FirePass® Getting Started Guide

version 6.0.1

MAN-0181-02
Product Version
This manual applies to product version 6.0.1.

Publication Date
This manual was published on March 2, 2007.

Legal Notices
Copyright
Copyright 1999-2007, F5 Networks, Inc. All rights reserved.
F5 Networks, Inc. (F5) believes the information it furnishes to be accurate and reliable. However, F5
assumes no responsibility for the use of this information, nor any infringement of patents or other rights of
third parties which may result from its use. No license is granted by implication or otherwise under any
patent, copyright, or other intellectual property right of F5 except as specifically described by applicable
user licenses. F5 reserves the right to change specifications at any time without notice.

Trademarks
F5, F5 Networks, the F5 logo, BIG-IP, 3-DNS, iControl, Internet Control Architecture, IP Application
Switch, iRules, OneConnect, Packet Velocity, SYN Check, Control Your World, ZoneRunner, uRoam,
FirePass, TrafficShield, Swan, WANJet, WebAccelerator, and TMOS are registered trademarks or
trademarks, and Ask F5 is a service mark, of F5 Networks, Inc. in the U.S. and certain other countries. All
other trademarks mentioned in this document are the property of their respective owners. F5 Networks'
trademarks may not be used in connection with any product or service except as permitted in writing by
F5.

Export Regulation Notice

This product may include cryptographic software. Under the Export Administration Act, the United States
government may consider it a criminal offense to export this product from the United States.

RF Interference Warning
This is a Class A product. In a domestic environment this product may cause radio interference, in which
case the user may be required to take adequate measures.

FCC Compliance
This equipment has been tested and found to comply with the limits for a Class A digital device pursuant
to Part 15 of FCC rules. These limits are designed to provide reasonable protection against harmful
interference when the equipment is operated in a commercial environment. This unit generates, uses, and
can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual,
may cause harmful interference to radio communications. Operation of this equipment in a residential area
is likely to cause harmful interference, in which case the user, at his own expense, will be required to take
whatever measures may be required to correct the interference.
Any modifications to this device, unless expressly approved by the manufacturer, can void the user's
authority to operate this equipment under part 15 of the FCC rules.

FirePass® Controller Administrator Guide i

 Canadian Regulatory Compliance
This Class A digital apparatus complies with Canadian ICES-003.

Standards Compliance

This product conforms to the IEC, European Union, ANSI/UL and Canadian CSA standards applicable to
Information Technology products at the time of manufacture.Acknowledgments
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit.
(http://www.openssl.org/).
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)
This product contains software licensed and copyrighted by OPSWAT, Inc. For more information see
OPSWAT on the World Wide Web (http://www.opswat.com).

Acknowledgments
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit.
(http://www.openssl.org/).
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com)
This product contains software licensed and copyrighted by OPSWAT, Inc. For more information see
OPSWAT on the World Wide Web (http://www.opswat.com).

ii
Table of Contents
 Table of Contents

1
Getting Started with the FirePass Controller
Introducing the FirePass controller ............................................................................................1-1
Understanding FirePass controller features ....................................................................1-1
Understanding FirePass controller models ......................................................................1-1
Getting started ................................................................................................................................1-2
Using the Getting Started Guide ........................................................................................1-2
Understanding the intended audience ..............................................................................1-3
Understanding stylistic conventions used in this guide .................................................1-3
Finding help and technical support resources .................................................................1-4
Using the F5 Solution Center .............................................................................................1-5

2
Setting Up the FirePass Controller
Before you begin .............................................................................................................................2-1
Installation prerequisites ...............................................................................................................2-1
Configuring IP addresses ......................................................................................................2-1
Configuring your Internet router or firewall ..................................................................2-2
Configuring DNS support ....................................................................................................2-2
Understanding name resolution issues with private IP addresses .......................................2-3
Giving internal users access to the FirePass controller ................................................2-3
Placing the FirePass controller in a typical network configuration ............................2-4
Unpacking the FirePass controller ..............................................................................................2-4
Collecting configuration settings .................................................................................................2-6
Performing initial setup ..................................................................................................................2-7
Setting the IP address for the computer to connect to the FirePass controller ....2-7
Choosing a cable and connection option .........................................................................2-8
Determining the connection port ......................................................................................2-9
Turning on the FirePass controller ................................................................................. 2-10
Completing the Quick Setup process ..................................................................................... 2-12
Logging on to the FirePass controller Administrative Console ............................... 2-12
Starting the Quick Setup process ................................................................................... 2-13
Preparing the FirePass controller for a production environment ........................... 2-14

3
Working with the FirePass Controller
Configuring the FirePass controller ............................................................................................3-1
Updating during configuration tasks ..................................................................................3-1
Configuring user access to favorites .................................................................................3-1
Verifying your configuration settings ..........................................................................................3-2
Updating FirePass controller software .......................................................................................3-4
Locking out new user sessions ...........................................................................................3-4
Updating the FirePass controller online ...........................................................................3-4
Updating the FirePass controller offline ...........................................................................3-5
Performing other configuration tasks .........................................................................................3-6
Shutting down the controller ..............................................................................................3-6
Restarting the controller ......................................................................................................3-7
Restoring factory default settings .......................................................................................3-7
Using the snapshot utility .................................................................................................. 3-10
Backing up and restoring configuration settings .......................................................... 3-12

Glossary
Index

FirePass® Controller Getting Started Guide v

Table of Contents

vi
1
Getting Started with the FirePass Controller

• Introducing the FirePass controller

• Getting started
 Getting Started with the FirePass Controller

Introducing the FirePass controller

F5 Networks’ FirePass® controller is a network appliance that provides
remote users with secure access to corporate networks, using most standard
web browsers. The FirePass controller can be set up quickly, and installation
requires no modification to existing corporate applications. No
configuration or setup is required at the user’s remote location. If the user’s
web browser can connect to web sites on the Internet, then that browser can
connect to the FirePass controller.
The FirePass controller provides a web-based alternative to traditional
remote-access technologies such as modem pools, RAS servers, and IPsec
Virtual Private Networks (VPNs). By leveraging the browser as a client, the
FirePass controller enables your corporation or organization to extend
secure remote access easily and cost-effectively to anyone connected to the
Internet, with no special software or configuration on the remote device.
You do not need to make any additions or changes to the back-end resources
being accessed.

Understanding FirePass controller features

The FirePass controller provides full access to network and desktop
resources, including:
• File servers
• Email
• Web-based applications
• Terminal services
• Legacy mainframe, AS/400, and Telnet applications
• Proprietary corporate applications
• Client/server applications

Understanding FirePass controller models

The FirePass controller is available in the following models:
◆ FirePass 1000 controller
The FirePass 1000 is a 1U rack-mounted controller designed for small to
medium organizations, supporting up to 100 concurrent users.
◆ FirePass 1200 controller
The FirePass 1200 is a 1U rack-mounted controller designed for small to
medium organizations, supporting up to 100 concurrent users.
◆ FirePass 4100 and 4300 controllers
The FirePass 4100 and 4300 are 2U rack-mounted controllers designed
for large organizations, supporting up to 2000 concurrent users, with
clustering expanding support to 20,000.

FirePass® Controller Getting Started Guide 1-1

Chapter 1

The FirePass 1000, FirePass 1200, and FirePass 4100 and 4300 controllers
support failover configuration for high availability. The FirePass 4100 and
4300 controllers also support clustering, which provides increased numbers
of connections and load sharing.

Note

Failover support is limited to identical models only. For example, you

cannot enable failover support between 4100 and 4300 models.

For more information on the FirePass controller, see the FirePass®

Controller Administrator Guide and the online help for the product.

Getting started
This section describes this FirePass controller documentation. It outlines the
contents of the Getting Started Guide, and explains how we refer to
examples, introduce new terms, use cross references, and detail the
conventions we use in command syntax. It also explains where to find the
release notes, and how to get online help, additional documentation, and
technical support.

Using the Getting Started Guide

The FirePass® Controller Getting Started Guide describes how to initially
set up, configure, and license the FirePass controller. Before you set up the
FirePass controller for the first time, we recommend that you read this guide
in its entirety to become familiar with its features.

Important
We also recommend that you gather your network configuration settings in
the areas provided on the worksheet that was shipped with the FirePass
controller. You can then use this information to assist you as you go through
the initial Quick Setup configuration process. The worksheet is available as
an Adobe Acrobat file (.pdf) on the F5 Networks Technical Support web
site, http://tech.F5.com.

Once you complete this initial configuration, you can use information in the
FirePass® Controller Administrator Guide to help you continue the
configuration process. The Administrator Guide is available as an Adobe
Acrobat file (.pdf) on the F5 Networks Technical Support web site,
http://tech.F5.com.
This guide contains the following chapters:
◆ Getting Started with the FirePass Controller
This chapter briefly covers the FirePass controller features and contains
information on where to find additional technical information.

1-2
 Getting Started with the FirePass Controller

◆ Setting Up the FirePass Controller

This chapter describes the tasks you need to complete to set up the
FirePass controller, including unpacking the device, performing initial
configuration, and using the Quick Setup wizard.
◆ Working with the FirePass Controller
This chapter guides you through the post-setup configuration tasks, and
describes how to verify your configuration and perform basic
maintenance tasks, such as logging on and updating software.

Understanding the intended audience

This guide is intended for use by system and network administrators who
install and configure IT equipment and software. This guide assumes that
administrators have experience installing software and working with
network configurations. You should be able to set up and manage a firewall
and manage a Linux or Windows-based server.

Understanding stylistic conventions used in this guide

To help you easily identify and understand certain types of information, this
documentation uses the following stylistic conventions.

Using the examples

All examples in this document use only private class IP addresses. When
you configure the settings we describe, you must use valid IP addresses
suitable to your own network in place of our sample addresses.

Identifying new terms

When we first define a new term, the term is shown in bold italic text. For
example, HTTPS is HyperText Transport Protocol (Secure), or secure
HTTP.

Identifying references to objects, names, and commands

We apply bold text to a variety of items to help you easily pick them out of a
block of text. These items include web addresses, IP addresses, utility
names, most controls in the Administrative Console, and portions of
commands such as variables and keywords. For example, click the Browse
button and navigate to the file that you want to restore.

Identifying references to other documents

We use italic text to denote a reference to a document title. In references
where we provide the name of a book as well as to a specific chapter in a
book, we show the book name in bold, italic and the chapter or section name

FirePass® Controller Getting Started Guide 1-3

Chapter 1

in italic text to help quickly differentiate the two. For example, you can find
information about additional configuration tasks in the chapter Managing
and Monitoring the FirePass Controller in the FirePass Controller
Administrator Guide.

Identifying command syntax

We show actual, complete commands in bold Courier text. For example, to
log on to the Maintenance Console, type the user name:
maintenance
Note that we do not include the corresponding screen prompt, unless the
command is shown in a figure that depicts an entire command line screen.
Table 1.1 explains additional special conventions used in command line
syntax.

Item in text Description

\
Continue to the next line without typing a line break.

< >
You enter text for the enclosed item. For example, if the command
has <your name>, type your name.

|
Separates parts of a command.

[ ]
Syntax inside the brackets is optional.

...
Indicates that you can type a series of items.

Table 1.1 Command line conventions used in this manual

Finding help and technical support resources

You can find additional technical documentation and product information
using the following resources:
◆ FirePass Controller Administrator Guide
You can find extensive information on configuring the FirePass
controller in the FirePass Controller Administrator Guide, available on
the F5 Networks Technical Support web site, http://tech.f5.com.
◆ Online help for the FirePass controller
You can find help online for all screens on the Administrative Console
for the FirePass controller. Click the Help button at the upper right of the
screen.
The help page for the FirePass controller Welcome screen also includes
information about FirePass controller documentation, and links to many
useful web sites and resources, including:
• FirePass controller solutions
• FirePass controller deployment guides

1-4
 Getting Started with the FirePass Controller

• The F5 Networks Technical Support web site

• The F5 DevCentral web site
◆ F5 Networks Technical Support web site
The F5 Networks Technical Support web site, http://tech.f5.com,
provides the latest documentation for the product, including:
• Release notes for the FirePass controller, current and past
• Current releases and updates for guides (in PDF and HTML form)
• Technical notes
• Answers to frequently asked questions
• The Ask F5SM natural language question and answer engine.
To access this site, you need to register at http://tech.f5.com.
Through our Ask F5 web site at www.askf5.com, you can view
examples of FirePass controller solutions. We recommend that you
browse this site.

Using the F5 Solution Center

The F5 Solution Center contains proven interoperability and integration
solutions that empower organizations to deliver predictable and secure
applications in an unpredictable network environment. The F5 Solution
Center offers detailed documentation that demonstrates how to increase the
return on investment (ROI) of your application and network infrastructures
through superior reliability, security, and performance. You can access this
site at http://www.f5.com/solutions.

FirePass® Controller Getting Started Guide 1-5

Chapter 1

1-6
2
Setting Up the FirePass Controller

• Before you begin

• Installation prerequisites

• Understanding name resolution issues with private

IP addresses

• Unpacking the FirePass controller

• Collecting configuration settings

• Performing initial setup

• Completing the Quick Setup process

 Setting Up the FirePass Controller

Before you begin

Before you begin the installation process, we recommend that you read the
information supplied in this guide. We also recommend that you use the
worksheet provided with the FirePass controller to record the values that
you need for the Quick Setup process covered in Completing the Quick
Setup process, on page 2-12.

Installation prerequisites
In order to serve your remote access clients, before setting up the FirePass
controller you need the following:
• A publicly routable (external) IP address for the FirePass controller
• A router or firewall that passes Internet traffic to the FirePass controller
• A publicly accessible Domain Name Service (DNS) server

Configuring IP addresses
To configure the FirePass controller, you need a publicly routable (external)
IP address for the FirePass controller. The IP address can be either of these:
• An unused address to be used in a network address translation (NAT)
configuration.
You then assign an unused private IP address to the FirePass controller
during the Quick Setup process covered in Chapter 3, Working with the
FirePass Controller.
• The address of your Internet router or firewall to be used in a port
forwarding configuration.

Important
You cannot dynamically assign an IP address to the FirePass controller,
using Dynamic Host Configuration Protocol (DHCP) or other methods, in
any configuration.

FirePass® Controller Getting Started Guide 2-1

Chapter 2

Configuring your Internet router or firewall

To configure access to the FirePass controller, you need to be able to
configure your Internet router or firewall to send traffic to the FirePass
controller using either NAT, or port forwarding.
If you plan to use NAT, configure your Internet router or firewall to map the
public IP address to the private IP address assigned to the FirePass
controller. For information on configuring NAT, see your router or firewall
documentation.

Important
You must configure packet filters or firewall rules to permit connections to
the FirePass controller on TCP port 443. Optionally, you can also permit
TCP port 80 for connections that occur when a user accesses the FirePass
controller with a URL beginning with http:// rather than https://.
The FirePass controller automatically redirects the client from port 80 to
port 443.

If you plan to use port forwarding, configure the Internet router or firewall
to forward TCP port 443 to port 443 of the private IP address assigned to the
FirePass controller. Optionally, also forward TCP port 80, for connections
that occur when a user accesses the FirePass controller with a URL that
starts with http:// rather than https://. The FirePass controller then
automatically redirects the client from port 80 to port 443. Refer to your
router or firewall documentation for information on configuring port
forwarding.

Configuring DNS support

To allow access from the Internet to the FirePass controller using a fully
qualified domain name (FQDN), such as myfirepass.siterequest.com, you
must configure a publicly resolvable host name on your DNS server for the
public IP address used by the FirePass controller. To do this, you must have
a registered Internet domain name, such as siterequest.com, and you must
be able to add a host name, such as myfirepass, to the public DNS server
that is authoritative for the zone that contains your registered Internet
domain name. You can administer the DNS server, or your ISP can
administer the DNS server on your behalf.
Optionally, you might want to configure DNS name resolution for your
private (internal) network. This would permit administrators on the internal
network to connect to the FirePass controller using a FQDN. To do this, add
the appropriate entry into the DNS server that is authoritative for the zone
that contains your private domain namespace. For more information, refer to
Understanding name resolution issues with private IP addresses, following.

2-2
 Setting Up the FirePass Controller

Understanding name resolution issues with private IP

addresses
If the FirePass controller is installed on a private (internal) network, where
the router or firewall performs NAT or port forwarding, then the FirePass
controller might have two different DNS mappings: one public name that
resolves to the public (external) IP address, and a second, private name
mapped to a private (internal) IP address. The private name might be the
same as the public name, or it could be different.

Giving internal users access to the FirePass controller

To enable internal users (those on the local network) to connect to the
FirePass controller using its private name, make one of the following
configuration changes:
• If you have both an internal and external DNS server, or a DNS server
that maintains separate zones for public and private namespaces, add an
A record to the zone that resolves to the FirePass controller’s private IP
address (such as 10.0.0.8). An A record is an address record, the basic
DNS record type, and is used to associate a domain name with an IP
address.
• Alternatively, if your router or firewall supports configuration of aliases
on your DNS server, set up the router or firewall to redirect internal
FirePass controller traffic (traffic originating on the local network) to the
FirePass controller’s private IP address.

You configure DNS aliases in the following situations:

• If the router or firewall alters responses from your DNS server to DNS
lookups from internal clients.
• If the router or firewall alters the destination address of packets from the
public address of the FirePass controller to the private address.

For information on configuring aliases on DNS servers, see your router or

firewall documentation.

FirePass® Controller Getting Started Guide 2-3

Chapter 2

Placing the FirePass controller in a typical network configuration

Figure 2.1 shows the placement of the FirePass controller in a typical
network configuration.

Figure 2.1 The FirePass controller in your network

Note

When you place the FirePass controller on your internal network, it goes
behind the Internet firewall.

Unpacking the FirePass controller

The first thing you need to do is to unpack the FirePass controller from its
shipping container. The following items are shipped in the container:
• The FirePass controller
• Cables
• This Getting Started Guide
• The licensing agreement
• A worksheet that you can use to record your network settings to expedite
installation of the FirePass controller
• The Declaration of Conformity

2-4
 Setting Up the FirePass Controller

WARNING
The FirePass 4100 and 4300 controllers are shipped with serial cables
labeled FAILOVER, and are reserved for future use. Do not use these
cables.

Note

The power cables included with the FirePass controller are for exclusive
use with the FirePass controller. Do not use these power cables with other
electrical appliances, and do not interchange power supplies between
controllers.

FirePass® Controller Getting Started Guide 2-5

Chapter 2

Collecting configuration settings

Before you configure the FirePass controller, gather information about the
configuration settings used in your network. You can record the settings you
need in the worksheet that was shipped with the FirePass controller, and
which is available online at the F5 Networks Technical Support web site,
http://tech.f5.com.
Once you gather the specified settings, you can start the Quick Setup
process, which prompts you to enter the values for these configuration
settings.
◆ Fully Qualified Domain Name
Update your primary Domain Name Server (DNS) to include the name
and IP address of the FirePass controller.
◆ Network Configuration
Specify the initial network configuration for the FirePass controller.
◆ Network Access Service Configuration
Specify the Network Access connection name that remote users see when
they log on to the FirePass controller.
• To configure basic SSL-based VPN Network Access settings, enter a
connection name. If you will only be using a service other than
Network Access (such as Portal Access or Application Access), or
you would like to configure this service later, then simply leave all
Network Access settings empty during the Quick Setup process.
• To configure name resolution in your SSL-based Network Access
settings, enter your DNS and WINS server IP addresses. The FirePass
controller passes the DNS and WINS server IP addresses to the end
user as part of the Network Access connection, and should match the
ones used within your network.
◆ Administrator
Enter a new password during Quick Setup. By default, the administrator
name and password are both set to admin.
◆ Mail Server Configuration
Enter the name of the mail sever that you want the FirePass controller
alerts to be sent from.
◆ Date and Time Configuration
Enter the name of the NTP (network time protocol) server that provides
the time and date service. You can leave this as the default NTP server
that is specified.

2-6
 Setting Up the FirePass Controller

Performing initial setup

This section describes the tasks you follow to perform the initial setup of the
FirePass controller, in your network environment. The following list
contains the tasks.
• Setting the IP address for the computer to connect to the FirePass
controller, following.
• Choosing a cable and connection option, on page 2-8
• Determining the connection port, on page 2-9
• Turning on the FirePass controller, on page 2-10

Setting the IP address for the computer to connect to the FirePass

controller
The FirePass controller ships with a pre-configured static IP address. The
factory default IP address of the controller depends on the model you have.
• FirePass 1000
192.168.1.99
• FirePass 1200
192.168.1.99
• FirePass 4100 and 4300
192.168.0.99 (Management port)

Before you connect the computer to the controller, you must set the IP
address of the computer. To access the FirePass controller, the connected
computer must be in the same subnet as the FirePass controller, and it
cannot be configured with the factory default IP address that is set for the
FirePass controller. The IP address you specify for the computer depends on
the controller model you have.
• FirePass 1000
Use an IP address other than 192.168.1.99 in the
192.168.1.0/255.255.255.0 subnet.
• FirePass 1200
Use an IP address other than 192.168.1.99 in the
192.168.1.0/255.255.255.0 subnet.
• FirePass 4100 and 4300
Use an IP address other than 192.168.0.99 in the
192.168.0.0/255.255.255.0 subnet.

FirePass® Controller Getting Started Guide 2-7

Chapter 2

Choosing a cable and connection option

Before you can configure the FirePass controller, you must first connect the
controller to the network.
You connect a computer containing an installed web browser to the FirePass
controller using either of these methods:
• A crossover Ethernet cable, which connects directly from the computer
to the FirePass controller
• A standard Ethernet cable (also called a patch cable or a straight-through
cable), which connects to an isolated hub or switch, which connects to
the FirePass controller.

In either connection option, you use the ports listed in Determining the
connection port, following.
Figure 2.2 illustrates a connection configuration that uses a crossover
Ethernet cable. In this case, you connect the computer directly to the
FirePass controller.

Figure 2.2 Connection using a crossover Ethernet cable

2-8
 Setting Up the FirePass Controller

Figure 2.3 illustrates a connection configuration that uses a standard

Ethernet cable. In this case, you connect the computer to a switch or hub,
and the you connect the switch or hub to the FirePass controller.

Figure 2.3 Connection using a standard Ethernet cable

Determining the connection port

You connect the crossover or standard Ethernet cable to the appropriate
FirePass controller port. For information on which cable to use, see
Choosing a cable and connection option, preceding.
The port you connect to varies, depending on the model you have.
• FirePass 1000
Use the WAN port.
The WAN port is used for primary user and administrative services. The
LAN and DMZ ports provide direct connections to a LAN, or to
additional services such as failover synchronization, or DMZ use.
• FirePass 1200
Use the Port 1 port.
The Port 1 port is used for primary user and administrative services. The
Port 2 port provides a direct connection to a LAN, or to additional
services such as failover synchronization, or DMZ use.
• FirePass 4100 and 4300
Use the Management port.
The Management port provides a direct connection to a management
workstation. The eth1.1 port is used for primary user and administrative

FirePass® Controller Getting Started Guide 2-9

Chapter 2

services. The eth1.2-1.4 ports provide direct connections to a LAN, or to

additional services such as dedicated clustering, failover synchronization,
or DMZ use.

Note

There are two additional ports available on the FirePass 4300 controller.
These fiber ports are labeled 2.1 and 2.2 on the controller chassis, and eth
1.21 and eth 1.22 in the configuration interface. These ports provide direct
connections to a LAN, or to additional services such as dedicated clustering,
failover synchronization, or DMZ use. You must install a small-form-factor
pluggable (SFP) into the ports to enable them.

Important
The ports on the FirePass controller are not switched ports. When
connecting more than one FirePass controller port, each port must be on
separate Layer 2 and Layer 3 networks.

Turning on the FirePass controller

The power up sequence varies depending on the model of FirePass
controller that you have.

To power up the FirePass controller

1. After connecting the FirePass controller to the network (see
Choosing a cable and connection option, on page 2-8), locate the
power switch. The power switch location varies by model:
• FirePass 1000
The power switch is located on the back of the controller.
• FirePass 1200
The power switch is located on the back of the controller.
• FirePass 4100 and 4300
The power switch is the center control button on the LCD panel
on the front of the controller (the cover opens outward).
2. Use the power switch to turn the controller on.
Loading the system can take several minutes; up to five minutes for
the FirePass 4100 and 4300.
a) After you turn on the power switch for either the FirePass 4100
or 4300, wait until the display on the LCD panel reads F5 Power
standby mode. Press Enter to command power on.
b) Press and hold the Enter control button (the green check mark in
the center of the LCD panel) until the lights on the LCD panel
come on.
Figure 2.4, following, shows the control buttons on the LCD
panel for the FirePass 4100 and 4300.

2 - 10
 Setting Up the FirePass Controller

3. Verify that the controller is ready. For more information, see

Verifying that the controller is ready, following.

Figure 2.4 FirePass 4100 and 4300 LCD panel control buttons

Verifying that the controller is ready

The ready signal depends on the model of controller that you have.
◆ The FirePass 1000 emits three successive tones, which increase in pitch,
to indicate that the system has been loaded, and displays FirePass 1000
on its LCD panel.
◆ The FirePass 1200 emits three successive tones, which increase in pitch,
to indicate that the system has been loaded, and blinks the blue LED for
two-second intervals. For more information about LED states, see
Understanding the LEDs on the FirePass 1200, following.
◆ The FirePass 4100 and 4300 display a cycle of three information panels.
These are, in order:
• The currently configured IP address of the Management interface and
the fully qualified domain name
• The date and time
• The software version
When you hear the final tone or see the final panel, you can continue the
setup tasks described in Completing the Quick Setup process, on page 2-12.

Tip
If you are running the FirePass 1200 in a noisy environment, you might not
hear the tones. Always check the FirePass 1200 LEDs to determine status.

FirePass® Controller Getting Started Guide 2 - 11

Chapter 2

Understanding the LEDs on the FirePass 1200

The FirePass 1200 front panel contains three LEDs, which monitor your
system. The left LED (green light) displays the power status and tells you
when the system is operational. The middle LED (red light) monitors
storage access. The right LED (blue light) displays status. Table 2.1,
following, describes the status LED (blue light).

Controller state LED status Notes

Powered off Off

Powering on, during BIOS POST Off

Booting the kernel and loading Blue LED blinks quickly While the FirePass controller boots its kernel and
the software loads its software, you cannot connect to it.

Operating in normal state Blue LED blinks for

two-second intervals

Shutting down or restarting Blue LED blinks quickly While the FirePass controller is shutting down or
restarting, you cannot connect to it.

Shutdown completed Off When the shutdown sequence completes, you can
safely turn off the power to the unit.

Table 2.1 States and LED appearance

Completing the Quick Setup process

This section describes the configurations tasks you perform as you go
through the initial configuration of the FirePass controller using the Quick
Setup process.

Note

Before you begin the Quick Setup process described in this section, record
the settings you need on the worksheet that was shipped with the FirePass
controller, and which is available online at the F5 Networks Technical
Support web site, http://tech.f5.com. This expedites the configuration
process. For more information, see Collecting configuration settings, on
page 2-6.

Logging on to the FirePass controller Administrative Console

To complete the configuration tasks, you must first log on to the
Administrative Console of the FirePass controller. At this stage, there are no
user logon accounts, so you must access the FirePass controller using the
administrator account.

2 - 12
 Setting Up the FirePass Controller

In addition, because you have not yet installed any server certificates, the
logon process presents a certificate warning. The FirePass controller ships
with a default certificate. The default certificate is intended to aid you
during the Quick Setup process, and is not intended for permanent use (that
is, for use in a production configuration). You can change the FirePass
controller certificate after you have initially configured the controller. For
more information, refer to the FirePass Controller Administrator Guide
and the online help.

To log on to the Administrative Console

1. On the connected computer, start a web browser.
The web browser home page opens.
2. In the web browser address bar, type the administrative URL and
press Enter.
The administrative URL differs, depending on the model you have.
• FirePass 1000
https://192.168.1.99/admin/
• FirePass 1200
https://192.168.1.99/admin/
• FirePass 4100 and 4300 (Management port)
https://192.168.0.99/admin/
Note: Be sure to include the ending slash (/) character when you
specify the administrative URL.
3. When the certificate warning message displays, accept it.
The FirePass controller logon screen opens.
4. In Username, type the default administrator name admin, and in
Password, type the default administrator password admin.
5. Click Go.
The startup screen for unlicensed FirePass controllers opens, and
you can start the Quick Setup process.

Starting the Quick Setup process

Once you are logged on to the Administrative Console of the FirePass
controller, you can start the Quick Setup process.

To access the Quick Setup screens

1. From the Welcome screen of the FirePass controller console, click
the Run FirePass Quick Setup link.
2. Enter the information that you recorded on your worksheet for each
screen by following the guidelines in Collecting configuration
settings, on page 2-6.

FirePass® Controller Getting Started Guide 2 - 13

Chapter 2

3. When you finish the Quick Setup process, the Quick Setup
Completed screen opens, and you have a choice of either restarting
the controller or shutting down the controller.
We recommend that you shut down the controller and move it to its
final destination in your network before proceeding. For information
about shutting down and restarting the FirePass controller, see
Shutting down the controller, on page 3-6.

WARNING
Do not use the power switch to shut down the FirePass controller without
following the proper shutdown procedures provided in Shutting down the
controller, on page 3-6. If you incorrectly power down the controller, it
could result in an unstable state, requiring that you return the controller to
its factory default settings.

Important
When you set up either the FirePass 4100 or 4300, configure the eth1.1
interface to connect the FirePass controller to the main network. Do not use
the Management interface, because the Management interface is intended
solely for administrative operations performed from a directly connected
management workstation. We also recommend that you retain the default
settings for the FirePass 4100 and 4300 Management interfaces.

The FirePass controller immediately applies most settings you make during
the Quick Setup process, including changes to the administrator logon name
and password. However, the network configuration does not change until
you finish the Quick Setup process and restart the FirePass controller.
Before restarting the FirePass controller and completing its configuration,
move the controller to its final destination in your network. For more
information, see Placing the FirePass controller in a typical network
configuration, on page 2-4.
You may also need to review the information in the following sections:
• Choosing a cable and connection option, on page 2-8
• Determining the connection port, on page 2-9
• Turning on the FirePass controller, on page 2-10

If you do not need to move the FirePass controller to another location, or

you did not shut down the FirePass controller after Quick Setup, restart the
FirePass controller and make sure it is ready before continuing. For more
information, see Verifying that the controller is ready, on page 2-11 and
Restarting the controller, on page 3-7.

Preparing the FirePass controller for a production environment

After you complete Quick Setup, and have restarted the FirePass controller,
you need to complete several tasks to make the FirePass controller ready for
your production environment.

2 - 14
 Setting Up the FirePass Controller

• Resetting the computer’s IP address

• Changing the computer’s hosts file, following
• Activating the FirePass controller license, on page 2-15

Note

For troubleshooting information, refer to the FirePass Controller

Administrator Guide, which is available online at http://tech.f5.com.

Resetting the computer’s IP address

Before continuing, you should reset the computer’s IP address to its original
setting. To return the computer’s IP address to its original setting, you can
use utilities provided with your computer’s operating system.

Changing the computer’s hosts file

If you do not have an internal DNS server or a firewall that supports the
creation of aliases on the DNS server, you must either use the IP address of
the FirePass controller to make a connection, or change the local hosts file
on each internal computer that will connect to the FirePass controller.
To create a host entry for the FirePass controller, on a Windows-based
computer, use a text editor to modify the computer’s hosts file.
The host entry should be in the following format:
192.168.1.9 firepass.siterequest.com

On Windows NT®, Windows® 2000, or Windows XP operating systems, the

hosts file is in the following location, where %SystemRoot% is the
operating system’s root directory:
%SystemRoot%\System32\drivers\etc\hosts
(For example, C:\WINNT or C:\WINDOWS.)
On Windows 9x and Windows Me systems, the hosts file is in the following
location, where %WinDir% represents the root directory.
%WinDir%\hosts

Activating the FirePass controller license

Before you can take the FirePass controller into production, you must
activate your license. The license activation feature provides an automated
method for activating your license. To use the automated process, the
FirePass controller must be able to contact the F5 licensing server on the
Internet.
If you cannot access the F5 licensing server from the FirePass controller,
refer to the FirePass Controller Administrator Guide and the online help
for information on activating your license manually.
To activate the license, you must be logged on to the Administrative
Console of the FirePass controller.

FirePass® Controller Getting Started Guide 2 - 15

Chapter 2

To log on to the Administrative Console

1. On the connected computer, start a web browser.
The web browser home page opens.
2. In the web browser address bar, type either the fully qualified
domain name or the IP address that you specified during the Quick
Setup (assigned to the WAN port for FirePass 1000, Port 1 for the
FirePass 1200, or the eth 1.1 port for the FirePass 4100 or 4300).
For example, using a browser, navigate to
https://firepass.siterequest.com/admin/.
The logon screen opens.
Note: Be sure to include the ending slash (/) character when you
specify the administrative URL.
3. In Username, type the logon name you supplied during the Quick
Setup process.
4. In Password, type the password you supplied during the Quick
Setup process.
5. Click Go.
The startup screen for unlicensed FirePass controllers opens.

To activate your license

1. On the Welcome screen, click the Activate License link.
The Activate License screen opens.
2. Select a licensing method.
• We recommend that you use the Automatic licensing method.
To use the Automatic licensing method, the FirePass controller
must be able to contact the F5 licensing server on the Internet.
• If your configuration or network policies prevent contacting the
F5 licensing server directly, select the Manual licensing method.
3. Click Request License, and follow the instructions presented on all
subsequent screens.
For more information, see the FirePass Controller Administrator
Guide and the online help for the Activate License screen.

Note

Depending on your hardware configuration, you might be prompted to

restart the FirePass controller after activating the license.

This completes the initial configurations tasks. You can now perform
additional configuration tasks such as configuring groups, setting up
security, adding access favorites, and enrolling users. For more information,
see Chapter 3, Working with the FirePass Controller.

2 - 16
3
Working with the FirePass Controller

• Configuring the FirePass controller

• Verifying your configuration settings

• Updating FirePass controller software

• Performing other configuration tasks

 Working with the FirePass Controller

Configuring the FirePass controller

After you have finished setting up the FirePass controller, and you have
completed the initial configuration, you need to configure other aspects of
the FirePass controller. You perform these additional configuration tasks
using the various screens in the Administrative Console.

To begin configuring network settings

1. Log on to the FirePass controller using the administrative account
you created during Quick Setup.
For more information, see Logging on to the FirePass controller
Administrative Console, on page 2-12.
2. In the navigation pane of the Administrative Console, click Device
Management, expand Configuration, and click Network
Configuration.
The Network Configuration screen opens with the IP Config tab
selected. This is the starting point for further configuration tasks.

For more information on additional configuration tasks that you can

perform, refer the FirePass Controller Administrator Guide and the online
help for the screen associated with each configuration task.

Updating during configuration tasks

As you set up new functions on the FirePass controller, or when you modify
existing configurations, you might see an Update button on the screen. Be
sure to click the Update button whenever you make a change on any screen
that has an Update button. Then you must use the Finalize screen to review
and commit any changes that you make to the configuration.
For more information about the finalization process, search for “finalize” in
the FirePass controller online help.

Configuring user access to favorites

By default, users are allowed to access only the favorites that you, as the
administrator, have defined. As the administrator, you can give users
permission to define their own favorites, or to open direct connections. You
do this in the Master Group Settings screen for each adapter. Although the
exact text for the check box varies by screen, you clear the check box that
indicates that access is limited to favorites only.
For example, in the Portal Access : Web Applications : Master Group
Settings screen, the check box is labeled Limit Web Applications Access
to Intranet Favorites only, with no direct addressing (for Extranets,
partner and customer access, etc.).

FirePass® Controller Getting Started Guide 3-1

Chapter 3

Verifying your configuration settings

After you have completed the Quick Setup process and have performed
additional configuration tasks on the FirePass controller, you can follow the
procedures in this section to verify your configuration settings. For more
information, refer to the FirePass Controller Administrator Guide and the
online help for each screen.

To test client access to the FirePass controller

1. On a computer that is located outside the company firewall, start a
web browser.
The web browser home page opens.
2. In the web browser address bar, type
https://<fully qualified domain name>/admin/
where <fully qualified domain name> is the name you specified in
your external DNS server.
The logon screen opens.
Note: Be sure to include the ending slash (/) character when you
specify the administrative URL.
3. In Username, type the administrative logon name you supplied
during the Quick Setup process.
4. In Password, type the administrative password you supplied during
the Quick Setup process.
5. Click Go.
The Welcome screen opens.

To create a new user for logging on

1. In the navigation pane of the Administrative Console, click Users
and click User Management.
The User Management screen opens.
2. In the Create user accounts by list, verify that individual entry is
selected, and click Go.
The new user screen opens.
3. Verify that Default is selected in the Master Group list.
If it is not, select Default, and click Change.
4. In Logon, type user1.
5. In First Name, type Joe.
6. In Last Name, type User.
7. Specify values for all other fields.
Make a note of the password. You will use it in the next procedure.
8. Click Add User.

3-2
 Working with the FirePass Controller

To verify user logon configuration

1. Log out of the Administrative Console and open a new browser
window.
The web browser home page opens.
2. In the web browser address bar, type
https://<fully qualified domain name>/
where <fully qualified domain name> is the name you specified in
your external DNS server.
The logon screen opens.
3. In Username, type user1.
4. In Password, type the password you specified in the previous
procedure, and then click Logon.
You should see Joe User’s home page.
On the left side of the screen are some icons for access modes
(webifyers) and on the right side is a single section called Network
Access, which contains a link labeled with the name you specified
during the Quick Setup process.

To test Network Access

This test applies only if you are using Network Access.
1. While you are still logged on as Joe User, use the browser to attempt
to access an internal company web site.
The attempt should fail.
2. In the right side of the Joe User’s home page, click the link for
Network Access
A popup window presents a security warning about the certificate.
3. Accept the security warning.
Another popup window presents a series of messages that track the
progress of the load operation, ending with the message
Network Access connection successfully established.
4. Attempt to access the internal website again.
It should work this time.
5. Click the x button in the popup window to disconnect.
6. Click logout to log out.

Note

After you have configured the FirePass controller, you should create a
snapshot and a backup of your configuration. For more information, refer to
Using the snapshot utility, on page 3-10 and Backing up and restoring
configuration settings, on page 3-12.

FirePass® Controller Getting Started Guide 3-3

Chapter 3

Updating FirePass controller software

You can use the online update feature to check for newer versions of the
FirePass software, and quickly upgrade to the latest release. You can update
the FirePass controller online, or you can update offline, by downloading an
upgrade file from F5 Networks.
This section describes how to upgrade to the most current software. Later
sections describe some standard tasks, such as shut down and restarts, and
explain how to back up configuration settings using the backup feature, how
to revert to an earlier software version using the snapshot and backup tools,
and how to restore the factory default settings.

Note

Before starting the upgrade process, refer to the release notes associated
with this release.

Locking out new user sessions

The system administrator can set up a feature called User Session Lockout,
which displays a message to users to alert them that maintenance is
occurring. For more information, refer to the FirePass Controller
Administrator Guide and the online help for the product.

Updating the FirePass controller online

The FirePass controller provides one-click software upgrades.
If a new version is available, the Online Update page indicates the version’s
availability. To get the new version, follow the instructions provided in the
Online Update page.

Important
Before upgrading the software, back up the FirePass controller
configuration. For more information, see Backing up and restoring
configuration settings, on page 3-12. In addition, use the Snapshot tool to
back up the entire controller configuration. For more information, refer to
Using the snapshot utility, on page 3-10.

To access the Online Update screen

1. In the navigation pane in the Administrative Console, click Device
Management, expand Maintenance, and click Online Update.
The Online Update screen opens.
2. Follow the instructions or select a file from the list of available
updates.

3-4
 Working with the FirePass Controller

The FirePass controller downloads the update package and restarts the
controller.

WARNING
Be sure to separately update all cluster and failover units. All units must be
running the same version for clustering and failover to work properly.

Updating the FirePass controller offline

To update the software offline, you either need to get the update image from
your local F5 representative, or your support contract might entitle you to
obtain local update images directly from the F5 web site.

To update the FirePass controller from a local file

1. In the navigation pane in the Administrative Console, click Device
Management, expand Maintenance, and click Local Update.
The Local Update screen opens.
2. Click the Browse button, select the file you want, and click Open.
3. Type in the password corresponding to the file. (Obtain this
password from F5 Networks customer support.)
4. Click Submit.
5. Wait for the update to complete.
Three status bars indicate download status, install status, and
rebooting status.
When the update completes, the system automatically reboots.
6. Log on again with administrative privileges.
7. In the navigation pane in the Administrative Console, click Device
Management, and click Current Settings.
The Current Settings screen opens.
8. Verify that the new version was installed by checking information
on the Current Settings screen, including the version and build
number, and all hotfixes that have been applied.

FirePass® Controller Getting Started Guide 3-5

Chapter 3

Performing other configuration tasks

This section describes how to perform common configuration tasks such as
shutting down and restarting the FirePass controller, resetting the FirePass
controller to the factory default settings, and using the snapshot tool to
create and restore a snapshot of the FirePass controller system.

Shutting down the controller

It is important that you know how to safely shut down the FirePass
controller. Incorrectly shutting down can cause the controller to become
unstable, requiring that you return the controller to its factory default
settings.

Using the shutdown option

Always use the Shutdown option before turning off the power on the
FirePass controller.

To shut down the FirePass controller

1. In the navigation pane in the Administrative Console, click Device
Management, expand Maintenance, and click Restart Services.
The Restart Services screen opens.
2. Click the link for Shutdown Controller to shut down the FirePass
controller.
The Shutdown Controller screen opens, with a warning that lists the
number of active sessions. If you confirm shut down at this point,
the FirePass controller terminates these sessions without warning.
3. Click the Shutdown button to initiate the shutdown.

WARNING
Do not use the power switch to shut down the FirePass controller without
following the proper shutdown procedures described in this section. If you
incorrectly power down the controller, it can result in an unstable state,
requiring that you return the controller to its factory default settings.

3-6
 Working with the FirePass Controller

Knowing when to turn off the FirePass controller

How to tell when it is safe to turn off the controller depends on the model
you have.
• FirePass 1000 and 1200
The controller emits three successively-lower-pitched tones. After you
hear the three tones, it is safe to power down the controller.
• FirePass 4100 and 4300
The LCD displays the message Press the X key to power off.
The X key is located on the keypad on the front panel of the controller.
Figure 2.4, on page 2-11 shows the FirePass 4100 and 4300 LCD panel
control buttons. Press the X key and hold it for approximately five
seconds until the lights on the front panel of the controller go out. At this
point, the LCD displays the message F5 Power standby mode. Press
Enter to command power on. You can now open the front panel door of
the FirePass 4100 or 4300 and turn off the power switch.

Tip
If you are running the FirePass 1200 in a noisy environment, you might not
hear the tones. Always check the FirePass 1200 LEDs to determine status.
For more information about the FirePass 1200 LED status indicators, see
Understanding the LEDs on the FirePass 1200, on page 2-12.

Restarting the controller

You can restart the controller to reboot the hardware when the controller is
in an abnormal state.

To restart the FirePass controller

1. In the navigation pane in the Administrative Console, click Device
Management, expand Maintenance, and click Restart Services.
The Restart Services screen opens.
2. Click the link for Restart Controller to reboot the hardware.
The Restart Controller screen opens, with a warning that lists the
number of active sessions.
Depending on the state of the FirePass controller before the restart,
confirming the operation might affect active sessions.
3. Click the Restart button to confirm the reboot operation.

Restoring factory default settings

Sometimes, when implementing and testing new configurations, it is
necessary to revert to the factory default settings. Follow the procedures
listed here to restore the factory default configuration settings.

FirePass® Controller Getting Started Guide 3-7

Chapter 3

To reset the configuration to the factory default settings

1. Connect a workstation to the serial port of the FirePass controller
using a null-modem cable.
2. Configure a communications program, such as HyperTerminal or
XTerm, using the following settings:
• Baud rate: 19200
• Data bits: 8
• Parity: none
• Stop bits: 1
• Flow control: hardware
3. Start the serial connection.
The screen changes to show a logon prompt.
4. Type maintenance at the logon prompt, and then press Enter.
A screen of conditions for using the Maintenance Console opens.
5. Review the conditions and press Enter to continue.
A screen of maintenance options opens.
6. Using the arrow keys, navigate to option 1: Reset settings and/or
admin password, make sure the OK option is selected, and press
Enter.
A screen for resetting options opens.
7. Using the arrow keys, navigate to option 1: Reset settings and
admin password, make sure the OK option is selected, and press
Enter.
The FirePass controller presents the reset warning screen.
8. Review the information on the reset warning screen before
continuing.
9. In response to the question Reset FirePass to default values (full
reset)?, type yes and press Enter.
The system presents a prompt for resetting the FirePass controller IP
defaults.
10. In response to the question Change the default FirePass IP
settings?, type yes and press Enter.
The system presents a prompt for specifying the FirePass controller
name.
11. In response to the prompt FirePass server name, type the name of
the FirePass controller and press Enter, or press Enter without
specifying a name to use the default firepass.company.xyz.
The system presents a prompt for specifying the FirePass controller
IP address.

3-8
 Working with the FirePass Controller

12. In response to the prompt FirePass IP address, type the IP address

of the FirePass controller and press Enter, or press Enter without
specifying an IP address to use the default 192.168.1.99.
The system presents a prompt for specifying the FirePass controller
IP mask.
13. In response to the prompt FirePass IP mask, type the subnet mask
of the FirePass controller and press Enter, or press Enter without
specifying an IP address mask to use the default 255.255.255.0.
The system presents a prompt for specifying the DNS server IP
address.
14. In response to the prompt DNS server IP address, type the DNS
server IP address of the FirePass controller and press Enter, or press
Enter without specifying an IP address to use the default
192.168.1.1.
The system presents a prompt for specifying the Gateway IP
address.
15. In response to the prompt Gateway IP address, type the gateway IP
address for the FirePass controller and press Enter, or press Enter
without specifying an IP address to use the default 192.168.1.1.
The system presents a summary screen of the changes.
16. In response to the confirmation prompt, type yes and press Enter.
17. Wait while the reset process completes and the FirePass controller
reboots.
18. Log on to the system using the value you specified for FirePass IP
address, followed by the suffix /admin/. For example,
https://192.168.1.99/admin/
19. Reactivate the license.
For information about reactivating the license, see the online help
for the Activate License screen.

FirePass® Controller Getting Started Guide 3-9

Chapter 3

Using the snapshot utility

You can use the snapshot feature to back up the current system software.
You can later use this image to restore the system to a previous version.
The snapshot utility creates an image of the system, including the
configuration settings. However, the FirePass controller takes itself offline
during snapshot creation. In addition, the FirePass controller stores only one
snapshot at any given time. For this reason, we recommend that you also
periodically back up your configuration settings. For more information
about the backup and restore feature, see Backing up and restoring
configuration settings, on page 3-12.

Important
When you create a snapshot, the FirePass controller goes offline into
maintenance mode. You must use a workstation that is physically connected
to the FirePass controller (that is, not a workstation on the network) to
complete the snapshot-creation operation.

Note

You can revert to the factory default settings for the FirePass controller.
For more information, see Restoring factory default settings, on page 3-7.

Creating a snapshot
When you create a snapshot of your system settings, the snapshot is stored
on the FirePass controller. You can have only one snapshot stored on the
FirePass controller at a time. When you create a new snapshot, it overwrites
the previous snapshot without warning, after you confirm the creation
operation.

To create a snapshot of your configuration settings

1. Connect a workstation to the serial port of the FirePass controller
using a null-modem cable.
2. Configure a communications program, such as HyperTerminal or
XTerm, using the following settings:
• Baud rate: 19200
• Data bits: 8
• Parity: none
• Stop bits: 1
• Flow control: hardware
3. Start the serial connection.
The screen changes to show a logon prompt.
4. Type maintenance at the logon prompt, and then press Enter.
A screen of conditions for using the Maintenance Console opens.

3 - 10
 Working with the FirePass Controller

5. Review the conditions and press Enter to continue.

A screen of maintenance options opens.
6. Using the arrow keys, navigate to option b: Create/restore
FirePass snapshot and press Enter.
A confirmation screen opens.
7. At the confirmation prompt, press Enter.
The FirePass controller boots into recovery mode.
8. Type maintenance at the logon prompt, and then press Enter.
A screen of conditions for using the Maintenance Console opens.
9. Review the conditions and press Enter to continue.
A screen of maintenance options opens.
10. Select Create FirePass snapshot and press Enter.
Snapshot creation begins immediately, overwriting any existing
snapshot.
During snapshot creation, the FirePass controller shows a status
screen. You cannot halt an in-progress operation.
11. After the operation completes, select option 0, Exit and Reboot
FirePass in normal mode to exit from maintenance mode.

Restoring a snapshot
When you take a snapshot of your configuration settings, the snapshot is
stored on the FirePass controller and can be retrieved by following this
procedure.

To restore a snapshot
1. Connect a workstation to the serial port of the FirePass controller
using a null-modem cable.
2. Configure a communications program, such as HyperTerminal or
XTerm, using the following settings:
• Baud rate: 19200
• Data bits: 8
• Parity: none
• Stop bits: 1
• Flow control: hardware
3. Start the serial connection.
The screen changes to show a logon prompt.
4. Type maintenance at the logon prompt, and then press Enter.
A screen of conditions for using the Maintenance Console opens.
5. Review the conditions and press Enter to continue.
A screen of maintenance options opens.

FirePass® Controller Getting Started Guide 3 - 11

Chapter 3

6. Using the arrow keys, navigate to option b: Create/restore

FirePass snapshot and press Enter.
A confirmation screen opens.
7. At the confirmation prompt, press Enter.
The FirePass controller boots into recovery mode.
8. Type maintenance at the logon prompt, and then press Enter.
A screen of conditions for using the Maintenance Console opens.
9. Review the conditions and press Enter to continue.
A screen of maintenance options opens.
10. Select one of the following options and press Enter:
• Revert FirePass to last working configuration snapshot
This option restores FirePass controller using the a snapshot you
created.
• Revert FirePass to factory default snapshot
This option restores FirePass controller using a snapshot of the
base operating system at the time the unit was shipped. The
factory-defaults snapshot does not contain your current
configuration.
11. Review the revert confirmation warnings, select Yes, and press
Enter to start the restore operation.
During the snapshot-restore operation, the FirePass controller shows
a status screen. You cannot halt an in-progress operation.
12. After the operation completes, select option 0, Exit and Reboot
FirePass in normal mode to exit from maintenance mode.

WARNING
If you choose to use the factory default snapshot, it erases all of your
configuration settings and restores the factory default settings.

In addition to periodically creating a snapshot of the FirePass controller, we

recommend that you also perform regular backups of your configuration
settings. For information on creating and restoring backups, see Backing up
and restoring configuration settings, following.

Backing up and restoring configuration settings

The backup feature captures configuration settings on your FirePass
controller. We recommend that you perform regular backups manually, or
that you configure an FTP server for automatic backup every night.
You use the backup feature in conjunction with the snapshot utility to
preserve and restore content and settings on the FirePass controller. Each
has its own function:

3 - 12
 Working with the FirePass Controller

• The backup process saves configuration settings that you have made, but
not the system settings.
• The snapshot feature saves the system settings in addition to the
configuration settings.

In addition to this difference, while the snapshot tool stores the

configuration file on the FirePass controller, the backup process places the
backed up files on the hard drive of a computer or FTP server you specify,
so you can create a special folder for multiple backups.
We recommend that, in addition to regularly backing up your configuration
settings, that you also create periodic snapshots of your FirePass controller.
For information on creating and restoring snapshots, see Using the snapshot
utility, on page 3-10.

Creating a backup manually

You can create a backup of your current configuration any time you want to
capture the current configuration settings. Backups include the FirePass
controller global settings, as well as all user accounts and groups, Network
Access, Portal Access, and Application Access settings, configured
favorites, and network configuration. You can also back up the logs.

To create a backup manually

1. In the navigation pane of the Administrative Console, click Device
Management, expand Maintenance, and click Backup/Restore.
The Backup / Restore screen opens.
2. Click the link Create a backup of your current configuration.
3. Wait while the FirePass controller creates the backup file.
The browser presents a dialog box that contains options for opening
or saving the backup file.
4. Select the option that saves the backup file.
The system presents a standard save-as dialog box.
5. Navigate to the folder on your hard drive where you want to place
the backup file. You might want to create a new folder where you
can keep all of your backup files.
6. Review the backup file name.
A typical backup file name appears similar to the following
example:
backup-bip065695s-URM-5_51-20060119182912.zip
You can change the name to a more meaningful one so you can
locate it later when you want to restore the configuration.
7. Click OK.

Note

If you select the link Create a backup of your current configuration and
log messages, the backup also includes all FirePass controller logs.

FirePass® Controller Getting Started Guide 3 - 13

Chapter 3

Configuring for automatic backup to an FTP server

You can set up the FirePass controller to perform automatic nightly backups
to an FTP server.

To configure automatic, nightly backups to an FTP server

1. In the navigation pane of the Administrative Console, click Device
Management, expand Maintenance, and click Backup/Restore.
The Backup / Restore screen opens.
2. Check Perform nightly backups to FTP server.
The screen refreshes to reveal additional options.
3. Specify the destination FTP server address and Target directory
4. Check Partial backup to back up the FirePass controller IP address,
web services configurations and webifyer settings, user accounts,
and favorites, or clear the option to also include applications logs,
and logon details logs.
Neither backup type includes HTTP logs or system logs.
5. In Username, type the account name to use when logging onto the
FTP site to create the backup
6. In Password, type the account password to use when logging onto
the FTP site to create the backup
7. In Confirm Password, type the password again.
8. Click Save.

You can test the automated backup settings by clicking Backup now.

Note

Backed up files are protected with strong encryption, and are checked for
integrity prior to being restored. Because they are encrypted, it is safe to use
unprotected FTP for file transfer, and to store the files on public file shares.

Restoring backups
You can restore backed up configuration files any time you want to revert to
a previously saved version of your configuration.

To restore your configuration settings from a backup

1. In the navigation pane of the Administrative Console, click Device
Management, expand Maintenance, and click Backup/Restore.
The Backup / Restore screen opens.
2. Click the Browse button.
The system presents a standard open-file dialog box.

3 - 14
 Working with the FirePass Controller

3. Navigate to the file that you want to restore.

Backup file names appear similar to the following example:
backup-bip065695s-URM-5_51-20060119182912.zip
4. Click Open.
The backup file name you select now appears in the box next to the
Browse button.
5. Click the link Restore your saved configuration.
Wait while the FirePass controller retrieves backup information and
presents the configuration settings from the file you selected.
If you see an error message, return to the Backup / Restore screen,
make sure you specify a valid backup file, and click the link again.
6. To also include IP addresses and other network settings, check
Restore Networking Configuration.
7. To also include user accounts and group definitions, check
Restore Users and Groups Settings.
8. To continue, click Restore.
To cancel the restore operation, click Abort.

WARNING
Backing up and restoring across FIPS-compliant systems restores only the
user accounts and groups configuration. The operation does not restore
network settings and certificates.

Important
Although you can use the backup functions to restore FirePass controller
configurations from one platform type to another (for example, from a
FirePass 1200 to a FirePass 4100 or 4300), the process restores only global
settings, user accounts, groups, webifyer settings, and favorites
configurations. It does not restore the network configuration and
certificates.

Note

You can restore the IP configuration between identical models only, for
example, restoring from one FirePass 4100 or 4300 to another.

FirePass® Controller Getting Started Guide 3 - 15

Chapter 3

3 - 16
Glossary
 Glossary

active unit
In a redundant system, the active unit is the system that currently load
balances connections. If the active unit in the redundant system fails, the
standby unit assumes control and begins to load balance connections. See
also redundant system.

Administrative Console
The Administrative Console is the browser-based application that you use to
configure the FirePass controller.

certificate
A certificate is an online credential signed by a trusted certificate authority
and used for SSL network traffic as a method of authentication.

cluster
A cluster is a group of FirePass controller nodes that provide common user
services, and can distribute the load of active sessions across all controllers
in the cluster.

domain name
A domain name is a unique name that is associated with one or more IP
addresses. Domain names are used in URLs to identify particular web pages.
For example, in the URL http://www.siterequest.com/index.html, the
domain name is siterequest.com.

Domain Name System (DNS)

The Domain Name System (DNS) is a system that stores information
associated with domain names, making it possible to convert IP addresses
such as 192.168.16.8, into more easily understood names such as
www.siterequest.com.

Dynamic Host Configuration Protocol (DHCP)

DHCP is a protocol for assigning dynamic IP addresses to devices on a
network. With dynamic addressing, a device can be assigned a different IP
address every time it connects to the network.

failover
Failover is the process whereby a standby unit in a redundant system takes
over when a software failure or a hardware failure is detected on the active
unit. See also active unit and standby unit.

failover pair
See redundant system.

FirePass® Controller Getting Started Guide Glossary - 1

Glossary

favorite
A favorite is a webtop link defined by the FirePass controller administrator
or the user that contains all of the information needed for the client
computer to access a location, file share, or application on the company
network.

FIPS compliant
Federal Information Processing Standards (FIPS) are publicly announced
standards developed by the U.S. Federal government for use by all
(non-military) government agencies and by government contractors. The
FirePass controller can be configured with FIPS 140-encryption hardware,
which stores all certificates and private keys in the FIPS hardware.

FQDN
See fully qualified domain name.

fully qualified domain name

The fully qualified domain name (FQDN) is an unambiguous domain name
that specifies a node’s position in the DNS tree hierarchy absolutely, for
example, myfirepass.siterequest.com. See also domain name.

high availability
High availability is the process of ensuring access to resources despite any
failures or loss of service in the setup. For hardware, high availability is
ensured by the presence of a redundant system. See also redundant system.

interface
A physical port on an F5 system is called an interface.

IP address
An IP address (Internet Protocol address) is a unique number that identifies
a single device and enables it to use the Internet Protocol standard to
communicate with another device on a network.

IPsec
IPsec (Internet Protocol Security) is a communications protocol that
provides security for the network layer of the Internet without imposing
requirements on applications running above it.

Maintenance Console
The Maintenance Console is a utility that provides administrative access to
the FirePass controller. You can access the Maintenance Console from the
Administrative Console or from a workstation that is directly connected to
the FirePass controller.

Glossary - 2
 Glossary

Management interface
The Management interface is a port on the FirePass 4100 and 4300 that is
intended solely for administrative operations performed from a workstation
that is directly connected to the FirePass controller.

master group
A master group is a collection of users that contains authentication settings,
overall security configuration settings for groups of users, network access
filtering policies, user experience, and user accounts.

name resolution
Name resolution is the process by which a name server matches a domain
name request to an IP address, and sends the information to the client
requesting the resolution.

NAT (Network Address Translation)

A NAT is an alias IP address that identifies a specific node managed by the
FirePass system to the external network.

Network Access
Network Access is a FirePass controller feature that provides secure access
to corporate applications and data using a standard web browser.

Quick Setup
The Quick Setup wizard is a program that you can run from the
Administrative Console that guides you through the initial configuration
tasks for the FirePass controller.

port
A port is a number that is associated with a specific service supported by a
host.

redundant system
Redundant system refers to a pair of units that are configured for failover. In
a redundant system, there are two units, one running as the active unit and
one running as the standby unit. If the active unit fails, the standby unit takes
over and manages connection requests.

snapshot
A snapshot is a compressed set of files that represent the FirePass
controller’s system settings. You can create and restore a snapshot using the
Maintenance Console. See also Maintenance Console.

FirePass® Controller Getting Started Guide Glossary - 3

Glossary

SFP (Small Form-Factor Pluggable)

SFP is a small form-factor pluggable transceiver used in optical
communication for both telecommunications and data communications
applications. It connects a network device, such as a switch or a router, to a
fiber optic networking cable.

SSL (Secure Sockets Layer)

SSL is a network communications protocol that uses public-key technology
as a way to transmit data in a secure manner.

standby unit
A standby unit in a redundant system is a unit that is always prepared to
become the active unit if the active unit fails.

webifyer
A webifyer is a FirePass controller feature that uses a browser to provide
nonbrowser-based application functionality. The FirePass controller uses
webifyers to present the Portal Access applications Windows Files and
Mobile E-Mail, as well as the Application Access applications Legacy
Hosts, Terminal Servers, and more.

webtop
The webtop is the user’s home page, which contains links that are
configured as favorites for that user’s master group. Along the left side of
the webtop are icons representing various functionality. Depending on how
the webtop is configured, users may be able to add their own favorites by
clicking an icon and adding links.

Glossary - 4
Index
 Index

connecting ports 2-9

4100 and 4300 keypad 2-10 contents of shipping container 2-4
443 port connections 2-2 controller
80 port connections 2-2 connecting to the network 2-8
placing in network 2-4
restarting 3-6, 3-7
A shutting down 3-6
A record, defined 2-3 unpacking 2-4
access to Administrative Console 3-4 conventions used in this guide 1-3
activate license 2-16 create snapshot process 3-3
additional technical documentation 1-4 create user process 3-2
address record, described 2-3 crossover Ethernet cable 2-8
Administrative Console, accessing 2-13, 3-4
administrative default logon name 2-6, 2-13
administrative default logon password 2-6 D
Administrator Guide 1-4, 2-15 date and time configuration 2-6
alias usage in DNS 2-3 Declaration of Conformity 2-4
audible tones 2-11 default administrative logon name and password 2-6
audience, intended 1-3 default settings 3-7
automated backups 3-12, 3-14 default static IP address 2-7
automatic licensing method 2-16 DNS
and name resolution 2-2
configuring 2-2, 2-6
B creating aliases 2-3
backups document references, identifying in text 1-3
creating 3-12, 3-13, 3-14 domain name service (DNS). See DNS.
finding backup files 3-14 domain name, specifying 2-2
preparing for 3-4
restoring 3-14
understanding warnings 3-15 E
earlier software version, restoring 3-4
email server configuration 2-6
C external user access using private IP addresses 2-3
cables
unpacking 2-4
using crossover Ethernet 2-8 F
using null-modem 2-8 F5 Solution Center 1-5
using patch 2-8 factory default settings, restoring 3-7, 3-8
using standard Ethernet 2-9 failover cable 2-5
using straight-through 2-8 failover configuration 1-2
certificate warning, accepting 2-13 FirePass 4100 and 4300 keypad 3-7
clustering support 1-2 firewall rule configuration 2-2
command syntax, identifying in text 1-4 first steps 2-4
communications program setup 3-11 FQDN. See fully qualified domain name.
communications programs 3-8 FTP backups 3-12, 3-14
communications programs and FirePass controller 3-10 fully qualified domain name (FQDN) 2-2
configuration
backing up 3-12 G
performing initial 2-4
Getting Started Guide 2-4
resetting to default 3-8
guide for administrators 2-15
restoring previous 3-12
configuration of Network Access 2-6
configuration settings H
gathering 2-6 help
verifying 3-2 getting context-sensitive help 1-4
configuration snapshot 3-10 locating online resources 1-4
Configuration utility, about the Welcome screen 1-4 host name, publicly resolvable 2-2

FirePass® Controller Getting Started Guide Index - 1

Index

hosts file 2-15 Network Access Service configuration 2-6

hubs, connecting to 2-8 network address translation
configuring for FirePass controller 2-2
understanding issues 2-3
I network configuration, typical 2-4
initial configuration steps 2-6 network settings, recording 2-4
initial logon process 2-13 network time protocol (NTP) configuration 2-6
initial setup 2-7 new software version 3-4
installation preparation 2-1 new terms, identifying in text 1-3
installation prerequisites 2-1 nightly backups 3-12, 3-14
installation procedures 2-7 null-modem cable 2-8
intended audience 1-3
Internet domain name 2-2
IP addresses O
specifying 2-1 online help and additional resources 1-4
using private vs. public 2-3 online software updates 3-4
issues with NAT or port forwarding 2-3 online update feature 3-4

K P
keypad for 4100 and 4300 2-10 packet filters, configuring to allow access 2-2
keypad for FirePass 4100 and 4300 3-7 password default 2-6
keywords, identifying in text 1-3 patch cables 2-8
Port 1 port 2-9
port 443 2-2
L port 80 2-2
LCD display 2-10 port forwarding
LED 2-12 configuring 2-2
license activation 2-16 using with the FirePass controller 2-3
licensing agreement 2-4 post-setup configuration tasks 2-16
licensing methods 2-16 power switches 2-10
lights 2-12 power up sequence 2-10
local hosts file 2-15 prerequisites for installation 2-1
location of power switch 2-10 previous settings, restoring 3-4
logon name default 2-6 private (internal) network 2-3
logon process 2-13 private namespaces 2-3
public namespaces 2-3
M publicly resolvable host name 2-2
publicly routable IP address 2-1
mail server configuration 2-6
Maintenance Console 3-6
Management port 2-9 Q
manual backups 3-12, 3-13 Quick Setup 2-1, 2-12
manual licensing method 2-16 quit procedure, using 3-6
multiple controller connections 2-10

R
N record, defined 2-3
name and password, administrative 2-6 recording of network settings 2-4
name resolution redirects, configuring port forwarding 2-2
configuring in SSL 2-6 references to documents 1-3
understanding issues 2-3 registered Internet domain name 2-2
namespaces, configuring 2-3 remote users using private IP addresses 2-3
NAT or port forwarding requirements for setup 2-1
choosing between 2-1 resources online 1-4
resolving issues 2-3 restart procedure 3-7
NAT. See network address translation.
Network Access configuration test 3-3

Index - 2
 Index

restore process X
restoring factory default settings 3-7 X key 3-7
restoring FirePass controller backups 3-14
restoring previous settings 3-4
restoring snapshot images 3-11

S
serial connection 3-8, 3-10, 3-11
settings, restoring default 3-7
setup requirements 2-1
shut down and restart process 3-6
snapshot utility 3-10
snapshots
creating 3-3, 3-10
restoring 3-11
software updates 3-4, 3-5
standard Ethernet cable 2-8, 2-9
static IP address default 2-7
status lights 2-12
straight-through cables 2-8
stylistic conventions 1-3, 1-4
supported web browsers 1-1
switch or hub, connecting to 2-9
switches, connecting to 2-8

T
TCP port 443 connections 2-2
TCP port 80 connections 2-2
technical documentation, finding additional 1-4
test Network Access 3-3
tones emitted 2-11
troubleshooting tools 3-6
typical network configuration 2-4

U
updates, software
updating offline 3-5
updating online 3-4
user logon configuration, verifying 3-3
User Session Lockout 3-4
user, creating 3-2

V
variables, identifying in text 1-3
verification of configuration settings 3-2
verification of user logon 3-3

W
WAN port 2-9
web browsers 1-1
Welcome screen, about 1-4
worksheet 2-1, 2-4, 2-6

FirePass® Controller Getting Started Guide Index - 3

Index

Index - 4