How to Install Endian Enterprise Software Step by Step

This guide describes step-by-step how to install the Endian Enterprise UTM software onto your own hardware to make an Endian UTM Appliance. It also has includes tips to help when installing Endian as a Virtual Machine.

Table of Contents
Part 1 Obtain Image......................................................................................................................2 Part 2 Installing onto Hardware....................................................................................................3 Part 3 - Management Console Initial Setup.....................................................................................8 Part 4 Network Setup Wizard.....................................................................................................11 Step 1 RED Interface..............................................................................................................11 Step 2 Choose Network Zones...............................................................................................11 Step 3 Network Zone and Interface Setup (Network Preferences)........................................13 Step 4 Internet Access Preferences........................................................................................14 4.1 Internet Ethernet Static................................................................................................14 4.2 Internet Ethernet DHCP..............................................................................................15 4.3 Internet PPPoE............................................................................................................16 4.4 Internet ADSL (USB, PCI)..........................................................................................17 4.5 Internet ISDN..............................................................................................................18 4.6 Internet ANALOG/UMTS Modem.............................................................................19 4.7 Internet Gateway.........................................................................................................20 Step 5 Configure DNS Resolver............................................................................................20 Step 6 Default Admin Email..................................................................................................21 Step 7 Apply Configuration...................................................................................................21 Step 8 End..............................................................................................................................21 Part 4 Endian Network Registration...........................................................................................22 No Existing Account.................................................................................................................22 Use an Existing Account...........................................................................................................23 Registration Page......................................................................................................................24

Endian Enterprise Installation Guide

Page 1

Part 1 Obtain Image

Download the ISO image this will generally be provided by your Endian Distributor as a link to the Endian download site. This file is probably around 170MB in size, and download time will depend on the speed of your Internet connection. This image will have a registration code built it to it (although you can register it using another code). Burn the ISO file to a CD as an image1.

1 This is different to just copying the file to the disk. You need to burn the image to the CD so that it will boot. This can be done with 'ISO Recorder Power Toy, Nero or other CD software.
Endian Enterprise Installation Guide Page 2

Part 2 Installing onto Hardware

Prepare your hardware device minimum specifications are available at http://www.endian.com/en/products/software/ If Installing on a Virtual Machine: Choose the Guest Operating System to be Redhat Enterprise Linux 5 (32-bit). 4 to 8 GB of disk space should be sufficient. Attach the CD ROM on the host. Insert the Endian bootable ISO disk into the CDROM drive and boot the system.

Be aware your file system will be overwritten if you proceed further! Press Enter to continue, and you will see the system loading...

Then choose your Language (arrows to move up and down, TAB to get to Ok button, and Enter key to accept):

Endian Enterprise Installation Guide

Page 3

Follow the screens:

When prompted for your Activation Key enter it to continue (including dashes).

After the key is entered, press TAB and Ok

Endian Enterprise Installation Guide

Page 4

Choose YES to continue, or NO to stop now. If you don't have an ethernet connection, you can use a serial cable to install and manage the software. You can choose this now.

The installer will proceed to partition the disk and install the system:

Wait for the installer to complete all of its tasks

Endian Enterprise Installation Guide

Page 5

When the system is installed, you will be prompted to configure the minimum settings. The first setting is the IP address. The default IP is 192.168.0.15 with a subnet mask of 255.255.255.0 You should change both of these to match your local (internal) network. If you are not sure of an appropriate IP and mask, it's okay, you can change it later. It just makes it easier to connect later if you have the correct address for your network now.

If you reach the next screen, you have completed the installation:

Remove the boot CD (you wont need it any more but keep it handy in case you ever need to reinstall your system!) Press Enter to reboot the new Endian hardware!
Endian Enterprise Installation Guide Page 6

When the system has rebooted, the console should present you with a menu (as shown below) which gives you the option to exit to sell, Reboot, change root password, change admin password or restore to factory defaults.

You are now ready to connect with the Management Console. If Installing on a Virtual Machine on vmware: You should also install the vmware tools onto the Guest Operating System. This will allow vmware to communicate and control the guest system.

Endian Enterprise Installation Guide

Page 7

Part 3 - Management Console Initial Setup

After you have configured the system via the console, you can then continue the configuration using a web browser. Open your web browser and type in http://your.ip.address.here If you received warnings about a certificate, or untrusted connection, continue through the warnings. CERTIFICATE WARNINGS For Firefox: Select I understand the risks, then Add Exception, then Get Certificate and then Confirm Security Exception. For Internet Explorer: Select Continue to this website

You should then see the Endian Welcome Screen.

Click the button labelled >>> to continue. Choose your language and Timezone and then click the >>> button.

Endian Enterprise Installation Guide

Page 8

You should take time to understand the licensing agreement, select the I accept checkbox and then the >>> button.

Next you have the opportunity to restore from a backup. This is particularly useful if you are recovering from a system crash. However, if this is a first-time install, you won't have a backup, select No in the drop list and then >>>.

Endian Enterprise Installation Guide

Page 9

The next screen gives you the opportunity to change the passwords. The Endian has two passwords for management, one is for the Web Management Front end, and the other is for Secure Shell (SSH). The default password for both is 'endian' but you have the chance to change it now.

Fill out the four password fields and then select >>>.

Endian Enterprise Installation Guide

Page 10

Part 4 Network Setup Wizard

Now you move directly to the 'Network Setup Wizard' where you can configure the key components of the network. Although the Network Setup is primarily conducted now, you can always re-run this wizard later if you need to reconfigure settings on the live Endian firewall.

Step 1 RED Interface

The first step is to define what type of Internet (public) connection you have. This depends on what you connect to.

Step 2 Choose Network Zones

This step allows you to configure optional, additional Network Zones. The number of zones available depends on the number of network interfaces available and you can have up to four zones: Red, Green, Blue, and Orange.

NETWORK ZONES
GREEN - is the trusted network segment. RED - is the untrusted network segment.

ORANGE - is the demilitarized zone (DMZ). If you host servers, it is wise to connect them to a different network than your GREEN network. If an attacker manages to break into one of your servers, he or she is trapped within the DMZ and cannot gain sensible information from local machines in your GREEN zone. BLUE - is the wireless zone (WLAN). You can attach a hotspot or WiFi access point to an interface assigned to this zone. Wireless networks are often not secure so the purpose is to trap all wirelessly connected machines into their own zone without access to any other zone except RED (by default).

Endian Enterprise Installation Guide

Page 11

As a minimum, the Endian will need a RED zone and a GREEN zone, which represent the public and private networks respectively. In step two, you specify if you want to use one of the optional zones, the ORANGE and BLUE networks.

In the first diagram below, there a no extra zones available. You have no choice, and you cannot select an ORANGE or BLUE zone2.

However, a system with 4 or more interfaces will give you the option for each of the optional ORANGE and BLUE zones. You can choose, none, one or the other, or both:

On the next page (after clicking >>>) you can setup each of the zone interfaces.

2 This is because the hardware had only one Network Interface, and that was already allocated to the Red zone.
Endian Enterprise Installation Guide Page 12

Step 3 Network Zone and Interface Setup (Network Preferences)

Zone Interface Setups Warning: This can be a long page, especially if you have all 4 zones defined. Be sure to scroll down and complete the setup for each of the zones!

The diagram above shows the setup for the GREEN zone although the same setup will be repeated on the same page for each optional zone you confirmed in the previous page (ORANGE and BLUE). Here you set the IP address, the subnet mask, additional IP addresses, and you select which physical network card is associated with this zone (in the 'Interfaces' section). You can select multiple interfaces for the same zone if you wish (this can provide some load sharing). At the bottom of the page you need to define the hostname, and the domain name of the system. It is handy to make the hostname as an identifiable name for this system.

Endian Enterprise Installation Guide

Page 13

Step 4 Internet Access Preferences

This step depends on what type of Internet connection you chose earlier. All options are shown in sections 4.1 through to 4.7 here:
4.1 Internet Ethernet Static

If you need to define a static ethernet address for your Internet connection, the setup screen is similar as for the GREEN, ORANGE and BLUE zones. Set the IP address, the subnet mask, additional IP addresses, and you select which physical network card is associated with this zone (in the 'Interfaces' section). You cannot select multiple physical interfaces for the RED zone. You must define a 'Default Gateway' which is an address which must be directly reachable from this Endian interface. You can also define the MTU and a spoofed MAC address for the RED interface. RED zone network interface In the Interfaces section, the Endian pre-selects a physical interface as the RED interface (denoted by the red colored square). However you can change the RED interface by clicking one of the other available check-boxes. The RED square won't change immediately, but, which ever check-box you select will become the RED interface.

Endian Enterprise Installation Guide

Page 14

4.2 Internet Ethernet DHCP

This is for when you use a DHCP allocated address on your Internet connection. The setup screen is similar as for the GREEN, ORANGE and BLUE zones. You must define how the DNS server is defined, automatically (from the DHCP allocation) or manually. You can also define the MTU and a spoofed MAC address for the RED interface.

RED zone network interface In the Interfaces section, the Endian pre-selects a physical interface as the RED interface (denoted by the red colored square). However you can change the RED interface by clicking one of the other available check-boxes. The RED square won't change immediately, but, which ever check-box you select will become the RED interface.

Endian Enterprise Installation Guide

Page 15

4.3 Internet PPPoE

PPPoE connections are used if you have a direct ADSL connection. Here you need to define your login details, authentication method. You may select additional IP addresses. Note that this option is only needed if your modem uses bridging mode and requires your firewall to use PPPoE to connect to your provider. Don't confuse this option with the ETHERNET STATIC or ETHERNET DHCP options used to connect to ADSL routers that handle the PPPoE themselves. RED zone network interface In the Interfaces section, the Endian pre-selects a physical interface as the RED interface (denoted by the red colored square). However you can change the RED interface by clicking one of the other available check-boxes. The RED square won't change immediately, but, which ever check-box you select will become the RED interface. You must define how the DNS server is defined, automatically (from the DHCP allocation) or manually.

Endian Enterprise Installation Guide

Page 16

4.4 Internet ADSL (USB, PCI)

For the ADSL option, you can connect a USB or PCI ADSL modem to the Endian. In the first substep, select a modem driver:

And then a connection type:

And then all of the ADSL login details:

You must define how the DNS server is defined, automatically (from the DHCP allocation) or manually.
Endian Enterprise Installation Guide Page 17

4.5 Internet ISDN

If you chose an ISDN interface, the setup is similar to ADSL, however you need to specify ISDN phone numbers here. You must define how the DNS server is defined, automatically (from the DHCP allocation) or manually.

Endian Enterprise Installation Guide

Page 18

4.6 Internet ANALOG/UMTS Modem

The UMTS modem option allows you to connect a dial-up modem, wireless dongle or other UMTS wireless adapter to connect to the Internet. In this setup, the wireless adapter will be the default Internet connection although a common approach is to use a wireless connection as the fallback connection in case your main connection fails. A failover connection is setup later, when the Endian has been fully configured. Specify the serial port and modem type.

And then select the baud rate, AP name, and login authentication provided by your wireless provider.

Endian Enterprise Installation Guide

Page 19

4.7 Internet Gateway

In this case the Endian UTM Appliance has no RED interface. This is unusual since a firewall normally needs to have two interfaces at least - for some scenarios this does make sense though. One example would be if you want to use only a specific service of the firewall. Another, more sophisticated example is an Endian UTM Appliance whose BLUE zone is connected through a VPN to the GREEN interface of a second Endian UTM Appliance. The second firewalls GREEN IP address can then be used as a backup uplink on the first firewall.

If you choose this option, you will need to configure a default gateway.

Step 5 Configure DNS Resolver

Now you define how the DNS is resolved. If you specified 'automatic DNS resolution' in the previous step, then this will be fixed as 'automatic' and cannot be set here. Otherwise, you will need to specify to DNS server addresses. Both addresses can be the same, although it is advisable to have separate DNS servers for reliability.

Endian Enterprise Installation Guide

Page 20

Step 6 Default Admin Email

System events can be emailed to an administrator. This is an optional step. The 'smarthost' is the email server which will deliver the emails.

Step 7 Apply Configuration

This is the final step before your selections are committed to the Endian. You can go back by clicking the <<< button if you would like to make changes. Otherwise, click OK, apply configuration and wait for the settings to be saved.

Step 8 End

Endian Enterprise Installation Guide

Page 21

Part 4 Endian Network Registration

When you first connect after configuring the system, the Endian asks you if you have an existing EN (Endian Network) login. This prompting screen will continue to be displayed until a successful registration has been completed. However, it is possible to bypass this screen (by clicking the Cancel button) and you can configure the Endian system. The Endian Network registration process is important in order to receive system updates, anti-spam and anti-virus updates, and support. So it is recommended that the registration process is completed as soon as possible. If this is your first registration, you probably won't have an existing account, so choose 'No'. If you already have other Endian units, it makes sense to collate them into the same account, so choose 'Yes'.

No Existing Account
By choosing 'No' you will be asked to setup an Endian Network account before proceeding. Click on the link, and another browser window will open, asking you to create your account.

Endian Enterprise Installation Guide

Page 22

Enter your activation code into the field. This will associate your login with this system. The activation code must be written in exactly as provided, including the dashes and as capitals. After clicking the 'Continue' button, fill out the form specifying all of your account details.

And click 'Create Account' to complete the process. Even though it prompts you to 'click here' to connect to the Endian Network, there is no need to at this stage. Simply close the browser window and return to the Endian device Registration Page.

Use an Existing Account

By choosing 'Yes' you will be taken directly to the Registration Page.

Endian Enterprise Installation Guide

Page 23

Registration Page
Complete the Registration Page. The username should be the same as your Endian Account login (described in the previous section). The other settings are self-explanatory!

If the system keeps returning to the same page, it implies there is some problem connecting back to the Endian Network. In that case, here are some tips: Make sure the Internet connection is working properly. You may need to reconfigure the Endian using the Network Setup Wizard. Make sure your account name and password are exactly as setup previously on the Endian Network. Make sure the activation code entered on the form matches the activation code which was configured on the Endian at install-time. Check if there are any firewalls between the Endian unit and the Internet? Make sure DNS resolution is working.
Page 24

Endian Enterprise Installation Guide

Failing all of these checks, you should contact your reseller for assistance. On successful registration, you will be able to see your Endian firewall when you logon with your account onto the Endian Network. From the Endian Network you can manage and update the device. Also, the web management interface, within the System > Endian Network location you can check out the registration status of the device.

Endian Enterprise Installation Guide

Page 25