Fortress Technologies ecure Wireless Access Bridge manual
- Consulta online o descarga el manual de instrucciones
- 144 páginas
- 5.09 mb
Ir a la página of
manuales de instrucciones parecidos
-
Network Card
Fortress Technologies BreadCrumb Wireless Network
65 páginas 3.54 mb -
Network Card
Fortress Technologies ES520
2 páginas 0.1 mb -
Stereo Receiver
Fortress Technologies Micro
2 páginas 0.2 mb -
Work Light
Fortress Technologies FS-50
32 páginas 0.25 mb -
Automobile Electronics
Fortress Technologies FS-10
16 páginas 0.13 mb -
Automobile Alarm
Fortress Technologies FS-20
16 páginas 0.12 mb -
Network Card
Fortress Technologies Fortress Secure Wireless Access Bridge ES520
2 páginas 0.11 mb -
Automobile Alarm
Fortress Technologies FS-30
14 páginas 0.14 mb
Buen manual de instrucciones
Las leyes obligan al vendedor a entregarle al comprador, junto con el producto, el manual de instrucciones Fortress Technologies ecure Wireless Access Bridge. La falta del manual o facilitar información incorrecta al consumidor constituyen una base de reclamación por no estar de acuerdo el producto con el contrato. Según la ley, está permitido adjuntar un manual de otra forma que no sea en papel, lo cual últimamente es bastante común y los fabricantes nos facilitan un manual gráfico, su versión electrónica Fortress Technologies ecure Wireless Access Bridge o vídeos de instrucciones para usuarios. La condición es que tenga una forma legible y entendible.
¿Qué es un manual de instrucciones?
El nombre proviene de la palabra latina “instructio”, es decir, ordenar. Por lo tanto, en un manual Fortress Technologies ecure Wireless Access Bridge se puede encontrar la descripción de las etapas de actuación. El propósito de un manual es enseñar, facilitar el encendido o el uso de un dispositivo o la realización de acciones concretas. Un manual de instrucciones también es una fuente de información acerca de un objeto o un servicio, es una pista.
Desafortunadamente pocos usuarios destinan su tiempo a leer manuales Fortress Technologies ecure Wireless Access Bridge, sin embargo, un buen manual nos permite, no solo conocer una cantidad de funcionalidades adicionales del dispositivo comprado, sino también evitar la mayoría de fallos.
Entonces, ¿qué debe contener el manual de instrucciones perfecto?
Sobre todo, un manual de instrucciones Fortress Technologies ecure Wireless Access Bridge debe contener:
- información acerca de las especificaciones técnicas del dispositivo Fortress Technologies ecure Wireless Access Bridge
- nombre de fabricante y año de fabricación del dispositivo Fortress Technologies ecure Wireless Access Bridge
- condiciones de uso, configuración y mantenimiento del dispositivo Fortress Technologies ecure Wireless Access Bridge
- marcas de seguridad y certificados que confirmen su concordancia con determinadas normativas
¿Por qué no leemos los manuales de instrucciones?
Normalmente es por la falta de tiempo y seguridad acerca de las funcionalidades determinadas de los dispositivos comprados. Desafortunadamente la conexión y el encendido de Fortress Technologies ecure Wireless Access Bridge no es suficiente. El manual de instrucciones siempre contiene una serie de indicaciones acerca de determinadas funcionalidades, normas de seguridad, consejos de mantenimiento (incluso qué productos usar), fallos eventuales de Fortress Technologies ecure Wireless Access Bridge y maneras de solucionar los problemas que puedan ocurrir durante su uso. Al final, en un manual se pueden encontrar los detalles de servicio técnico Fortress Technologies en caso de que las soluciones propuestas no hayan funcionado. Actualmente gozan de éxito manuales de instrucciones en forma de animaciones interesantes o vídeo manuales que llegan al usuario mucho mejor que en forma de un folleto. Este tipo de manual ayuda a que el usuario vea el vídeo entero sin saltarse las especificaciones y las descripciones técnicas complicadas de Fortress Technologies ecure Wireless Access Bridge, como se suele hacer teniendo una versión en papel.
¿Por qué vale la pena leer los manuales de instrucciones?
Sobre todo es en ellos donde encontraremos las respuestas acerca de la construcción, las posibilidades del dispositivo Fortress Technologies ecure Wireless Access Bridge, el uso de determinados accesorios y una serie de informaciones que permiten aprovechar completamente sus funciones y comodidades.
Tras una compra exitosa de un equipo o un dispositivo, vale la pena dedicar un momento para familiarizarse con cada parte del manual Fortress Technologies ecure Wireless Access Bridge. Actualmente se preparan y traducen con dedicación, para que no solo sean comprensibles para los usuarios, sino que también cumplan su función básica de información y ayuda.
Índice de manuales de instrucciones
-
Página 1
Fortress Security System Secure Wireless Access Bridge User Guide www .fortresstech.com © 2006 Fortress T echnologies[...]
-
Página 2
[...]
-
Página 3
Fortress Bridge i Fortress Secure Wireless Access Bridge 2.6.1 Copyright © 2006 Fortress T echnologies, Inc. All rights reserved. This document con t ains proprie t ary informatio n pr ot ec ted by copyright. No p art of this document may be reproduced or transmitted in any form or by any means, electronic or mechanical, without written permission[...]
-
Página 4
Fortress Bridge ii DISCLAIMED. IN NO EVENT SHALL THE O penSSL PROJECT OR ITS CONTRIBUT ORS BE LIABLE FOR ANY DIRECT , INDIRECT , INCIDENT AL, SPECIAL, EXEMPLARY , OR CONSEQUENTIAL DAMAGES (INCLUDING , BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SER VICES; LO SS OF USE, DA T A, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON A[...]
-
Página 5
Fortress B ridge: Ta ble of Cont ents iii Table of Contents 1 Introduction 1 Fortress Secure Wireless Access Bridge . . . . . . . . . . . . . . . . . . . . .1 Management Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Bridge GUI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . [...]
-
Página 6
Fortress B ridge: Ta ble of Cont ents iv Installation Instructions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Outdoor Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Connecting the Bridge fo r Preconfiguration . . . . . . . . . . . . . . . . . . . . . . . . 12 Preconfiguring the [...]
-
Página 7
Fortress B ridge: Ta ble of Cont ents v 802.1X Server and LAN Port Settings . . . . . . . . . . . . . . . . . . . . . . 35 802.1X Authentication Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 LAN Port 802.1X S ettings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Bridge Passwords . .[...]
-
Página 8
Fortress B ridge: Ta ble of Cont ents vi Trusted Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Adding Trusted Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Editing Trusted Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Del[...]
-
Página 9
Fortress B ridge: Ta ble of Cont ents vii Getting Help in the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82 Command Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Configuration in the Bridge CL I . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 LAN Settings in the CLI . .[...]
-
Página 10
Fortress B ridge: Ta ble of Cont ents viii Secure Automatic Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . .105 Preconfiguring a New Network Deployment with SAC . . . . . . . . . . . . . . . . 106 Connecting the Bridges for Preconfigur ation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Automatically Preconf[...]
-
Página 11
Fortress Bridge: Introduction 1 Chapter 1 Introduction 1.1 Fortress Secure Wireless Access Bridge The Fortress Secure Wireless Access Bridge is an all-in-one network access device with the most stringent security available today built in. It can serve as a wireless bridge, a WLAN access point, and an eight-port LAN switch, while performing all the [...]
-
Página 12
Fortress Bridge: Introduction 2 1.1.1.2 Bridge CLI The Bridge’ s command-line interface provides administration and monitoring functions via a comma nd line. It is accessed over the network via the Bridge’ s IP address or through a terminal connected directly to the Bridge’ s serial Console port. 1.1.1.3 S NMP NOTE: Y ou cannot configure SNMP[...]
-
Página 13
Fortress Bridge: Introduction 3 3) User authentication requires the user of a connecting device to enter a recognize d user name and valid creden- tials, a password, for example , or a digital certificate. The Fortress Security System can authenticate users locally or through existing user-authentica tion provisions. 1.3.2 Strong Encryption at the [...]
-
Página 14
Fortress Bridge: Introduction 4 1.3.5 Deployment Options The Fortress Security System is flexible and exp andable. Figure 1.1 Example Point-to-Multipoint Deployment of the Fortress Secure Wireless Access Bridge[...]
-
Página 15
Fortress Bridge: Introduction 5 The Bridge can provide a secure edg e for a WLAN (or infrastructure-mode) deployment s, as shown in Figure 1.1 W ARNING: can cause physical in- jury or death to you and/or your equipment. 1.4 This Document This user guide assumes it s users have a level of expertise consistent with a professi onal Netwo rk Administra[...]
-
Página 16
Fortress Wireless Acce ss Bridge: Installation 6 Chapter 2 Installation 2.1 Introduction NOTE: Only essen- tial configuration settings, as required for basic installation, are covered in this chapter . The full complement of Bridge configuration options is described in the following chapter , Bridge Administration. The Fortress Secure Wireless Ac c[...]
-
Página 17
Fortress Wireless Acce ss Bridge: Installation 7 2.1.2 Compatibility The Fortress Bridge is fully compatible with F ortress Secure Client versions 2.4 and higher . 2.2 Preparation 2.2.1 Shipped and Optional Parts Included in each Fortress Bridge shipment are: Fortress Secure Wireless Access Bridge, comprisin g: one eight-port Ethernet LAN s[...]
-
Página 18
Fortress Wireless Acce ss Bridge: Installation 8 2.2.2 Preparing the Network Any Ethernet device—including hubs, switches and access points—directly connected t o the Bridge must have auto- negotiation cap ability (and have the feature enabled), or link and/or packet loss cou ld result. Refer to a device’ s documentation to configure its nego[...]
-
Página 19
Fortress Wireless Acce ss Bridge: Installation 9 W ARNING: The Bridge contai ns a 3V (7 y ear) lithi um bat- tery for time-keeping purposes. It is not in- tended to be operator- or user-replaceable . T o avoid risk of personal injury (and v oiding of the Bridge’ s w arranty ), refer all hardw are ser- vicing to Fortress T ech- nical Support. Ther[...]
-
Página 20
Fortress Wireless Acce ss Bridge: Installation 10 PoE powered from a remote 802.1 1af (13 W att) PoE midspan source. Circuit Overloading: The Bridge includes a 48 V main resettable fuse specified at 1.8 A. Lightning/Electrostatic Protection: The Bridge’s antenna ports conform to IEC1000-4-5 10 KV 8/20us waveform. The W AN port conforms to[...]
-
Página 21
Fortress Wireless Acce ss Bridge: Installation 11 NOTE: The ES520 complies with UL60950-1 sa f e ty s p e ci - fications. It has a UL (NEMA) 3/3S/4 (and IEC60529) environmen- tal rating. The Front- panel Cover Plate of the ES520 W eatherizing Kit includes a “Rainti ght” label. Antennas must be installed to provide a separation of at least 2[...]
-
Página 22
Fortress Wireless Acce ss Bridge: Installation 12 2.4.1 Connecting the Bridge for Preconfiguration W ARNING: To comply with FCC rules, antennas must be profes sionally installed . Improperly grounded outdoor antennas pose a particularly serious safety hazard . 1 Position the Bridge so that it operates only within it s safe temperature range (14º?[...]
-
Página 23
Fortress Wireless Acce ss Bridge: Installation 13 1 Open a browser application on a compu ter on your LAN and, in the browser address field, enter the Bridge’ s default IP address: 192.168.254.254 . 2 Log on to the Bridge GUI, entering admin as both User ID and Password and then clicking Login . (When prompted, agree to accept the security certif[...]
-
Página 24
Fortress Wireless Acce ss Bridge: Installation 14 5 From the main menu, select SECURITY SETTINGS , and on the SECURITY SETTIN GS screen, in the CHANGE ACCESS ID section: In Current Access ID enter 16 zeros or the word default . In New Access ID enter the 16-digit hexade cimal Access ID to be used by the Bridge and it s Secure Clients. CAUTI[...]
-
Página 25
Fortress Wireless Acce ss Bridge: Installation 15 NOTE: If you are deploying multi- ple Fortress Bridges in a point-to-point/ multi- point network they must be correctly con- figured for their net- work roles, typically with one serving as the root node and the rest configured as non-root nodes (refer to Section 2.2 for more detail). 8 If the Fortr[...]
-
Página 26
Fortress Wireless Acce ss Bridge: Installation 16 NOTE: The Bridge CLI provides ac- cess to some configu- ration settings that cannot be acces sed from the Bridge GUI. 13 After the Bridge reboots, change the CLI p assword (according to the instructions in Section 6.4.4.2) and configure unique SSIDs for the Bridge (according to the instructions in S[...]
-
Página 27
Fortress Wireless Acce ss Bridge: Installation 17 Slide the compression nut, with the thread ed opening facing toward the connector , over the connector and onto the cable. CAUTION: There are four differ ent possible alig nments be- tween the RJ-45 connec- tor and the connector boot. If the boot and connector are not in the correct alignment, t[...]
-
Página 28
Fortress Wireless Acce ss Bridge: Installation 18 2.4.4 Mast Mounting the Bridge The Mast-Mounting Kit accommodates mast s from 1. 5" to 3" in diameter . To install the Mast-Mounting Kit: 1 Position the Bridge at the desired position on the mast, with the Bridge’ s underside facing toward th e mast and the front panel facing down, as sh[...]
-
Página 29
Fortress Wireless Acce ss Bridge: Installation 19 omnidirectional or directional antenna. Th e antenna and cable must be waterproof. 4 Connect the Bridge's WAN port to an exte rnal 802.3af PSE/ PoE (Power Sourcing Equipment/Power ove r Ethernet) source, which—if the WAN port will con nect to a satellite link or a DSL or cable modem—pro vid[...]
-
Página 30
Fortress Wireless Acce ss Bridge: Installation 20 CAUTION: The FCC requires co- located radio antennas to be at least 7.9" apart. The Bridge’ s antenna connectors are only 5" apart. A void dir ectly mounting two antennas to the Bridge’s r ear-panel connectors . 1 Position the Bridge so that it operates only within it s safe temperatur[...]
-
Página 31
Fortress Bridge: Configuration 21 Chapter 3 Configuration 3.1 The Bridge GUI The Fortress Wireless Access Bridge’ s graphical user interface provides access to Bridg e administrative functions. Access Bridge GUI help screens by clicking Help , the last link on the main menu. 3.1.1 User Accounts There are two user account s on the Bridge GUI, and [...]
-
Página 32
Fortress Bridge : Configuration 22 The Bridge GUI opens on the Welc om e screen. Configuration settings are accessed through the main menu links on the left of the screen. 3.1.3 Logging Off T o log off the Bridg e GUI, click Logout (below the main menu). If you simply close the browser you have used to access the Bridge GUI, you will automatically [...]
-
Página 33
Fortress Bridge : Configuration 23 3.2.1 Spanning Tree Protocol NOTE: Bridging loops can occur on a WLAN only when multiple APs s hare the same ESS (extended ser- vice set). STP is a link management protocol that prevent s bridging loops on the ne twork while providing p ath redundancy . Y ou should enable it only in deployment s in which multiple [...]
-
Página 34
Fortress Bridge : Configuration 24 NOTE: The IP ad- dress you ass ign m u s t b e u n i q u e o n t h e network. To reconfigure Bridge LAN settings: 1 Log on to the Bridge GUI ad min account and select LAN SETTINGS from the menu on the lef t. 2 On the LAN SETTINGS screen, make your change s to the relevant field(s). These include: CAUTION: If the W[...]
-
Página 35
Fortress Bridge : Configuration 25 NOTE: 802.11b de- vices are fully compatible with the 802.11g radio. Radio 1 is the tri-band 802.1 1a/b/g radio, which can be configured as an 802.1 1g or an 802.1 1a radio. Radio 2 always functions as an 802.1 1a radio. RADIO SETTINGS fields are d escribed in sections 3.3.1 and 3.3.2. Section 3.3.3 provides step-[...]
-
Página 36
Fortress Bridge : Configuration 26 Non-Root - Radios in Non-Root mode do initiate connect ions with other Fortress Bridges—either directly with a root Bridge or with other non-root Bridge s (as well as receiving connections from other non-root Bridges a nd wireless devices). T ypically , one Bridge serves as the root node (or root Bridge) and[...]
-
Página 37
Fortress Bridge : Configuration 27 3.3.2.3 Di stance The Distance setting configures the maximum distance—from 1 to 35 miles, in increment s of 1 mile—for which the radio must adjust for the prop agation delay of its transmissions. Figure 3.1. Point-to-multipoint Bridge deployment with bridging radio Distance settings of 3 miles In a point-to-m[...]
-
Página 38
Fortress Bridge : Configuration 28 3.3.2.5 Beacon Interval The Bridge’ s radios transmit beacons at re gular intervals to announce their presence on the network. Y ou can configure the number of milliseconds between beaco ns in whole numbers between 25 and 1000 . Y ou cannot disable the beacon. The default beacon interval is 100 milliseconds. 3.3[...]
-
Página 39
Fortress Bridge : Configuration 29 Enabled on the LAN SETTINGS screen. If you d isable STP on a non-root Bridge, the Multicast field for th e radio with a Radio Mode setting of Bridg e and a Bridge Mode setting of Non-Root will be configurable. Refer to Section 3.2.1 for more information on STP . 3.3.2.7 Received Signal Strength Indicator NOTE: Bec[...]
-
Página 40
Fortress Bridge : Configuration 30 unconfigured V APs for radios in AP radio mode on the V IRTUAL A CCESS P OINT S displa y fram e on th e INTERFACES screen. Y ou can view the settings that assign SSIDs (and associat ed settings) for the radio’ s V APs in the VIRTUAL ACCESS P OINTS frame on the INTERFACES scre en. The Edit button for each V AP pr[...]
-
Página 41
Fortress Bridge : Configuration 31 Radio 1 is preconfigured with a default SSID of Base-11g ; the default SSID for Radio 2 is Base-11a . 3.3.4.2 Hide SSID and Accept G Only Options T o the right of the SSID field are two options that you can enable through their checkboxes: Hide SSID - Enabling this option delete s the SSID string from the pack[...]
-
Página 42
Fortress Bridge : Configuration 32 NOTE: Certain Se- curity Suite options require that an 802.1X authentication server be configured for the Bridge. These include: 802.1X and those WP A and WP A2 settings that do not use PSK. Refer to Section 3.4.1. The security protocol(s) employed by th e Bridge’s virtual access point are configured pe r V AP .[...]
-
Página 43
Fortress Bridge : Configuration 33 WEP Key T ype - WEP keys can be composed of an ASCII (plaintext) passphr ase or hexadecimal string. Hex is the default. WEP Keys 1–4 - Y ou must manually enter at least one st atic key to be used in Open WEP and Shared WEP transa ctions, within the specifications you set in the two fields above, which determine [...]
-
Página 44
Fortress Bridge : Configuration 34 WP A and WP A2 generate encryption keys dynamically and exchange keys automatically with co nnected devices at user- specified intervals. This interval is the only additio nal setting required for WP A security . S pecify the interval in seconds in the WP A Rekey Period field. Whole numbers between 0 and 99999 , i[...]
-
Página 45
Fortress Bridge : Configuration 35 3.4 802.1X Server and LAN Port Settings NOTE: The RADI- US server internal to the Bridge cannot be used for 802.1X authen- tication. The Fortress Bridge can be used with an exte rnal 802.1X authentication server and its inte rnal switch ports can be individually configured to allow or block 802.1X traffic. The For[...]
-
Página 46
Fortress Bridge : Configuration 36 2 In the 801.1X AUTHENTICATION SER VER frame: NOTE: The server key you enter here should already be present in the 802.1X au- thentication se rvice con- figuration. In Server Address , enter the IP address of t he network 802.1X authentication server (the default is 127.0.0.1 ). In Server Port , enter the [...]
-
Página 47
Fortress Bridge : Configuration 37 NOTE: For security[...]
-
Página 48
Fortress Bridge : Configuration 38 The viewable, default security settings a re shown below . 3.6.1 Operating Mode The Fortress Bridge can be operat ed in either of two modes: Normal (the default) or FIPS . NOTE: The Bridge (in either operat- ing mode) flashes the front-panel cleartext LED ( Clr ) whenev er un- encrypted data is pass- ing in an enc[...]
-
Página 49
Fortress Bridge : Configuration 39 If the Bridge fails any self-test o n startup, it is rendered inoperable and must be returned t o the vendor for rep air or replacement. Only a designated Crypto Of ficer , as defined by the Federal Information Processing S tandards, may perfo rm administrative functions on the Bridge and its Secure Client[...]
-
Página 50
Fortress Bridge : Configuration 40 Bridge. For information on setting encryption algorithms on Secure Clients, refer to your Fortress Secure Clie nt user guide. To change the Bridge encryption algorithm: 1 Log on to the Bridge GUI ad min account and select SECURITY SETTIN GS from the menu on the lef t. 2 On the CRYPTO ALGORITHM section of the SECUR[...]
-
Página 51
Fortress Bridge : Configuration 41 on Secure Client s, refer to your Fortress Secure Client user guide. CAUTION: For se- curity reasons, the Access ID in effect on the Bridge cannot be displayed. Make a note of the new Access ID: you will need it to configure the Bridge’ s Secure Cli- ents, as well as to change the Access ID on the Bridge. To cha[...]
-
Página 52
Fortress Bridge : Configuration 42 selected and, in the case of device authenticatio n, when it has been globally enabled in the AUTHENTICATION SETTINGS frame of the SECURITY SETTINGS screen. The se screens are described in Section 4.1 (Device Authentication) and Section 4 .2 (User Authentication), in the next chapter . 3.6.6.1 Enabling/Disabling A[...]
-
Página 53
Fortress Bridge : Configuration 43 The default Auth Server Key is fortress , which yo u can optionally change. Selecting Local authentication enables the screens and fields that configure local authent ication settings for both users and devices. NOTE: The Bridge has not been test- ed with, and may not fully support, other common RADIUS serv- ers. [...]
-
Página 54
Fortress Bridge : Configuration 44 3.6.6.4 Enabling/Disabling Device Auth entication On a Fortress Bridge configured for Local au thentication, the settings in the AUTHENTICATION OPTIONS section o f the AUTHENTICATION SETTINGS frame globally enable/disable device authentication, according to whether device authentication is included in the selectio[...]
-
Página 55
Fortress Bridge : Configuration 45 To configure maximum authentication attempts: 1 Log on to the Bridge GUI ad min account and select SECURITY SETTIN GS from the menu on the lef t. 2 In the AUTHENTICATION SETTINGS frame, in the Auth Mode field, ensure that Local authentication is enabled. 3 Under AUTHENTICATION OPTIONS , in the Max Auth Retries fie[...]
-
Página 56
Fortress Bridge : Configuration 46 To enable/disable user session timeout login prompts : 1 Log on to the Bridge GUI ad min account and select SECURITY SETTIN GS from the menu on the lef t. 2 In the AUTHENTICATION SETTINGS frame: Check the box for Rest art Session Login Prompt to enable user session timeout promp ts (the default). or Clear [...]
-
Página 57
Fortress Bridge : Configuration 47 To configure the default user authentication and device state for authenticating devices: 1 Log on to the Bridge GUI ad min account and select SECURITY SETTIN GS from the menu on the lef t. 2 In the AUTHENTICATION SETTINGS frame, in Auth Mode , ensure that Local authentication is enabled and that Devi ce Auth is s[...]
-
Página 58
Fortress Bridge : Configuration 48 To enable/disable blackout mode: 1 Log on to the Bridge GUI admi n account and select SYSTEM OPTIONS from the menu on the lef t. 2 Under BLACKOUT MODE , in the Sta t u s field choose to Enable BLACKOUT MODE (turn the L EDs off) or Disable B LACKOUT MODE (turn the LEDs on). 3 Click OK in the BLACKOUT MODE frame. Y [...]
-
Página 59
Fortress Bridge : Configuration 49 3.10 Front-Panel Operation The Fortress Bridge front p anel is equipped with three, recessed buttons: two switches (labeled SW1 and SW2 ) and a Reset button. 3.10.1 Mode Selection from the Front Panel NOTE: Refer to Section 3.3.1.4 for more information about Bridge Mode and to Sec- tion 3.7 for an explana- tion of[...]
-
Página 60
Fortress Bridge : Configuration 50 indicated by the Stat2 LED, which flashes rapidly (gre en) when the new mode is selected . If you accidentally cycle p ast the Bridge Mode setting, continue pushing SW2 until Stat2 again begins flash ing. 3 When Stat2 is flashing, press SW1 and hold it down for two seconds to save the new Bridge Mode setting. The [...]
-
Página 61
Fortress Bridge : Configuration 51 3.10.2 Rebooting the Bridge from the Front Panel T o reboot the Fortress Bridge from the front-p anel: NOTE: There are no LED indica- tions in a Bridge in blackout mode (refer to Section 3.7). 1 Press and hold the Reset button for one second, until the Stat1 LED exhibits a slow green flash to indicate that the Bri[...]
-
Página 62
Fortress Bridge: Administration 52 Chapter 4 Administration 4.1 Device Authentication NOTE: The Bridge supports 802.1X authentication through separate and unrelated configuration settings. These are described in 802.1X Security (for wireless devices) and in Section 3.4, 802.1X Serv- er and LAN Po rt Settings . Device authentication is supp orted on[...]
-
Página 63
Fortress Bridge: Admini str ation 53 authenticate on the network. (Refer to Se ction 3.6.6.5 for detailed instructions.) If a device exceeds the maximum allowable retry attempt s to connect to the Bridge-secured network, that de vice will be locked out until the device’ s Sta t e is set to Allow . Such a device is locked out on every Bridge in a [...]
-
Página 64
Fortress Bridge: Admini str ation 54 Access user configurable settings for an authenticating device by clicking its Edit button under AUTHORIZED DEVICES (Section 4.1.2.1). Configurable settings include: Device Name - accepts up to 64 alphanumeric characters by which you can identify the device. If a device has a hostname associated with it (the[...]
-
Página 65
Fortress Bridge: Admini str ation 55 2 On the DEVICE AUT HENTICATION screen, click the Edit button of the device for which y ou want to change settings. 3 In the EDIT DEVICE frame (above the device list) where the device’ s current settings are displayed, enter new values into the relevant fields (described in Section 4.1.2). 4 Click Up date to s[...]
-
Página 66
Fortress Bridge: Admini str ation 56 on the AUTHENTI CATION SETTINGS frame of the SECURITY SETTINGS screen. On a Fortress Bridge-secured network, user authentication can be used by itself or combined with device authentication. The options that determine whether de vice authentication is enabled are also configured globally , in the AUTHEN TICATION[...]
-
Página 67
Fortress Bridge: Admini str ation 57 NOTE: In point-to- point/multipoint deployments, Fortress recommends that you disable the Restart S es- sion Login Prompt for us- ers on all non-root Bridges on the network, so that, when users’ ses- sions time out, they are prompted for their cre- dentials by only the root Bridge. Refer to Section 3.6.6.6 gu [...]
-
Página 68
Fortress Bridge: Admini str ation 58 2 On the USER AUTHENTICATION screen, click the Edit button of the user for which you want to change settin gs. 3 In the EDIT USER frame (above USER AC COUNTS ) where the account’ s current settings are displayed, enter new values into the relevant fields (described in Section 4.2.2). 4 Click Up date to save th[...]
-
Página 69
Fortress Bridge: Admini str ation 59 4.3 Trusted Devices Some wireless devices—IP phones, digit al scales or printers, and APs, for example—are not equipped to run additional software such as the F ortress Secure Client. In order to allow such a device access to the encrypted zo ne, the Fortress Bridge must be configured to identify it as a T r[...]
-
Página 70
Fortress Bridge: Admini str ation 60 The section of the frame under MANAGED TRUSTED DEVICES shows the T rusted Device you added, with the settings yo u specified. 4.3.1 Editing Trusted Devices Y ou can edit the IP and MAC addr esses of a n existing T rusted Device and change it s port settings, but you cannot ch ange its TD Identifier . T o edit a [...]
-
Página 71
Fortress Bridge: Admini str ation 61 4.3.2 Deleting Trusted Devices Y ou can delete T rusted Devices one at a time, or by selecting multiple devices for deleti on. 1 Log on to the Bridge GUI ad min account and choose TRUSTED DEVICES from the menu on the lef t. 2 On the TRUSTED DEV ICES screen, in the MANAGED TRUSTED DEVICES frame, check the box(es)[...]
-
Página 72
Fortress Bridge: Admini str ation 62 4.4.1 Configuring SNMP 1 Log on to the Bridge GUI ad min account and choose SNMP SETTINGS from the menu on the lef t. 2 In the SNMP OPTIONS frame, enter valid values into the relevant fields (described above). 3 Click Apply . 4.5 Backing Up and Restoring The backup function of the Bridge creates and d ownloads a[...]
-
Página 73
Fortress Bridge: Admini str ation 63 Table 4.1. User Configured Se ttings Backed Up for the Bridge function setting network STP enable/ disable W AN port encrypte d/un encrypted rad i o s radio state enable/disable radio band (Radio 1) 802.1 1g/802.1 1a radio mode AP/Bridge channel transmit power distance preamble beacon interval multicasting enabl[...]
-
Página 74
Fortress Bridge: Admini str ation 64 4.5.1 Backing Up the Bridge Configuration 1 Log on to the Bridge GUI ad min account and choose SYSTEM OPTIONS from the menu on the left. NOTE: If y ou choose to pass- word- prot ect th e ba ck- up file, remember that the password will be re- quired in order to re- store from the file. 2 On the SYSTEM OPTIONS scr[...]
-
Página 75
Fortress Bridge: Admini str ation 65 4.6 Software Versions and Upgrades Fortress T echnologies regularly re leases updated versions of the Bridge sof tware that add new features, improve functionality and/or fix known bugs. Upgrade files may be shipped to you on CD-ROM or , more often, made available for download from your acco unt on the Fortress [...]
-
Página 76
Fortress Bridge: Admini str ation 66 Click Apply (or Cancel the operation). 4 Click OK on the system confirmation dialog. The frame displays Uploading file... (with crawling dot s to indicate system activity), then changes to the Performing upgrade... status display , which presents a series of progress messages. When t he process completes, th[...]
-
Página 77
Fortress Bridge: Admini str ation 67 4.7 Rebooting the Bridge The reboot option power cycles the Bridge , ending all sessions and forcing Secure Client devices (and any other Fortress Bridges) in communication with the Bridge to re-key in order to start a new session. 1 Log on to the Bridge GUI ad min account and choose SYSTEM OPTIONS from the menu[...]
-
Página 78
Fortress Bridge: Monitoring and Diagnostics 68 Chapter 5 Monitoring and Diagnostics 5.1 Statistics The statistics scree n displays statistics for overa ll encrypted- zone traffic, each of the Bridge’s lo gical interfaces (including physical Ethernet port s and all configured virtual radio interfaces), as well as for each of the Bridge’ s intern[...]
-
Página 79
Fortress Brid ge: Monitor ing and Diag nostics 69 5.1.1 Traffic Statistics The packet s that the Fortress Bridge has transmitted to a nd received from the encrypted zone since cryptographic processing was last st arted are shown in the ST ATISTICS frame: Encrypt - encrypted pa ckets—the p ackets received from the unencrypted zone, encrypted, [...]
-
Página 80
Fortress Brid ge: Monitor ing and Diag nostics 70 BYTES - the tot al number of bytes received/t ransmitted on the interface PAC KE TS - the total number of packet s received/transmitted on the interface ERRORS - the tot al number of receive/transmit errors reported on the interface 5.1.3 Radio Statistics RADIO 1 is the tri-band, 802.1 1[...]
-
Página 81
Fortress Brid ge: Monitor ing and Diag nostics 71 Idle Since - the number of hours, minutes and seconds since the device was last active on the network.[...]
-
Página 82
Fortress Brid ge: Monitor ing and Diag nostics 72 Each device entry on the TRACKING screen is preceded by a checkbox that, when checked, reset s the network session of that device when Reset Checked Sessions (at the bottom of the screen) is clicked. 5.3 AP Associations The AP Associations screen p r ovides informatio n about devices currently conne[...]
-
Página 83
Fortress Brid ge: Monitor ing and Diag nostics 73 Channel - identifies the channel, by number , over which the Bridge and the associated device are communicating, a s selected for the radio being used (Section 3.3.2.1). NOTE: The For- tress Security Suite setting i mplement s pro- prietary authentication and encryption without reference to the [...]
-
Página 84
Fortress Brid ge: Monitor ing and Diag nostics 74 when Secure Client s contact and negotiate keys with the Fortress Bridge system configuration changes when cryptographic processing is rest arted system and communication errors The log is allocated 500 Kbytes of memory and can contain a maximum of approximately 16, 000 log messages [...]
-
Página 85
Fortress Brid ge: Monitor ing and Diag nostics 75 5.5 Diagnostics NOTE: Radio 1 uses antenna port 1 ( ANT1 ) ; Radio 2 uses antenna port 2 ( ANT2 ) . Access Fortress Bridge diagnostic utilities by logging into the Bridge GUI admin account and selecting DIA GNOSTICS from the menu on the left. The DIAGNOSTICS screen displ ays : The version and bu[...]
-
Página 86
Fortress Brid ge: Monitor ing and Diag nostics 76 5.5.3 Flushing the Host MAC Database The Fortress Bridge maintains a database of the MAC addresses of devices in the unencrypted zo ne. Y ou can flush the HOST MAC DAT ABASE : 1 Log on to the Bridge GUI admin account and choose DIAGNOSTICS from the menu on the lef t. 2 At the bottom of the DIA GNOST[...]
-
Página 87
Fortress Brid ge: Monitor ing and Diag nostics 77 5.6 Front-Panel Indicators NOTE: There are no LED indica- tions in a Bridge in blackout mode (refer to[...]
-
Página 88
Fortress Brid ge: Monitor ing and Diag nostics 78 Stat2 can exhibit: solid green - The Bridge is operating in root mode. off - The Bridge is operating in non-root mode . Clr can exhibit: fast green flash - The Bridge is p assing cleartext (unencrypted dat a) in the encrypted zone. Fail can exhibit: off - The Fail LED does not apply [...]
-
Página 89
Fortress Brid ge: Monitor ing and Diag nostics 79 Both upper and lower LEDs can exhibit: off - The associated radio is disabled (in the Bridge GUI or CLI). All four Radio LEDs can exhibit: solid amber - A firmware error has occurred. off - Both radios are disabled (in the Bridge GUI or CLI). 5.6.3 Port LEDs The Fortress Bridge’ s Ethe[...]
-
Página 90
Fortress Bridge: Comma nd-Line Interface 80 Chapter 6 Command-Line Interface 6.1 Introduction NOTE: Fortre ss Bridge features and functions are de- scribed in greater detail in the precedi ng chap- ters describing the use of the Bridge GUI. The Fortress Bridge CLI provide s commands for managing the Fortress Bridge and the network it secures. Y ou [...]
-
Página 91
Fortress Bridge: Command- Line Interface 81 6.1.1 CLI Administrative Modes There are two administrative modes in the Bridge CLI. NOTE: Bridge CL I help output shows only those commands and argume nts that a re va lid in the current ad- ministr ative mode (ref er to Section 6.2 for more detail.) When you first access the CLI you are, b y default, in[...]
-
Página 92
Fortress Bridge: Command- Line Interface 82 WSG login: sysadm NOTE: The default CLI password is sysadm . P asswords should never be left at their defaults. Password: <password> Fortress Wireless Security G ateway [GW]> The login ID, sysadm , cannot be changed. If you are changing the CLI p assword for the first time as p art of an inst all[...]
-
Página 93
Fortress Bridge: Command- Line Interface 83 Note that only those optio ns available in the current administrative mode are d isplayed and that valid command options dif fer significantly between modes. [AP]> show Description: Displays Access Point information, configuration Usage: show [args]. Possible args: associations radio radius ?|help Seve[...]
-
Página 94
Fortress Bridge: Command- Line Interface 84 Switch refers to the identifier , preceded by a dash (hyphen), for the argument to follow (ex., -ip , -n , etc.) Switches allow permissible argument s to be entered in a ny combination and order . Angle brackets: ind icate variable, user-supplied input s (parameters and variable a rguments), which[...]
-
Página 95
Fortress Bridge: Command- Line Interface 85 The CLI displays the configurable fields for set network one at a time. Enter a new value for the field—or leave the field blank and the setting unchanged—and strike Enter ↵ , to displa y the next field. The final reboot query d isplays only when you have entered a value into at leas t one o f the f[...]
-
Página 96
Fortress Bridge: Command- Line Interface 86 [AP]> show radio [RADIO 1] Radio State: On Radio Band: 802.11g Radio Mode: AP Channel: 1 Tx Power: Auto Distance: 1 Beacon Interval: 100 Preamble: Short Multicast: On RSSI Monitor: Off [RADIO 2] State: On Radio Band: 802.11a Radio Mode: Bridge Bridge Mode: Root Channel: 149 Tx Power: Auto Distance: 1 B[...]
-
Página 97
Fortress Bridge: Command- Line Interface 87 [AP]> set radio 1 Radio state [on|off] (on): Radio band [802.11g|802.11a] (802.11g): 802.11a [OK] Reboot is required when chan ging radio band Radio Mode [ap|bridge|ids] ( ap): bridge [OK] Bridge Mode [root|nonroot] ( nonroot): nonroot Radio is in nonroot mode...c annot set channel Transmit Power [auto[...]
-
Página 98
Fortress Bridge: Command- Line Interface 88 The sample output for the show radio command (at the beginning of this section) shows the default radio se ttings. As shown in the example interactive se t radio output, reconfiguring radio settings requi res that you reboot the Bridge in order to eff ect your changes. The show radio and set radio command[...]
-
Página 99
Fortress Bridge: Command- Line Interface 89 By default a single virt ual access point ( vap 1 ) is configured for each radio. The SSIDs associated with t hese two primary V APs should never be left at their defau lts (shown above). SSID strings can be up to 32 characters long. Configure V AP settings interactively by entering the set command with j[...]
-
Página 100
Fortress Bridge: Command- Line Interface 90 [VAP]> set vap {1|2| 3|4} [-ssid <ssidstring> |.] [-dtim 1-2 55] [-hidessi d on|off] [-rts 1–2345|off ] [-frag 256–2345|of f] [-only11g on|off] [-suite fortr ess|clear| open-wep|sh ared-we p|8021x|wpa |wpa-psk|w pa2|wpa2-ps k|wpa-m ixed|wpa-mi xed-psk] [-wepkeytype hex |passphrase] [-we pkeys[...]
-
Página 101
Fortress Bridge: Command- Line Interface 91 6.4.4.1 Changing Bridge GUI Passwords in the CLI NOTE: Pa s s wo r d s should be a mini- mum of eight charac- ters long and contain a mix of upper and lower- case letters and numer- als. Which GUI password is set depe nds upon the username argume nt: admin sets the administrator password, operator , the v[...]
-
Página 102
Fortress Bridge: Command- Line Interface 92 View the en cryption algorithm (and the re-keying interval) in effect on the Bridge with show crypto : [GW]> show crypto CryptoEngine:AES256 ReKeyInterval:4 The show crypto command is valid only in GW (gate way) mode (refer to Section 6.1.1 for more det ail). NOTE: Yo u c a n combine on a sin- gle comm[...]
-
Página 103
Fortress Bridge: Command- Line Interface 93 6.4.5.4 Access ID in the CLI The Access ID is a 16-digit he xadecimal ID that provides network authentication for the For tress Security System. All of the Bridge’ s Secure Clients must be configured to use the same Access ID as the Bridge. For informa tion on setting encryption algorithms on Secure Cli[...]
-
Página 104
Fortress Bridge: Command- Line Interface 94 CAUTION: If you wa nt to be able to access the Bridge CLI af- ter outdoor installation, you must enable SSH (secur e shell) d uring pre-configuration of the Bridge. 6.4.5.7 SSH Access to the CLI Secure Shell (SSH) is disabled on the Fortress Bridge b y default. Y ou can view the current SSH setting with s[...]
-
Página 105
Fortress Bridge: Command- Line Interface 95 6.4.6 System Date and Time in the CLI View Bridge date and time settings with the show clock command: [GW] > show clock Wkday Month DAY HR:MIN:SEC TimeZone YEAR Set system date and time on the Fortress Bridge , using the twenty-four-hour clock and numerical date, thro ugh the set clock command, as foll[...]
-
Página 106
Fortress Bridge: Command- Line Interface 96 Configure the Bridge interactively to authen ticate users through an external RADIUS server with set auth , as follows: [GW]> set auth ext ernal IPserver: 123.45.67.89 [OK] set Server IP AuthKey: s3cr4ts5r6v7r k8y [OK] set Authentication Key The default RADIUS shared key is fortress . The RADIUS shared[...]
-
Página 107
Fortress Bridge: Command- Line Interface 97 6.4.9 802.1X Authentication Settings in the CLI 6.4.9.1 802.1X Authentication Server Set tings Support for 802.1X authentication on the Fo rtress Bridge, whether for wired or wireless devices, requires the use of an external 802.1X authentication service. Those WP A and WP A2 Security Suite settings that [...]
-
Página 108
Fortress Bridge: Command- Line Interface 98 In GW mode, use the show command with the 8021X argument to view the server settings: [GW]> show 8021X Lan1:off Lan2:off Lan3:off Lan4:off Lan5:off Lan6:off Lan7:off Lan8:off AuthServer:127.0.0.1 AuthPort:1812 The last two lines of output display the current 80 2.1X server settings. The LAN port settin[...]
-
Página 109
Fortress Bridge: Command- Line Interface 99 6.4.9.2 Internal LAN Switch Port 8 02 .1 X Settings Y ou can individually configure eac h of the ports of the Bridge’ s internal LAN switch to require that a connecte d device is an 802.1X supplicant successfully authe nticated by the 802.1X authentication server configured for the Bridge (Section 6.4.9[...]
-
Página 110
Fortress Bridge: Command- Line Interface 100 The commands that configure and delete T rusted Devices are valid only in GW (gateway) mode (refer t o Section 6.1.1 for more detail). NOTE: Tr u s t e d D e - vices must be as- signed static IP addresses. 6.5.1.1 Adding Trusted Devices in the CLI Add T rusted De vices with the add td command, as follows[...]
-
Página 111
Fortress Bridge: Command- Line Interface 101 [GW]> set snmp -c <contact@domain.com> -l <locationName> -ro <roCmntyName> -rw <rwCmntyName> Set Contact:OK Set Location:OK Set RO Community:OK Set RW Community:OK in which contact is the e-mail address to which SNMP event notifications will be sent, locationName iden tifies th[...]
-
Página 112
Fortress Bridge: Command- Line Interface 102 [GW]> show device Hostname:Fswab DeviceID:4389C1B376B1AFDD CryptoEngine:AES256 IP(Private):172.24.1.27 Ssh:Off Gui:On Auth:Off Fips:On The show device command is valid only in GW (gate way) mode (refer to Section 6.1.1 for more det ail). 6.6.2 Viewing System Uptime in the CLI The show uptime command d[...]
-
Página 113
Fortress Bridge: Command- Line Interface 103 Hosts (labeled Client ) are numbere d in the order they were added to the dat abase, following the Bridge’ s internal interfaces, and are listed by their MAC addresses. Below th e list, a count of the entries in the database is given. Y ou can flush the dat abase of host (labeled Client) MAC address wi[...]
-
Página 114
Fortress Bridge: Command- Line Interface 104 6.6.7 Pinging a Device Y ou can ping devices from the Bridge’ s CLI. The Bridge pings three times and then displays the ping st atistics. [GW]> ping 123.45.6 .78 PING 123.45.6.78 (1 23.45.6.78) from 123.45.6.89 : 56(84) bytes of data. 64 bytes from 123.4 5.6.78: icmp_seq=1 ttl=128 ti me=18.3 ms 64 b[...]
-
Página 115
Fortress Bridge: Command- Line Interface 105 [AP]> wlan wlanconfig -h usage: wlanconfig wlanX crea te wlandev wifiX wlanmode [sta|ad hoc|ap|monitor] [bssid | -bssid] [nosbeacon] usage: wlanconfig wlanX dest roy NOTE: Wir e le s s Extension T ool scripts are included in Fortress Bridge backup files; restore operations therefore ov erwrite the exi[...]
-
Página 116
Fortress Bridge: Command- Line Interface 106 6.8.1 Preconfiguring a New Network Deployment with SAC All of the Bridges to be in clu ded in the new networ k must be at their factory-default settings. (Section 6.4.7 describes restoring the Bridge’ s default settings from the Bridge CLI; Section 3.9 describes the same function in the Bridge GUI.) 6.[...]
-
Página 117
Fortress Bridge: Command- Line Interface 107 Allow all of the Bridges to boot before pro ceeding with SAC: front-panel Sta t1 and Stat2 LEDs and the lower L EDs for both radios light solid green, while t he upper LEDs for both radios and the W AN port link/activity ( Lnk/Act ) LED flash green intermittently . 1 Open a terminal application on the co[...]
-
Página 118
Fortress Bridge: Command- Line Interface 108 Bridges. Alternatively , you can specify on ly a subnet and allow SAC to automatically generate all member IP addresses within that subnet, including th at of the root/ master Bridge. The IP or subnet a ddress you en ter must fall within o ne of these reserved ranges: 10.0.0.0 – 10.255.255.255 [...]
-
Página 119
Fortress Bridge: Command- Line Interface 109 [GW]> set sac stop SAC Stop Initiated. May take some time to comple te... Stopped SAC process successfully Reboot_Of_Master(Sr lNum:24656196)_Required_For_N ewConfiguration(CfgId:19082)_ To_Take_Into_Effect Reboot_Of_SACPeer(S rlNum:24743196)_Required_For_ Configuration_Change_From(Old CfgId:0)_To(New[...]
-
Página 120
Fortress Bridge: Command- Line Interface 110 Similarly , the encryption algorithm and re-key interval in effect on the network can be viewed with show crypto (sections 6.4.5.1 and 6.4.5.2, respectively). The Access ID cannot be displayed for security purp oses (but it must match across all network Bridges). Use the show network command on t he mast[...]
-
Página 121
Fortress Bridge: Command- Line Interface 111 SeriallNum|IpAddres s|CfgID|PeerNum|PeerSACStatus |PeerSACState|PeerSACVer 24773196|172.24.0.4 |19082|2|SAC_PEER_CONFIRMED| S AC_COMPLETE_4PEER |SAC_VER_PEGASUS_A RCH1 24743196|172.24.0.3 |19082|1|SAC_PEER_CONFIRMED| S AC_COMPLETE_4PEER |SAC_VER_PEGASUS_A RCH1 T o save the new configuration, enter set sa[...]
-
Página 122
Fortress Bridge: Command- Line Interface 112 [GW]> show sac SwabSerialNum:24743196 SwabConfigID:0 SwabSACRole:SAC_SLAVE SwabSACState:SAC_INIT4SWAB SwabSACVer:SAC_VER_PEGASUS_A RCH1 10 Log off the new Bridge’s CLI and disconnect the Console port cable. 11 Log onto the Bridge CLI of the maste r/root Bridge and add the new Bridge’ s serial numb[...]
-
Página 123
Fortress Bridge: Command- Line Interface 113 16 Disconnect the W AN ports of the new and master Bridges. 17 Power cycle the new Bridge. The new Bridge is ready to be deployed on th e network. 6.8.3.2 Deleting a Bridge from a SAC Network Y ou can view the current list of SAC Peer s from the master/ root Bridge’ s CLI with show sp : [GW]> show s[...]
-
Página 124
Fortress Brid ge: Fortre ss Security System Overv iew 114 Chapter 7 Specifications 7.1 Hardware Specifications 7.1.1 Performance 7.1.2 Physical 7.1.3 Environmental unencrypted throughpu t: up to 23 Mbps encrypted throughput: up to 10 Mbps form factor: compact, rugged desktop chassis dimensions: 2.3" H x 8.75" W x 6.6" D (5.8 cm × 22[...]
-
Página 125
Fortress Bridge: Fortress Security Syst em Overview 115 7.1.4 Compliance 7.1.5 Logical Interfaces The physical connections described in Sectio n 7.1.2 are identified as logical interfaces, as de fined by FIPS 140-2, in the table below: 7.2 RJ-45-to-DB9 Console Port Adapter An RJ-45-to-DB9 adapter (i ncluded with each Bridge) is required in order to[...]
-
Página 126
Fortress Bridge: Fortress Security Syst em Overview 116 the wide side up, pins are numbered from right to left, top to bottom. Figure 7.1 RJ-45 and DB9 Pin Numbering T able 7.1 shows the adapter pin-out s. Table 7.1. RJ-45-to-DBP Adapter Pin-Outs RJ-45 pin DB9 pin standard color 1 - grey 24 b r o w n 33 y e l l o w 4 - green 55 r e d 6 2 black 7 6 [...]
-
Página 127
Fortress Bridge: Troub leshooting 117 Chapter 8 Troubleshooting Problem Solution You are unable to access the Bridge GUI. V erify th e Brid ge ’s physical connec tion : • from an Etherne t port on a computer or a n etwo rk switch to o ne of the Bridge’ s unencrypted intern al LAN ports. —or— • from a computer runnin g the Fortress Secur[...]
-
Página 128
Fortress Bridge: Tr oubleshooting 118 The Bridge is not allowing traffic to pass. V erify th e Brid ge ’s physical connec tion s: • from the Bridge’ s Unencrypted port to the LAN. • from the Bridge’ s Encrypted port to the WLAN. • in AF7500 & AF2100, ve rify the CA T5e cable type ( crossover for direct host/AP connectio ns; straight[...]
-
Página 129
Fortress Bridge: Index 119 Numerics 802.11a/b/g see radio sett ings, rad io band; radios 802.1X authentication 33 , 35 – 36 for wired devices in Bridge CLI 99 in Bridge GUI 36 for wireless devices in Bridge CLI 89 – 90 in Bridge GUI 33 server settings in Bridge CLI 97 – 98 in Bridge GUI 35 – 36 A Access ID 2 , 40 – 41 changing at installa[...]
-
Página 130
Fortress Bridge: Index 120 Bridge CLI 80 – 105 about command 101 accessing 81 SSH 39 , 81 , 94 troublesho oting 117 add/del sp commands 112 , 113 add/del td commands 100 ap command 81 , 88 clear vap command 90 command syntax 83 – 84 default password 91 del clients command 103 exit commands 82 getting help 82 – 83 gw command 81 password defaul[...]
-
Página 131
Fortress Bridge: Index 121 C cabling see ports, connections channel settings 26 configuring in Bridge CLI 86 – 88 in Bridge GUI 29 with SAC 106 – 111 defaults 26 clock see system date and time; Bridge CLI set c lock command compatibility 7 compliance ii , 11 , 115 connections see ports, network connections; grounding console por t adapter 81 , [...]
-
Página 132
Fortress Bridge: Index 122 encrypted zone Device IDs 70 IP addresses 70 MAC addresses 70 tracking ses sions 70 – 72 WAN port configurat ion 23 encryption algorithm 3 , 39 – 40 configuring in Bridge CLI 91 – 92 in Bridge GUI 40 with SAC 106 – 111 default 39 , 92 in Secure Clients 39 environmental specifications 114 Ethernet see network inter[...]
-
Página 133
Fortress Bridge: Index 123 L LAN settings configuring at installation 13 in Bridge CLI 84 – 85 in Bridge GUI 22 – 24 with SAC 106 – 111 default IP address 13 , 21 , 84 LAN switch ( internal) 6 , 7 , 35 port settings in Bridge CLI 99 in Bridge GUI 36 LEDs see front-panel LEDs local authentic at ion serv er 42 , 95 logging on/off Bridge CLI 81 [...]
-
Página 134
Fortress Bridge: Index 124 operator account see Bridge GUI, operator account outdoor installation 11 – 19 mast mounting 18 preconfiguration 12 – 16 requirements ii , 8 – 11 , 18 siting 9 weatherizi ng 16 – 17 P passwords 36 – 37 changing at installation 14 in Bridge CLI 90 – 91 in Bridge GUI 37 default CLI password 82 , 91 GUI admin pas[...]
-
Página 135
Fortress Bridge: Index 125 S SAC see Secure Auto matic Configuration safety compliance 115 requirements 1 , 8 – 11 , 12 , 17 , 18 see also specifications Secure Automati c Configuration 105 – 113 adding a SAC network Bridg e 111 – 113 Bridge settin gs when un specified 106 deleting a SAC network Bridge 113 deploying a new SAC network 10 6 –[...]
-
Página 136
Fortress Bridge: Index 126 T traceroute in Bridge CLI 104 in Bridge GUI 75 traffic statistics 68 – 69 see also interf ace statisti cs transmit power settings 26 troubleshooting 117 – 118 see also diagnostics Trusted Devices 59 – 61 adding in Bridge CLI 100 in Bridge GUI 59 – 60 default settings 100 deleting in Bridge CLI 100 in Bridge GUI 6[...]
-
Página 137
Fortress Bridge: Index 127 weatherizi ng 10 , 16 – 17 cover plate 17 requirements 8 – 11 , 18 RJ-45 connector bo ot 16 – 17 Weatherizing Kit 7 installation 16 – 17 WEP 32 – 33 WLAN command line utility 104 – 105 WLAN settings see radio se ttings WPA and WPA2 33 – 34[...]
-
Página 138
Fortress : Glos sa ry 128 Glossary 3DES T riple Data Encryption Standard—a FIPS-app rov ed NIST standard for data encryption using 192-bits (168-bit en cryption, 24 p arit y bits) f or pr otecting se nsitive (unclassified) U.S. go vernment (and related) data. NIST amended and re-appro ved 3DES f or FIPS in May , 2004. 802.1 1 The IEEE standard th[...]
-
Página 139
129 Fortress : Glos sa ry Bridge GUI The browser -based graphical user interf ace through whi ch the Fortress Secu re Wirele ss Access Bridge is configured and managed, locally or remotely . CCITT Comite Consultatif Internationale de T elegr aphie et T elephonie, former name of the ITU- T . client In the Fortress C ontrol ler FIS h (comm and-l ine)[...]
-
Página 140
130 Fortress : Glos sa ry failover A device or system configur ation in which two, identical comp onents ar e installe d f o r a given function so that if one of them f ail s the redundant component can carry on oper- ations without any substantia l interruption of service. Also, an instance i n which an ac tive component become s inoperative and f[...]
-
Página 141
131 Fortress : Glos sa ry groups An association of network ob jects (users, devi ces, etc. ). Groups are typically used to allocate shared resources and apply a ccess policies. GUI Graphical User In terface guest In For tress T echnologies, a guest user as configured in MaPS. Alternatively , in the Fortress Controller , de vices given access on the[...]
-
Página 142
132 Fortress : Glos sa ry MaPS Consol e In Fortress’s MaPS, a Java-based, configurat ion client interface for the F ortress M anage- ment and P olicy Server , through which all MaPS function s are accessed. MaPS object In Fortre ss’s MaPS, any entit y on the secu re network, includin g Fortress controller devices, Secure Client devices, users, [...]
-
Página 143
133 Fortress : Glos sa ry RSA SecurID® An authentication method crea ted and owned by RSA S ecurity . RADIUS Remote Authentication Dial-I n User Servic e—an authentication server design that issues challenges to co nn ectin g use r s f or their usernames and pa sswords and authenti- cates their responses aga inst a data base of v alid usernames [...]
-
Página 144
134 Fortress : Glos sa ry UDP User Datagram Protocol—defines a method for “best eff ort” delivery of data packets over a network that, like T CP , runs on top of IP b u t, u nl i ke TC P , does not guarantee the order of delivery or provide integrity checking. user authentication The practice of requiring users to enter th e ir assigned user [...]