can be added to the main table. Assuming that the if1 interface is connected to a router with the IPv4 address 203.0.113.1 then a default route is added with the following command:

    System:/RoutingTable/main> add Route
    			Interface=if1
    			Network=all-nets-ip4
    			Gateway=203.0.113.1

  4. Next, restore the CLI context to the default:

    System:/RoutingTable/main> cc
    System:/> 

  5. Finally, all configuration changes must be now activated with the following command:

    System:/> activate

    Following activation, the changes must be committed permanently within 30 seconds otherwise the configuration will revert back to the original configuration and the changes will be lost. This is a check by cOS Stream that the administrator has not been locked out by the changes:

    System:/> commit

Now, an SSH console to the IP address of the if1 interface can be used to perform further administration tasks. SCP uploads can also be made via the same IP address.

Register a License and Bind It

  1. A license must be associated with a MAC address on the virtual machine. To get a MAC address, use the following CLI command:

    System:/> ifstat if1

    Below, are the first few lines of some typical output from this command, displaying an example MAC address:

    System:/> ifstat if1
    Interface if1: 
      IP Address     : 203.0.113.10 
      MAC            : 51:54:00:90:64:75 
      Device         : if1 
      PCI address    : 00:03.0 
      Driver         : virtio 
      MTU            : 1500 
      Routing Table  : <all> 
      Status         : 10 Gbps full duplex

  1. Now, log into the MyClavister website and select the Register License menu option.

  1. Select the NetShield option.

  1. The registration fields will be displayed. After selecting the product type as Virtual Model, enter the License Number and the MAC Address. The license number will be supplied by the product reseller and the MAC address was noted in an earlier step.

  1. After the license is registered and associated with the MAC address, select the Licenses menu, then the License List option and select the newly registered license from the displayed list.

  1. Now, select the Download option and download the license file to the local disk.

  1. Finally, upload the license using SCP. After uploading, the license must be activated with the following command:
    System:/> license activate <license-filename>

The management access only restriction will be removed and cOS Stream will be restricted only by the capabilities defined by the license file.