Table Of ContentHillstone Multi-Core Security
Appliance Easy Configuration Guide
Version 5.0
www.hillstonenet.com
Table of Contents
Table of Contents ........................................................................................... 2
Preface .......................................................................................................... 4
Contents ........................................................................................................ 4
Conventions ................................................................................................... 4
Content ....................................................................................................... 4
Chapter 1 Device Management ....................................................................... 1
Introduction ................................................................................................... 1
Accessing a Device via Console Port .................................................................. 1
Accessing a Device via WebUI ........................................................................... 1
Restoring to Factory Default ............................................................................. 2
CLI ............................................................................................................. 2
WebUI ........................................................................................................ 2
CLR button .................................................................................................. 4
StoneOS Upgrading ......................................................................................... 4
StoneOS Quick Upgrading(TFTP) ................................................................. 4
Upgrading StoneOS via WebUI ....................................................................... 6
License Installation .......................................................................................... 8
Installing a License via CLI ............................................................................ 8
Installing a License via WebUI ....................................................................... 8
Chapter 2 Connecting to Internet ................................................................ 10
Introduction ................................................................................................. 10
Configuring Interfaces ................................................................................... 10
Configuring Route ......................................................................................... 11
Configuring Policy ......................................................................................... 12
Configuring SNAT .......................................................................................... 13
Chapter 3 Commonly Used Function Configuration ...................................... 15
Introduction ................................................................................................. 15
PPPoE .......................................................................................................... 15
DHCP ........................................................................................................... 15
IP-MAC binding ............................................................................................. 16
Peer to peer IPsec VPN .................................................................................. 18
SCVPN ......................................................................................................... 26
DNAT ........................................................................................................... 34
One to one IP mapping ............................................................................... 35
One to one port mapping ............................................................................ 37
One to multiple mapping(including server load balance) ............................... 40
Chapter 4 Link Load Balance ........................................................................ 44
Introduction ................................................................................................. 44
Destination route based load balance ............................................................... 45
Source route based load balance ..................................................................... 46
Smart link load balance ................................................................................. 47
Chapter 5 Quality of Service ........................................................................ 49
Quality of Service Overview ............................................................................ 49
IP QoS configuration ...................................................................................... 49
Application QoS configuration ......................................................................... 52
Mixed QoS configuration ................................................................................ 55
QoS white list configuration ............................................................................ 56
Chapter 6 Network Behavior Control ............................................................ 58
URL filter (URL license is available) .................................................................. 58
Configure user-defined URL DB .................................................................... 62
URL Filter (URL license is unavailable) ............................................................. 63
Web Content filter ......................................................................................... 64
Chapter 7 Advanced VPN Configuration ....................................................... 69
SCVPN configuration based on USB Key ........................................................... 69
Create PKI trust domain .............................................................................. 69
SCVPN configuration ................................................................................... 74
Make USB key ............................................................................................ 75
Login SCVPN by USB key ............................................................................. 75
PnPVPN ........................................................................................................ 77
Configuring a User ...................................................................................... 78
Configuring IKE VPN ................................................................................... 80
Configuring Tunnel Interface ........................................................................ 84
Configuring Policy ....................................................................................... 84
Configuring PnPVPN Client ........................................................................... 86
Chapter 8 High Availability .......................................................................... 88
Introduction High availability .......................................................................... 88
HA configuration ........................................................................................... 89
Preface
Contents
This manual is the basic configuration guide for the Hillstone Multi-Core Security Appliance.
It only applies for versions 5.0 StoneOS or higher. The guide contains configuration steps for
major functions of the Hillstone appliance via the Web User Interface. The content is divided
into the following eight chapters:
Chapter 1: Device Management. Includes device access method, StoneOS upgrades and
license installation.
Chapter 2: Connecting to Internet. Includes basic Internet configurations such as
Interface、 Route、Policy.
Chapter 3: Commonly used function configurations. Includes PPPoE, DHCP, and DNAT.
Chapter 4: Link load balance. Includes Destination route, SBR, PBR based load balance.
Chapter 5: QoS. Includes QoS function and configuration.
Chapter 6: Network behavior control. Includes URL filtering and web content filtering.
Chapter 7: Advanced VPN configuration. Includes USB Key based SCVPN and PnPVPN.
Chapter 8: High Availability (HA) configuration
Conventions
This document follows the conventions below:
Content
Tip: provides related reference to a customer
Note:provides further explanations and context
Caution:System error may have occurred if the setting is incorrect
『 』:indicates a link、tag or button on the WebUI. For example, “click 『login』
button on the home page of the Hillstone device”
< >:indicates text information for the WebUI, including single choice button、
multiple choice button、text box、option name and text descriptions. For
example, “to change MTU value, select <manual>button and input the
reasonable value into the text box.”
Hillstone Easy Configuration Guide
Chapter 1 Device Management
Introduction
In order to facilitate management and configuration by the Administrator, the Hillstone
security appliance can support both local (Console interface) as well as remote (Telnet、SSH、
HTTP and HTTPS)configuration methods through the command line interface (CLI) and the
WebUI.
Accessing a Device via Console Port
To use command line interface via Console port:
1. Take a console cable, connect to your computer, and then plug it into the CON port of
the security device.
2. Launch a terminal emulation program (e.g. super terminal, SecureCRT etc.)
3. Configure the emulation program according to Table 1. Table 1 is the configured
parameters in the terminal.
Table 1:Configure parameters
Parameter Value
Baud Rate 9600 bit/s
Data Bit 8
Parity Check No
Stop Bit 1
Accessing a Device via WebUI
The WebUI is a more direct and effective configuration option, which supports both http and
https access. Interface ethernet0/0 with default IP address 192.168.1.1/24, has all its
services enabled. The first time you log into the device, you can use this interface to access
the WebUI.
To access the WebUI interface:
1. Assign an IP address to your system (PC). This IP address should be on the same subnet
as 192.168.1.1/24. Use an Ethernet cable to connect your PC and port ethernet0/0 of the
Hillstone appliance.
2. Open a Web browser on your PC and type http://192.168.1.1. The login page is shown
below.
1
Hillstone Easy Configuration Guide
Restoring to Factory Default
Hillstone provides you three methods to restore the device to factory default:
CLI:using command via CLI to reset
WebUI:clearing settings via WebUI to reset
Physical button:using CLR button to reset
CLI
To restore to factory default using CLI:
1. Type ”unset all” in execution mode.
2. Follow the prompts to type y to remove all configuration.
3. Type y to reboot the device
4. The device will be restored to factory default after reboot.
WebUI
To restore to factory default using WebUI:
1. In WebUI,click System menu bar, select Configuration Backup & Restore from the
dropdown list:
2
Hillstone Easy Configuration Guide
2. The <Configuration Backup & Restore Wizard> dialog will pop up, select Restore to
factory defaults,and then click Next.
3. The configuration will take effect after rebooting device, select Yes, reboot
immediately,and click OK.
3
Hillstone Easy Configuration Guide
4. All configurations will be cleared, and the device will be rebooted automatically.
CLR button
To restore to factory default by pressing the physical button “CLR”:
1. Power off the device
2. Press down CLR button using a pin through the pin hole and power on the device
3. Keep pressing CLR until STA and ALM led indicator turns red, then release the CLR button.
The device will start to reset
4. After resetting, system will reboot automatically
StoneOS Upgrading
StoneOS Quick Upgrading(TFTP)
Sysloader downloads StoneOS from TFTP server, ensuring a fast system upgrade from the
network.
To upgrade StoneOS using TFTP:
1. Power on the device and enter Sysloader by pressing ESC:
HILLSTONE NETWORKS
Hillstone Bootloader 1.3.2 Aug 14 2008-19:09:37
DRAM: 2048 MB
BOOTROM: 512 KB
Press ESC to stop autoboot: 4 Press“ESC”during the 5-second countdown
4
Hillstone Easy Configuration Guide
Run on-board sysloader? [y]/n: y Type“y”or press Enter
Loading: ##########################
2. Select Load firmware via TFTP from Sysloader menu:
Sysloader 1.2.13 Aug 14 2008 - 16:53:42
1 Load firmware via TFTP
2 Load firmware via FTP
3 Load firmware from USB disks (not available)
4 Select backup firmware as active
5 Show on-board firmware
6 Reset
Please select: 1 Type“1”and press Enter
3. Ensure the connectivity between device and your PC,and copy the required StoneOS into
the specified directory.
4. Specify the Sysloader IP, TFTP server IP, gateway IP and name of StoneOS:
Local ip address [ ]: 10.2.2.10/16 Type Sysloader IP and press Enter
Server ip address [ ]: 10.2.2.3 Type TFTP server IP and press Enter
Gateway ip address [ ]: 10.2.2.1 If Sysloader and TFTP server are not in the
same network segment, you should input the gateway IP and press Enter; otherwise, just press
Enter
File name : StoneOS-3.5R2 Type the name of StoneOS and press Enter, and then
5
Hillstone Easy Configuration Guide
thesystem starts to transfer the file via TFTP
###################################################################
###################################################################
##########
5. Save StoneOS:
File total length 10482508
Checking the image...
Verified OK
Save this image? [y]/n: y Type“y”or press Enter to save the transferred StoneOS
Saving .........................................
Set StoneOS-3.5R2 as active boot image
6. Reboot the device. The system will be restarted with the new StoneOS:
Please reset board to boot this image
1 Load firmware via TFTP
2 Load firmware via FTP
3 Load firmware from USB disks (not available)
4 Select backup firmware as active
5 Show on-board firmware
6 Reset
Please select: 6 Type“6”and press Enter, system starts rebooting
The device Flash can only save two versions of StoneOS. If you want to save a new StoneOS
but the device already has two StoneOS saved, delete an existing one according to the
prompt.
Upgrading StoneOS via WebUI
To upgrade StoneOS using WebUI:
1. Log into StoneOS via the WebUI, and select Firmware Management from dropdown list
of System menu bar:
2. In the <Upgrade Wizard>dialog,select <Upgrade to a new version>, and then click
『Next』
6
Description:major functions of the Hillstone appliance via the Web User Interface. Launch a terminal emulation program (e.g. super terminal, SecureCRT etc.) .. After completing the settings, configure the security appliance B using the same
