Configuring Appliances

• Interactive (this is the recommended method) - Select one of these:

  • Scan the QR code located on the Service tag and follow the instructions that appear.

  • Scan the QR code on the "Welcome" page that came in the appliance box and follow the instructions that appear.

• Legacy - Connect the appliance according to the instructions in the 9000 Appliances Quick Start Guide.

  In the section Set Up Your Appliance, follow Option #2.

  Then, configure the appliance with the Gaia First Time Configuration Wizard.

  1. See the Installation and Upgrade Guide for your version.

  2. In the section Installing a Security Gateway > Configuring Gaia for the First Time, follow the instructions for the First Time Configuration Wizard.

Connecting to the Appliance CLI

You can configure advanced options in the Gaia operating system in the command line.

To connect to the command line interface of the appliance, use one of these:

• An SSH connection to the bottom management interface port (on a Security Gateway appliance, the Access Control policy must allow this SSH connection).

• A serial console cable and terminal emulation software, such as PuTTY (from Windows) or Minicom (from Unix/Linux).

  The appliances support these serial console connectivity options:

  • USB type-C - Use the included USB type-C console cable.

  • RJ45 - Use the included DB9 DTE to RJ45 serial console cable.

  Connection parameters for the appliances are: 9600 bps, 8 bits, no parity, 1 stop bit (8N1), Flow Control - None.

  If you use both the USB type-C and RJ45 console ports, the USB type-C port has priority. To use the RJ45 port, first disconnect the USB type-C console cable.

  When you finish using the RJ45 port, reconnect the mini USB console cable.

  Note - To use the USB type-C console port, you must install a driver on the console client machine (desktop/laptop). For installation instructions and the download link, see sk181698.

Starting the Appliance

Connect the appliance to a power source and turn on the appliance.

To start the appliance:

Connect the power cables to the power supply units in the rear panel.

The appliance turns on.

Available Software Images

The 9000 Appliances come with software images. See the appliance Home Page sk181698.

Reverting to a previous software image takes a few minutes.

To follow the progress and see when the appliance is ready, use a serial console to connect to the appliance.

Creating the Network Object

Configure a Security Gateway / Cluster object on the Management Server:

1. Connect with SmartConsole to the Management Server.

2. Configure a new Security Gateway / Cluster object.

   For more information, see the:

   • Quantum Security Management Administration Guide for your version

   • ClusterXL Administration Guide for your version

   • Maestro Administration Guide for your version

3. Configure the applicable Security Policy.

4. Install the Access Control Policy.

5. Install the Threat Prevention Policy.

The 9700 / 9800 appliances support two storage devices.

• RAID-1 mirroring across both storage devices is used.

  This enables the appliance to continue to work if there is a storage device failure.

• The mirror rebuild is automatic.

• Both storage devices must be the same type.

First Boot Up

At first boot up, wait for up to six hours to allow the storage devices to fully synchronize.

If you reboot the appliance before the storage devices are synchronized, the synchronization starts again from the beginning at the next boot.

To monitor the RAID status of the storage devices from the CLI:

1. Connect to the command line on the appliance.

2. Log in to Gaia Clish.

3. Run this command to monitor the RAID status of the storage devices:

   raid_diagnostic

   The output of this command shows data about the RAID and storage devices, with the percent of synchronization complete.

   In 9800 / 9700 appliances:

   • DiskID 0 is the top storage device (numbered 0 on the appliance's chassis).

   • DiskID 1 is the bottom storage device (numbered 1 on the appliance's chassis).

   After the first boot and after you replace a second storage device, the RAID state (in the VolumeID line) shows DEGRADED (this indicates that the drives are not synchronized). The DiskID:0 state shows ONLINE and the DiskID:1 state shows INITIALIZING.

   After the RAID is synchronized, the RAID state (in the VolumeID line) shows OPTIMAL (this indicates that the drives are synchronized). The DiskID:0 and DiskID:1 states show ONLINE.

   Example from the 9800 model:

   

   This example shows that the storage devices are fully synchronized (disk sizes and vendor may vary).

To monitor the RAID status of the storage devices from the Gaia Portal:

1. Log in to the Gaia Portal.

2. From the left tree, click Maintenance > RAID Monitoring.

To monitor the RAID status of the storage devices from SmartConsole:

1. From the left navigation panel, click Gateways & Servers.

2. In the top pane, select the Security Gateway / Cluster object that represents the appliance.

3. In the lower pane, on the Summary tab, click Device & License Information.

   Example:

   

4. Click RAID Volumes.

   The window shows volume and disk information.

   Example:

   

To monitor the RAID status of the storage devices using SNMP:

Set up SNMP traps to send information about the RAID.

Use this OID: 1.3.6.1.4.1.2620.1.6.7.7

For more information about how to configure the SNMP settings on the appliance, see the Gaia Administration Guide for your version.

To hot swap a storage device:

1. When the appliance is up, remove the failed storage device.

2. Wait 15 seconds.

   The appliance recognizes that you removed a storage device.

3. Insert a new storage device.

   If necessary, you can reboot the appliance with one storage device and install the new storage device later.

   The system automatically adds the new storage device to the RAID configuration.