2.3. Management Computer Connection

Home Prev	NetShield 300 Series Getting Started Guide	Next

cOS Stream Starts After Power Up

It is assumed that the NetShield 300 Series unit is now unpacked, positioned correctly and power is applied. If not, the earlier chapters in this guide should be referred to before continuing.

Clavister's cOS Stream software is preloaded on the NetShield 300 Series and will automatically boot up after power is applied. After the start-up sequence is complete, an external management computer can be used to configure cOS Stream.

cOS Stream Access Methods for Setup

Initial cOS Stream software configuration can be done in one of the following ways:

Using CLI commands across a network connection

The setup process can be performed using CLI commands which are input into a remote management computer running an SSH client. The management computer is linked across a network to an Ethernet interface on the firewall.

Once a network link to the CLI has been established, the manual configuration steps using the CLI are described in Section 3.2, CLI Access.

Using CLI commands via the local console

Alternatively, CLI access is possible using console emulation software running on an external computer connected directly to the RJ45 local console port on the 300 Series hardware. Direct console connection is described in Section 2.4, Local Console Port Connection.

In the default NetShield 300 Series configuration, no login credentials are enabled for the local console.

The Default Management Ethernet Interface

After first-time startup, cOS Stream automatically makes network management access available on a single predefined Ethernet interface and assigns to it the private IPv4 address 192.168.1.1 and network 192.168.1.0/24. In addition, this interface has a DHCP server enabled. This means that any DHCP client that connects can be automatically assigned a private IPv4 address so it can communicate with the firewall.

For the NetShield 300 Series, the physical default management Ethernet interface is G1.

This network connection could be made via a local switch using standard Ethernet cables, as shown in the illustration below.

Direct local Ethernet connection to the G1 interface can be done without a switch by using a suitable crossover cable. However, all the RJ45 interfaces on the NetShield 300 Series support Automatic MDI-X so a crossover cable is not necessary.

Connection to an ISP for Internet Access

For access to the public Internet, another 300 Series Ethernet interface should be selected for connection to an ISP. For example, G2 could be selected, although any other available interface could be used instead.

Note that in the default cOS Stream configuration for the NetShield 300 Series, the G6 and S1 interfaces already have a DHCP client enabled so an IP addresses can be automatically assigned by an ISP on connection.

	Tip: Connect the Internet before the management computer
If the G6 or S1 interface is connected to an ISP before the management computer is connected to the G1 interface, DNS addresses for resolving URIs will be received from the ISP and then relayed in the DHCP lease sent to a connecting management computer. If the management computer is connected first, it may get its IP assigned by the firewall with a DHCP lease that will not contain DNS addresses and the lease lifetime will be 24 hours. Renewing the lease, for example with a management computer restart, may be necessary to get DNS addresses after they are received on the G6 or S1 interface. Alternatively, DNS addresses could be entered into the management computer manually.

Tip: Connect the Internet before the management computer

If the G6 or S1 interface is connected to an ISP before the management computer is connected to the G1 interface, DNS addresses for resolving URIs will be received from the ISP and then relayed in the DHCP lease sent to a connecting management computer.

If the management computer is connected first, it may get its IP assigned by the firewall with a DHCP lease that will not contain DNS addresses and the lease lifetime will be 24 hours. Renewing the lease, for example with a management computer restart, may be necessary to get DNS addresses after they are received on the G6 or S1 interface. Alternatively, DNS addresses could be entered into the management computer manually.

Management Computer Ethernet Interface Setup

The only requirement for the Ethernet interface used for connection on the management computer is that DHCP is enabled. cOS Stream automatically enables a DHCP server on the firewall's G1 interface and this will allocate the relevant IP address to the management computer using DHCP.

If the management computer is configured manually, the following settings could be used:

IP address: 192.168.1.30
Subnet mask: 255.255.255.0
Default gateway: 192.168.1.1

	Tip: Using another management interface IP address
	The IPv4 address assigned to the management computer's Ethernet interface could be any address from the 192.168.1.0/24 network. However, the IP chosen must be different from 192.168.1.1 which is used by cOS Stream's default management interface.