Secospace USG2110 V100R001C03SPC200 Upgrade Guide (English Document)

Template Revision Description
Precautions
When opening the template, click Enable Macros in the Security Warning dialog box.
Set the properties of Word as follows:
Step 1 Choose Tools > Macro > Security.
Step 2 Select the Medium option in the Security tab page.
Step 3 Select the Trust access to Visual Basic Project option in the Trusted Publisher tab page.
When generating a release notes document for the customer, the following parts labeled (I!"#$%& are
automaticall' deleted:
(aragraphs in the bod' or a table cell
Item lists in the bod' or a table cell
)eading *, +, or , and the related information under the heading
-lock labels and the related information in the blocks
!he !emplate #e.ision /escription section
Instructions for Authors
When using the template, authors must read the following instructions:
0se this template for information de.elopment. When using this template, delete the writing
instructions in blue.
When sa.ing the document, do not delete the macros or delete the information in the !emplate
#e.ision /escription section.
Click the Add Control ID button on the toolbar to label a controlled part with (I!"#$%&.
Click , the ene! Domain button on the "ua!eiTool toolbar. 1odif' onl' the following items:
2 (roduct3(ro4ect ame
2 (roduct 5ersion
2 /ocument 5ersion
2 #elease /ate
/o not manuall' modif' the information in the co.er, header, or footer.
/o not label common information in this document with (I!"#$%&. 6therwise, the parts labeled (I!"#$%& are
deleted.
Instructions for Field Engineers
When using the template, field engineers must read the following instructions:
Click the Add Control ID button on the toolbar to label a controlled part with (I!"#$%&.
#e.iew the parts labeled (I!"#$%&. If the labeled parts must be deli.ered to the customer,
manuall' delete the label (I!"#$%&.
Click the #enerate $ser % button on the toolbar to generate a release notes document for the
customer according to the prompt.
!he generated document does not contain controlled or sensiti.e information or the macros.
!he title and information of the document remain unchanged.
Revision Records
V1.00
Initial release.
Version $&grade #uide
Secospace 0S7+**8 0nified Securit' 7atewa'
5*88#88*C8,S(C+88
Issue 8+
Date +8*898:9+:
"ua!ei Symantec Technologies Co'( )td'
Secospace 0S7+**8 0nified Securit' 7atewa' 5*88#88*C8,S(C+88
5ersion 0pgrade 7uide
)uawei S'mantec !echnologies Co., %td. pro.ides customers with comprehensi.e technical support and
ser.ice. ;or an' assistance, please contact our local representati.e office, agenc', or customer ser.ice center.
)uawei S'mantec !echnologies Co., %td.
$ddress: -uilding *
!he West <one Science (ark of 0"S!C, o.==, !ianchen #oad
Chengdu, >**:,*
(.#.China
Website: http:??www.huaweis'mantec.com
"mail: support@huaweis'mantec.com
Co&yright * Chengdu "ua!ei Symantec Technologies Co'( )td' 2014' All rights reser+ed'
o part of this document ma' be reproduced or transmitted in an' form or b' an' means without prior written
consent of Chengdu )uawei S'mantec !echnologies Co., %td.
Trademar,s and Permissions
and other )uawei S'mantec trademarks are trademarks of Chengdu )uawei S'mantec !echnologies Co.,
%td.
$ll other trademarks and trade names mentioned in this document are the propert' of their respecti.e holders.
%otice
!he information in this document is sub4ect to change without notice. ".er' effort has been made in the
preparation of this document to ensure accurac' of the contents, but all statements, information, and
recommendations in this document do not constitute the warrant' of an' kind, express or implied.
Issue 8+ (+8*898:9+:&
)uawei S'mantec (roprietar' and Confidential
Cop'right A Chengdu )uawei S'mantec !echnologies
Co., %td.
(age B of ,C
Aout this Document
$uthor
(repared b'
)ondlidong
/ate
+8*898:9+>
#e.iewed b'
%iangruixia, Din'an4in, ;uchao, Sungang,
Dang'uenan
/ate
+8*898:9+>
$ppro.ed b'
Eiao Chengwei
/ate
+8*898:9+:
Summar'
!his document pro.ides .ersion upgrade instructions for the target .ersion being
0S7+**85*88#88*C8,S(C88F. !he user is ad.ised to read the entire document prior to
upgrading the s'stem.
!his document includes:
!hapter Details
*0pgrade 1ethods /escribes the upgrade mode and supported .ersions.
+Impact of the 0pgrade /escribes the upgrade impact.
,0pgrade (rocess /escribes the upgrade flow chart and procedure.
B(reparations for the 0pgrade /escribes the preparations for upgrade.
F0pgrade 6perations /escribes the upgrade operations.
>0pgrade 5erification /escribes how to .erif' upgrade.
:5ersion #ollback /escribes how to roll back the .ersion.
"istor#
Issue Details Date Author Approved #
S#7+89*8
5*88#88*C8,S(C+88
Sixth issue +8*898:9+: honglidong Eiao Chengwei
0S7+**8
5*88#88*C8,S(C88F
!hird
issue
+8*89,9*+ ;an
DouGhong
Eiao Chengwei
Issue 8+ (+8*898:9+:&
Co., %td.
(age F of ,C
0S7+**8
5*88#88*C8,S(C88B
Second
issue
+8*898*98B ;an
DouGhong
Eiao Chengwei
0S7+**8
5*88#88*C8,S(C88,
;irst issue +88C9**9,8 ;an
DouGhong
Eiao Chengwei
Issue 8+ (+8*898:9+:&
Co., %td.
(age > of ,C
Contents
1 Upgrade Methods........................................................................12
*.* 0pgrade 1ode.................................................................................................................................................*+
*.*.* 0pgrade /uring /e.ice Startup.............................................................................................................*+
*.*.+ 0pgrade /uring /e.ice #unning...........................................................................................................*+
2 Impact of the Upgrade.................................................................13
+.* Impact on the Current S'stem /uring 0pgrade..............................................................................................*,
+.+ Impact on the Current S'stem.........................................................................................................................*,
+.+.* $uthentication $fter /e.ice Startup.......................................................................................................*,
+.+.+ 0pgrade otes........................................................................................................................................*,
3 Upgrade Process.........................................................................15
,.* 0pgrade ;low Chart and (rocedure /uring /e.ice Startup...........................................................................*F
,.*.* 0pgrade ;low Chart...............................................................................................................................*F
,.*.+ 0pgrade (rocedure.................................................................................................................................*F
,.+ 0pgrade ;low Chart and (rocedure /uring /e.ice #unning.........................................................................*>
,.+.* 0pgrade ;low Chart...............................................................................................................................*>
,.+.+ 0pgrade (rocedure.................................................................................................................................*:
4 Preparations for the Upgrade......................................................18
B.* (reparations for 0pgrade.................................................................................................................................*=
B.*.* (reparing 0pgrade !ools........................................................................................................................*=
B.*.+ (reparing 0pgrade #eferences...............................................................................................................+*
B.*., (reparing 0pgrade Software..................................................................................................................+*
B.+ Checklist -efore the 0pgrade..........................................................................................................................+*
B.+.* Huer'ing the )ost Software 5ersion......................................................................................................+*
5 Upgrade Operations....................................................................23
F.* -acking up and %oading the Configuration ;ile..............................................................................................+,
F.*.* -acking up the Configuration ;ile.........................................................................................................+,
F.*.+ %oading the Configuration ;ile..............................................................................................................+B
F.+ 0pgrade /uring /e.ice (ower9on...................................................................................................................+F
F., 0pgrade 6perations /uring /e.ice #unning..................................................................................................+C
F.B $cti.ate license file..........................................................................................................................................,8
6 Upgrade Verication....................................................................32
>.* 0pgrade 5erification........................................................................................................................................,+
>.+ 0pgrade 5erification........................................................................................................................................,+
! Version "o##$ac%.........................................................................33
& Upgrade "ecord..........................................................................34
' &cron(ms and &$$re)iations.......................................................35
Issue 8+ (+8*898:9+:&
Co., %td.
(age = of ,C
*ig+res
;igure,9* ;low chart of upgrade during de.ice startup........................................................................................*F
;igure,9+ ;low chart of upgrade during de.ice running.......................................................................................*>
;igureB9* Connecting a serial port of the (C to the console port of the 0S7+**8...............................................*=
;igureB9+ Connecting the "thernet interface of the (C to the "thernet interface of the 0S7+**8......................*C
;igureB9, Connection Descri&tion dialog box....................................................................................................*C
;igureB9B Connect To dialog box.........................................................................................................................+8
;igureB9F Setting the port properties.....................................................................................................................+8
Issue 8+ (+8*898:9+:&
Co., %td.
(age C of ,C
,a$#es
!able,9* (rocedure for upgrade during de.ice startup..........................................................................................*F
!able,9+ (rocedure for upgrade during de.ice running........................................................................................*:
!ableB9* Checklist before the upgrade..................................................................................................................+*
!able>9* 0pgrade .erification...............................................................................................................................,+
1 Upgrade Methods
!his chapter describes how to perform an upgrade b' using follow methods.
1$1 %pgrade &ode
Dou can upgrade 0S7+**8 in either of the following modes.
1$1$1 %pgrade During Device Startup
-efore the 0S7+**8 starts the -oot#61, enter the -oot#61 main menu. 6n the "thernet
submenu, configure the "thernet interface. !hen, load the host software package from the ;!(
ser.er.
1$1$2 %pgrade During Device Running
When the 0S7+**8 is running properl', 'ou can load the host software package from the ;!(
ser.er b' running ;!( commands. Set the host software and path for next startup, and then,
S'stem will be upgraded when /e.ice Startup.
Issue 8+ (+8*898:9+:&
Co., %td.
(age *+ of ,C
2 Impact of the Upgrade
2$1 Impact on the !urrent S#stem During %pgrade
If the de.ice is running on the incumbent network, adopt the method described in section
*.*.*I0pgrade /uring /e.ice Startup.I Ser.ices are interrupted during the entire upgrade
process. If adopting the method described in section *.*.+I0pgrade /uring /e.ice #unningI
to load the software upgrade package, 'ou need to restart the de.ice to complete the upgrade.
Ser.ices ma' be interrupted due to the de.ice restart. Dou can decide when to restart the
de.ice after upgrade as reJuired.
2$2 Impact on the !urrent S#stem
2$2$1 Authentication After Device Startup
!he default user name and password of login as a Console user are admin and Admin-./0
respecti.el'. ;or example:
**********************************************************
* All rights reserved (2008-2009) *
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall e allowed!*
**********************************************************
"ser inter#ace con0 is availale
$lease $ress %&'%(!
&)'*+%,'his is a private communication s-stem!
"nauthori.ed access or use ma- lead to prosecution!
/ogin authentication
"sername, admin
$assword,
0"1223304
56e 33 37,79,08 2009 91 1:%//;<;/)2*&, admin login #rom con0
0"1223304
2$2$2 %pgrade 'otes
Sa.e the host software, configuration file, and license file before upgrade in case of
.ersion rollback.
Issue 8+ (+8*898:9+:&
Co., %td.
(age *, of ,C
$.oid the power failure during upgrade. !he file ma' not be completel' uploaded or
downloaded and therefore is una.ailable due to the power failure.
!he default password of -oot#61 for the 0S7+**8 is seco!ay.
!he 0S7+**8 supports the function of restricting the number of I( address9based users.
!he function is controlled b' the license. -' default, onl' +8 users are allowed to access
with no license, howe.er, the limitation is remo.ed b' acti.ating with license.
Issue 8+ (+8*898:9+:&
Co., %td.
(age *B of ,C
3 Upgrade Process
3$1 %pgrade Flo( !hart and Procedure During
Device Startup
3$1$1 %pgrade Flo( !hart
;igure*.* ;low chart of upgrade during de.ice startup
3$1$2 %pgrade Procedure
;igure*.* (rocedure for upgrade during de.ice startup
'o$ )peration Impact Duration &andator#
or )ptional
* %oad the
host
software
package
through
the
-oot#6
1 during
startup.
"nter the -oot#61 main
menu and set the "thernet
interface parameters.
;or the
first9time
loading,
'ou must
load the
host
software
package
through the
-oot#61K
otherwise,
the
"Juipment
cannot
start.
* minutes 1andator'
%oad the host software
package, .rpcfg.Gip and
%icense.dat to the ;%$S).
Complete the loading and
set the path of the host
software package.
+ Start "Juipment from ;%$S) one +.8
minutes
1andator'
Issue 8+ (+8*898:9+:&
Co., %td.
(age *F of ,C
3$2 %pgrade Flo( !hart and Procedure During
Device Running
3$2$1 %pgrade Flo( !hart
;igure*.* ;low chart of upgrade during de.ice running
Configure FTP software
Load the host software
Load the configuration file
Load the license.dat file
Set the host software and path for next startup
Start the device
End
Put the host software, configuration file, and license.dat file to the user FTP directory.
3$2$2 %pgrade Procedure
;igure*.* (rocedure for upgrade during de.ice running
or )ptional
* %oad the
host
software
during
de.ice
running b'
running
commands.
Configure the ;!(
ser.er, set the user
name and
password, and
sa.e the host
software package,
.rpcfg.Gip and
%icense.dat to the
;!( director'.
When the ;lash
memor' is
insufficient, the
file cannot be
completel'
loaded. In this
case, 'ou need to
delete certain
files from the
;lash memor'.
$bout +
minutes
1andator'
0pload the host
software package,
.rpcfg.Gip and
%icense.dat b'
running ;!(
commands.
Issue 8+ (+8*898:9+:&
Co., %td.
(age *> of ,C
or )ptional
Configure that the
loaded host
software package
is used for next
startup.
+ #estart the "Juipment /uration of
"Juipment
startup is
affected b' the
number of
configuration
items in
configuration
file. !he more
items, the longer
startup duration.
$bout +
minutes
1andator'
Issue 8+ (+8*898:9+:&
Co., %td.
(age *: of ,C
4 Preparations for the Upgrade
*$1 Preparations for %pgrade
*$1$1 Preparing %pgrade Tools
Tas+ Description
Connect the (C to the 0S7+**8 through serial port cables and network cables.
!he ;!( software is reJuired because it is mandator' for upgrade. !he serial port of the (C
must be connected to the 0S7+**8 because 'ou need to check whether the 0S7+**8 starts
up or runs properl' during upgrade. !he ph'sical link between the "thernet interfaces is used
to transmit software. !herefore, the "thernet interfaces must be a.ailable.
Precautions
!he ;!( ser.er must be installed on the (C. !he ;!( ser.er is not described here because it is
the third part' software.
)peration Procedure
Step 1 Connect a serial port of the (C to the console port of the 0S7+**8 through the console cable.
;igure*.* Connecting a serial port of the (C to the console port of the 0S7+**8
S!"#" serial interface
Console ca$le
Console interface
%S&"''( PC
Step 2 Connect the "thernet interface of the (C to the "thernet interface of the 0S7+**8 through the
network cable.
Issue 8+ (+8*898:9+:&
Co., %td.
(age *= of ,C
;igure*.* Connecting the "thernet interface of the (C to the "thernet interface of the 0S7+**8
Ethernet interface
)etwork ca$le
Ethernet interface
%S&"''( PC
Step 3 Start the ;!( ser.er on the (C.
Step * Sa.e the host software package to be upgraded to the ;!( root director'.
#efer to section B.*.,I(reparing 0pgrade SoftwareI to get the host software package.
Step , Configure the serial port.
*. #un the terminal emulation program (such as the Windows L( )'per!erminal& on the
(C. Choose Start 1 All &rograms 1 Accessories 1 Communications 1 "y&er
Terminal( and displa' the Connection Descri&tion dialog box.
+. In the %ame field, enter the name of the connection between the (C and the 0S7+**8,
for example, C2MM. 'Select an icon in Icon( as shown in ;igure+.*.
;igure+.* Connection Descri&tion dialog box
,. Click 23 to displa' the Connect To dialog box.
B. Select the serial port for connecting the (C and the 0S7+**8 from the connect using
drop9down list, for example, C2M., as shown in ;igureB.*.
Issue 8+ (+8*898:9+:&
Co., %td.
(age *C of ,C
;igureB.* Connect To dialog box
F. Click 23 to displa' the C2M. Pro&erties dialog box as shown in ;igure>.*.
>. Set the communications parameters of the port, as shown in ;igure>.*.
;igure>.* Setting the port properties
Issue 8+ (+8*898:9+:&
Co., %td.
(age +8 of ,C
:. Click 23'
4444End
Result -eri.cation
Start the 0S7+**8. Check whether the startup information collected through the serial port is
displa'ed on the )'per!erminal of the (C. If 'es, it indicates that the connection between the
(C and the 0S7+**8 is established and the serial port cable is well connected.
*$1$2 Preparing %pgrade References
Dou must upgrade the 0S7+**8 b' following the upgrade instructions:
0S7+**8 5*88#88*C8,S(C+88 #elease otes ("nglish /ocument&.doc
0S7+**8 5*88#88*C8,S(C+88 0ser 7uide ("nglish /ocument&.doc

*$1$3 Preparing %pgrade Soft(are
/ownload software package:
0S7+**85*88#88*C8,S(C+88.bin (:,8:*,FF> -'te&
Precautions
Dou must download the preceding files to the ;!( root director' on the (C.
*$2 !hec+list /efore the %pgrade
;igure*.* Checklist before the upgrade
S
'
Item !riteria
* Huer'ing the host software
.ersion
Check whether the .ersion number of the host
software is consistent with that of the software
package.
*$2$1 0uer#ing the "ost Soft(are -ersion
In the command line .iew, run the dis&lay +ersion command to .iew the .ersion of the host
software running on the de.ice.
0"1223304 display version
:uawei 1-mantec =ersatile 1ecurit- $lat#orm 1o#tware
1o#tware =ersion , "122330 =300(003+081$+200 (=1$ (() 1o#tware, =ersion 8!80)
+op-right (+) 2008-2009 +hengdu :uawei 1-mantec 'echnologies +o!, /td! All right
s reserved!
1ecospace "122330 uptime is 0 wee>(s), 0 da-(s), 0 hour(s), ? minute(s)

(pu's version in#ormation,
Issue 8+ (+8*898:9+:&
Co., %td.
(age +* of ,C
328@ -tes 1A(A@
82@ -tes 6/A1:
$c =ersion , =%(!A
+$/A logic =ersion , 008
1mall Boot()@ =ersion , 30C
Big Boot()@ =ersion , 32?

00,02,<2 07-02-2000
Issue 8+ (+8*898:9+:&
Co., %td.
(age ++ of ,C
5 Upgrade Operations
;or securit' reasons, 'ou should sa.e s'stem configurations before upgrade and then restart
the de.ice. !herefore, s'stem configurations can be restored in case of the upgrade failure.
,$1 /ac+ing up and 1oading the !on.guration File
,$1$1 /ac+ing up the !on.guration File
Dou can back up the configuration file in the following wa's if necessar', !he host software
in.ol.ed in the document is usg/..5'bin, the configuration file is +r&c6g'7i&, and the backup
configuration file is bac,u&'7i& globall'.
Screen !op#ing
6n the terminal of the 0S7+**8, run the dis&lay current4con6iguration command to cop'
all the information that is displa'ed on the screen into a !L! file and sa.e it. !he
configuration file is backed up.
Through TFTP
Step 1 (6ptional& $fter starting the 0S7+**8, run the following commands to back up the
configuration file in the ;lash memor'. !his step is for forming the good habit of backing up
the configuration file in the ;lash memor'.
0"1223304 copy vrpcfg.zip flash:/backup.zip
+op- #lash,;ac to #lash,;ac>up!.ipDEcon#irmF,
Be#ore press %&'%( -ou must choose '9%1' or '&)'E9;&F, y
3005 complete
5+opied #ile #lash,;vrpc#g!.ip to #lash,;ac>up!.ip!
Step 2 6n the (C, start the !;!( ser.er application program, and specif' the transmission path for
downloading the configuration file and the I( address and port number of the !;!( ser.er.
Step 3 6n the 0S7+**8, run the t6t& command. !he parameters are the I( address of the !;!(
ser.er, operation t'pe, and name of the configuration file.
0"1223304 tftp 10.110.24.209 put vrpcfg.zip
&ow egin to cop- #ile to remote t#tp server, please wait #or a while!!!G
Issue 8+ (+8*898:9+:&
Co., %td.
(age +, of ,C
'6'$, C<C -tes sent in 3 seconds!
6ile uploaded success#ull-!
4444End
Through FTP
Be#ore press %&'%( -ou must choose '9%1' or '&)'E9;&F,y
3005 complete
Step * 6n the (C, start the ;!( ser.er application program, and specif' the transmission path for
downloading the configuration file and the I( address and port number of the ;!( ser.er.
Step , 6n the 0S7+**8, run the 6t& command. "nter the parameters of the ;!( ser.er I( address,
user name, and password. $fter logging in to the 0S7+**8 successfull', enter the operation
t'pe and configuration file name.
0"1223304 ftp 10.110.24.209
'r-ing 30!330!27!209 !!!
$ress +'(/HI to aort
+onnected to 30!330!27!209!
220 W6'$A 2!0 service (- 'eJas *mperial 1o#tware) read- #or new user
"ser(30!330!27!209,(none)),!"2110
883 2ive me -our password, please
$assword,
280 /ogged in success#ull-
0<,<7,22 02-38-2009
E#tpF put vrpcfg.zip
&ow egin to cop- #ile to remote #tp server, please wait #or a while!!!G
6'$, C<C -tes sent in 3 seconds!
6ile uploaded success#ull-!
4444End
,$1$2 1oading the !on.guration File
Dou can edit the configuration file in offline mode according to the specified format and load
the file to the 0S7+**8 through ;!( or !;!(. 6r 'ou can load the backed up configuration
file to the 0S7+**8 through ;!( or !;!(. Dou can load the configuration file in the
following wa's:
Through TFTP
Step 1 (6ptional& 6n the 0S7+**8, run the following commands to back up the configuration file
+r&c6g'7i&. !his step is for forming the good habit of backing up the configuration file when
updating it.
Issue 8+ (+8*898:9+:&
Co., %td.
(age +B of ,C
Be#ore press %&'%( -ou must choose '9%1' or '&)'E9;&F, y
3005 complete
Step 2 6n the (C, start the !;!( ser.er application program, and specif' the transmission path for
uploading the configuration file and the I( address and port number of the !;!( ser.er.
Step 3 6n the 0S7+**8, run the t6t& command. !he parameters are the I( address of the !;!(
ser.er, operation t'pe, and name of the configuration file.
0"1223304 tftp 10.110.24.209 get vrpcfg.zip
&ow egin to download #ile #rom remote t#tp server, please wait #or a while!!G
'6'$, C<C -tes received in 0 seconds!
6ile downloaded success#ull-!
4444End
Through FTP
Be#ore press %&'%( -ou must choose '9%1' or '&)'E9;&F,y
3005 complete
Step 2 6n the (C, start the ;!( ser.er application program, and specif' the transmission path for
downloading the configuration file and the I( address and port number of the ;!( ser.er.
Step 3 6n the 0S7+**8, run the 6t& command. "nter the parameters of the ;!( ser.er I( address,
user name, and password. $fter logging in to the 0S7+**8 successfull', enter the operation
t'pe and configuration file name.
0"1223304 ftp 10.110.24.209
'r-ing 30!330!27!209 !!!
+onnected to 30!330!27!209!
"ser(30!330!27!209,(none)),!"2110
$assword,
0<,<7,22 02-38-2009
E#tpF get vrpcfg.zip
4444End
,$2 %pgrade During Device Po(er2on
Step 1 !urn on the power suppl' to power on the 0S7+**8.
Issue 8+ (+8*898:9+:&
Co., %td.
(age +F of ,C
Step 2 When starting the 0S7+**8, 'ou can .iew the 1(0 startup process on the serial port tool.
When the following information is displa'ed, press CtrlMB to enter the -oot#61 main
menu.
1tarting!!!
Aecompressing !!!!!!!!!AoneK1tarting !!!
*************************************************************
* *
* "ni#ied 1ecurit- 2atewa- 2330 Bootrom, =er3!2? *
* *
*************************************************************

+$" t-pe , @$+8278
+$" /3 +ache , 82IB
+$" +loc> 1peed , 200@:.
@emor- 1i.e , 328@
$ress +trlHB to %nter Boot @enu!!! 7
$assword,
LLLLLLLLLLLLLLLLLLLLL0@A*&-B))'()@ @%&"4LLLLLLLLLLLLLLLLLLLLL
M 034 Boot With Ae#ault @ode M
M 024 Boot 6rom 6lash M
M 084 %nter 1erial 1u@enu M
M 074 %nter %thernet 1u@enu M
M 0<4 +hange 6lash Boot 6ile M
M 0C4 @odi#- Bootrom $assword M
M 0?4 (ecover +onsole $assword M
M 004 (eoot M
LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
%nter -our choice(0-?),
(ress CtrlMB within fi.e seconds. When Pass!ord8 is displa'ed, enter the password to enter the
-oot#61 main menu. "nter the password after entering the -oot#61 main menu. !he default
password for the 0S7+**8 is seco!ay.
Step 3 6n the -oot#61 main menu, enter 9 to enter the "thernet submenu.
%nter -our choice(0-?), 4
Boot 6rom &et $ort!!!
LLLLLLLLLLLLLLLLLLLLL0&%'W)(I 1"B-@%&"4LLLLLLLLLLLLLLLLLLLLLL
M 034 Aownload $rogram 'o 1A(A@ And (un M
M 024 Aownload $rogram 'o 6lash M
M 084 +hange Boot $arameter!!! M
M 004 %Jit 'o @ain @enu M
Step * 1odif' the settings of "thernet interface configuration parameters. 6n the "thernet submenu,
enter 0 to open the interface. $fter setting the parameters, return to the "thernet submenu.
%nter -our choice(0-8), #
Issue 8+ (+8*898:9+:&
Co., %td.
(age +> of ,C
+hange Boot $arameter 'hrough &et $ort!
&ote, 'wo protocols #or download, t#tp N #tp!
9ou can modi#- the #lags #ollowing the menu!
t#tp--0J80, #tp--0J0!0$lease @a>e 1ure '-ping in /owercase K4
Availale Boot Aevice, Emot#cc0F
'!' L clear #ieldO '-' L go to previous #ieldO PA L Quit
oot device , mot#cc0
processor numer , 0
host name , usg2330
#ile name , usg2330!in
inet on ethernet (e) , 2!2!2!2
inet on ac>plane (),
host inet (h) , 2!2!2!272
gatewa- inet (g) ,
user (u) , usg2330
#tp password (pw) (lan> L use rsh), usg2330
#lags (#) , 0J0
target name (tn) , usg2330!in
startup script (s) ,
other (o) ,
(arameters need to be set are as follows:
6ile name: indicates the file to be downloaded. Set this parameter to usg/..5'bin.Dou
can directl' enter the new file name after the displa'ed file name. !his modification
method is also applicable to the following parameters.
boot de+ice: is used to set the interface for downloading the usg/..5'bin file b' the
0S7+**8.
inet on Ethernet: is used to set the I( address of the 0S7+**8. !his I( address and the
I( address of the (C pro.iding ;!( ser.ices should be in the same network segment.
host inet: is used to set the actual I( address of the (C pro.iding ;!( ser.ices.
user: indicates the ;!( user name.
6t& &ass!ord: indicates the password of the ;!( user.

Step , /ownload the usg/..5'bin file to the ;lash. 6n the "thernet submenu, enter / to download
files from the ;!( ser.er. ;or example,
Step 3 /ownload the file from the ;!( ser.er.
%nter -our choice(0-8), 2
Aown/oad $rogram 'o 6lash 'hrough &et $ort!
oot device , sbe
unit numer , 2
processor numer , 0
host name , hp
Issue 8+ (+8*898:9+:&
Co., %td.
(age +: of ,C
#ile name , usg2110.bin
inet on ethernet (e) , #.#.#.2
host inet (h) , #.#.#.1
user (u) , usg2110
#tp password (pw) , usg2110
#lags (#) , 0$0
target name (tn) , usg2110.bin
Attached '+$;*$ inter#ace to wancom0!
1unet @as>, 0J#####800
Attaching networ> inter#ace lo0!!! done!
/oading!!!
Aone
?0?3<<C -tes downloaded!
#lash,;usg2330!in alread- eJist!
delete itD(9;&),-
Aeleting #ile!!!done!
Writing #lash!!!!!!!!!!!!!!!!!!!done!
If 'ou start the 0S7+**8 for the first time, enter : to set the ;lash memor' description area.
If 'ou use the ;lash memor' for the first time, the ;lash memor' file s'stem will format itself before
an' files in the ;lash can be read or written. !he following information is displa'ed:
;ormatting ;lash, please waiting se.eral minutes...done
$lso, during s'stem power9on, 'ou can upload onl' the host software rather than the configuration file
or license file. $fter the s'stem runs properl', 'ou can upload the configuration file and license file
through ;!( or !;!(.
Step 4 6n the "thernet submenu, enter 5 to return to the -oot#61 main menu.
%nter -our choice(0-8), 0
LLLLLLLLLLLLLLLLLLLLL0@A*&-B))'()@ @%&"4LLLLLLLLLLLLLLLLLLLLL
M 034 Boot With Ae#ault @ode M
M 024 Boot 6rom 6lash M
M 084 %nter 1erial 1u@enu M
M 074 %nter %thernet 1u@enu M
M 0<4 +hange 6lash Boot 6ile M
M 0C4 @odi#- Bootrom $assword M
M 0?4 (ecover +onsole $assword M
M 004 (eoot M
Step 5 6n the -oot#61 main menu, enter / to start the file.
%nter -our choice(0-?), 2
Booting 6rom 6lash!!!
Issue 8+ (+8*898:9+:&
Co., %td.
(age += of ,C
'he Boot 6ile is 0 #lash,; usg2330!in 4
Aecompressing !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!AoneK1tarting
at 0J80700000!!!
4444End
,$3 %pgrade )perations During Device Running
Step 1 Configure the 0S7+**8 to ensure the connecti.it' between the 0S7+**8 and the (C in
;igure*.*.
Step 2 %og in to the ;!( ser.er through the ;!( client. In user mode, 'ou can log in to the ;!(
ser.er b' entering 6t& NI( address of the ;!( ser.er>.!he following information is displa'ed:
0"1223304 ftp #.#.#.1
'r-ing 8!8!8!3 !!!
+onnected to 8!8!8!3!
"ser(8!8!8!3,(none)), usg2110
$assword,
E#tpF
Step 3 6btain the reJuired usg/..5'bin file. Dou can obtain this file b' entering get usg/..5'bin on
the ;!( client.
E#tpF get usg2110.bin
200 $)(' command o>a-
3<0 RA,G usg2330!in R #ile read- to send (9C0C880 -tes) in A1+** mode
22C 'rans#er #inished success#ull-!
6'$, ?0?3<<C -te(s) received in <3!887 second(s) 370!08I-te(s);sec!
E#tpF
Step * (6ptional& !o upload the license file and configuration file, 'ou can enter get +r&c6g'7i&
respecti.el' on the ;!( client.
E#tpF get vrpcfg.zip
3<0 RA,G vrpc#g!.ip R #ile read- to send (88C -tes) in A1+** mode
6'$, 88C -te(s) received in 30!887 second(s) 370!08I-te(s);sec!
E#tpF
Step , In the user .iew, enter the startu& system4so6t!are usg/..5'bin command line to set the
host software for next startup.
0"1223304 startup system%soft&are usg2110.bin
9ou will change the startup so#twareK +ontinueDE9;&F, y
1tartup #rom the s-stem-so#tware #lash,; usg2330!inDE9;&F, y
3C,87,2C 02-33-2009
Issue 8+ (+8*898:9+:&
Co., %td.
(age +C of ,C
0"1223304
Step 3 (6ptional& !o set the configuration file for next startup, 'ou can enter the startu& sa+ed4
con6iguration +r&c6g'7i& command line in the user .iew.
0"1223304 startup saved%configuration vrpcfg.zip
1tartup #rom the saved-con#iguration #lash,;vrpc#g!.ipDE9;&F, y
0C,<2,70 02-38-2009
0"1223304
Step 4 $fter the 0S7+**8 is restarted, the usg/..5'bin file runs automaticall' to perform the
installation. !he configuration file is loaded.
4444End
When downloading the software package, if the s'stem prompts insufficient ;lash memor', delete
unnecessar' files from the ;lash and download the software package.
,$* Activate license .le
Step 1 %og in to the ;!( ser.er through the ;!( client. In user mode, 'ou can log in to the ;!(
ser.er b' entering 6t& NI( address of the ;!( ser.er>.!he following information is displa'ed:
0"1223304 ftp 10.2.1.2
'r-ing 30!2!3!2 !!!
+onnected to 30!2!3!2!
"ser(30!2!3!2,(none)),usg2110
$assword,
Step 2 6btain the reJuired on*8+8F=>.dat file. Dou can obtain this file b' entering get
on.5/5:;<'dat on the ;!( client.
E#tpF get on1020'().dat
3<,00,33 2009;08;3?
3<0 R%,GinG on3020<8C!datR #ile read- to send (2877 -tes) in A1+** mode
6'$, 2877 -te(s) received in 7!93C second(s) <?8!<3-te(s);sec!
Step 3 $fter the 0S7+**8 is restartedIf 'ou use the license file for the first time, run the following
command to acti.ate the license file in the s'stem .iew (if the license file is acti.ated and not
changed during the restart of the 0S7+**8, it does not need to be acti.ated&:
E"122330F license file on1020'().dat
37,79,3C 2009;08;3?
Active license success#ull-!
Step * If 'ou want to replace license file, make sure the original is inacti.ated then acti.ate the new
license file.
E"122330F undo license file
Issue 8+ (+8*898:9+:&
Co., %td.
(age ,8 of ,C
37,<3,7< 2009;08;3?
E"122330F
2009-08-3? 37,<3,7< %udemon 55036W/+&1;<;6W/+&1/)2(l),
Aeactivate the license #ile
E"122330F license file on1020'((.dat
37,<9,3C 2009;08;3?
Active license success#ull-!
Step , #un the dis&lay license command to .iew the license information.
E"122330F display license
3<,33,0< 2009;08;3?
Aevice %1& is, 23028<20<80000000000
'he #ile activated is, #lash,; on3020<88!dat
'he time when activated is, 2009;08;3? 3<,33,02
=6W, 2
=$&, 2
2'$, A%6A"/'
4444End
Issue 8+ (+8*898:9+:&
Co., %td.
(age ,* of ,C
6 Upgrade Verication
3$1 %pgrade -eri.cation
;igure*.* 0pgrade .erification
S' Item !riteria
* Checking whether the
.ersion of the host
software is correct
0se the command line. !he .ersion number
displa'ed should be :
5*88#88*C8,S(C*88
+ Checking whether the
configuration file is
successfull' uploaded
Check whether the de.ice configuration is consistent
with the configuration file.
( (rint $ppendix I*.*0pgrade #ecordI in ad.ance for recording.
3$2 %pgrade -eri.cation
)peration Procedure
Step 1 #un the dis&lay +ersion command in the command line .iew to check whether the output is
correct.
Step 2 #un the dis&lay current4con6iguration command in the command line .iew to check
whether the configuration is consistent with the uploaded configuration file.
4444End
Issue 8+ (+8*898:9+:&
Co., %td.
(age ,+ of ,C
Result -eri.cation
If the .ersion information in the command line output is the same as the .erification checklist
shown in >.*.* IStep *;igure*.*0pgrade .erification, it indicates that the software .ersion is
correct.
Issue 8+ (+8*898:9+:&
Co., %td.
(age ,, of ,C
! Version "o##$ac%
If the s'stem upgrade fails, 'ou need to roll back the .ersion. ;or details, see section
F.+I0pgrade /uring /e.ice (ower9onI and section F.,I0pgrade 6perations /uring /e.ice
#unningI to upload the host software, configuration file, and license file of the original
.ersion.
Issue 8+ (+8*898:9+:&
Co., %td.
(age ,B of ,C
*.* Upgrade "ecord
6ffice ame 0pgrade /ate
5ersion -efore
0pgrade
5ersion $fter
0pgrade
0pgrade (ersonnel Customer (ersonnel:
)uawei S'mantec (ersonnel:
Whether the upgrade
is successful
!hec+ Items for %pgrade !onclusion E6ception "andling
Check before
upgrade
Check of upgrade
procedures
5erification check
after upgrade
Issue 8+ (+8*898:9+:&
Co., %td.
(age ,F of ,C
*.+ &cron(ms and &$$re)iations
A
AAA $uthentication, $uthoriGation and
$ccounting
It pro.ides a framework for configuring the securit'
functions of authentication, authoriGation, and
accounting. It is a kind of management on network
securit'.
AC) $ccess Control %ist $ seJuential instruction list consisting of a series of
permit O den' statements. In the scenario where a
firewall is deplo'ed on a network, an $C% is applied
to the interface of a router, and the router determines
which packets can be recei.ed and which should be
denied according to the $C%. In HoS, $C%s are also
used for traffic classification.
AP $ddress #esolution (rotocol $ protocol used to resol.e an I( address into an
"thernet 1$C address. #;C =+> defines the protocol.
A$= $uxiliar' port $uxiliar' (port&. $ kind of line de.ice. $n $0L port
pro.ides an "I$?!I$9+,+ /!" interface that is
usuall' used to perform a dial9up access through a
1odem.
D
D%S /omain ame S'stem $ s'stem used to map a human9friendl' domain name
to an I( address.
DoS /enial of Ser.ice /enial of Ser.ice
>
>TP ;ile !ransfer (rotocol $n application la'er protocol used to transmit files
between remote hosts. ;!( is implemented on the
basis of the corresponding file s'stem.
>)AS" ;%$S) memor' ;%$S) memor'
I
Issue 8+ (+8*898:9+:&
Co., %td.
(age ,> of ,C
ICMP Internet Control 1essage (rotocol $ %a'er + protocol that reports errors and pro.ides
other information rele.ant to I( packet processing.
I3E Internet Pe' "xchange $ protocol used to exchange ke's between 6akle'
and SP"1" through IS$P1(.
IP Internet (rotocol $ protocol that pro.ides connectionless best effort
deli.er' of datagram across heterogeneous ph'sical
networks. I( is a network la'er protocol in the !C(?I(
protocol stack.
IPSec I( Securit' $ series of protocols defined b' the Internet
"ngineering !ask ;orce (I"!;&. !his protocol famil'
includes a set of s'stem structures concerning data
securit' on the I( network, including such protocols
as $), "S(, and IP".
)
)/TP %a'er !wo !unneling (rotocol $ well9accepted protocol drafted b' the I"!; and
finaliGed also b' 1icrosoft and other companies. !his
protocol combines the ad.antages of ((!( and %+;.
)A% %ocal $rea etwork %ocal $rea etwork. $ network consisting of
personal computers and workstations residing in the
same building or within se.eral kilometers in
circumference. %$ features high speed and low
error rate. "thernet, ;//I, and !oken #ing are three
main realiGation technologies of %$s.
M
MAC 1edia $ccess Control !he lower of the two sub9la'ers of the /ata %ink
%a'er. !he 1$C la'er is closer to the ph'sical la'er.
MA% 1etropolis $rea etwork $ network of %$s or computers within a wide
geographical area such as a uni.ersit' campus. $
1$ usuall' adopts the same technolog' as a %$.
$ 1$ can co.er doGens of kilometers wide or a
metropolitan (cit'9wide& area.
MP$ 1ain (rocessing 0nit 1ain (rocessing 0nit
%
%AT etwork $ddress !ranslation $ mechanism for reducing the need for globall'
uniJue I( addresses. $! allows an organiGation with
pri.ate I( addresses to connect to the Internet b'
translating those addresses into a globall' uniJue and
routable I( address.
%APT etwork $ddress and (ort
!ranslation
etwork $ddress and (ort !ranslation
Issue 8+ (+8*898:9+:&
Co., %td.
(age ,: of ,C
%MS etwork 1anagement Station etwork management workstation. $ workstation that
communicates with the $gent to take statistics on
network traffic.
2
2SP> 6pen Shortest (ath ;irst 6pen Shortest (ath ;irst
P
PI%# packet internet groper $ utilit' program which tests access to a de.ice b'
sending a series of messages and measuring the
replies, such as an IC1( "cho message and its
acknowledgment.
PPP (oint to (oint (rotocol $ dedicated transmission link between two de.ices.
PPPoE ((( o.er "thernet ((( o.er "thernet
ADI$S #emote $uthentication /ial In 0ser

Ser.ice
$ distributed ser.er?client s'stem de.eloped b'
%i.inggston "nterprise. #$/I0S can pro.ide the
$$$ function. $s an authentication and accounting
protocol, #$/I0S can realiGe access authentication,
authoriGation, and accounting functions for a great
number of users through serial port and 1odem.
IP #outing Information (rotocol #outing Information (rotocol. $ routing protocol that
calculates routes with the /95 algorithm and selects
routes according to the hop number. #I( is widel'
used in small9siGed networks.
P$ #outing (rocess 0nit (ath (rocess 0nit
S
S%MP Simple etwork 1anagement
(rotocol
$ network management protocol used in !C(?I(
networks. S1( is a widel' accepted and used
industrial standard, which aims to ensure the
transmission of management information between
two points. !he administrator can search for and
change information, perform troubleshooting and
fault diagnosis, plan the capacit', and generate reports
on an' node.
S$ Switch #outer 0nit Switch #outer 0nit
SS" Secure Shell $ set of network standards and protocols that pro.ide
secure !elnet access.
Issue 8+ (+8*898:9+:&
Co., %td.
(age ,= of ,C
T
TCP !ransmission Control (rotocol $ transport la'er protocol that pro.ides a connection9
oriented, full9duplex, and point9to9point ser.ice
between hosts.
$
$DP 0ser /atagram (rotocol (art of the !C(?I( protocol suite. 0/( is a standard,
connectionless, host9to9host protocol that is used o.er
packet9switched computer communication networks.
0/( does not pro.ide the reliabilit' and ordering
guarantees that !C( does.
V
VP% 5irtual (ri.ate etwork 5irtual (ri.ate etwork. $ new technolog' that helps
implement a pri.ate network link, which is carried on
a public network. 5irtual indicates that the network
logicall' exists.
VP 5ersatile #outing (latform $ .ersatile operating s'stem platform de.eloped b'
)uawei S'mantec and acts as the general operating
s'stem platform of )uawei data communication
products.
VT 5irtual !emplate $ logic interface in 5#(.
Issue 8+ (+8*898:9+:&
Co., %td.
(age ,C of ,C

Secospace USG2110 V100R001C03SPC200 Upgrade Guide (English Document)

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Secospace USG2110 V100R001C03SPC200 Upgrade Guide (English Document)

Hochgeladen von

Copyright:

Verfügbare Formate

Template Revision Description

!he default password of -oot#61 for the 0S7+**8 is seco!ay.

0S7+**8 588#88C8,S(C+88 #elease otes ("nglish /ocument&.doc

0S7+**8 588#88C8,S(C+88 0ser 7uide ("nglish /ocument&.doc

user: indicates the ;!( user name.

6t& &ass!ord: indicates the password of the ;!( user.

ADI$S #emote $uthentication /ial In 0ser

Das könnte Ihnen auch gefallen