39.3 Device Deployment

39.3.1 Setting Device IP

Choose the appropriate control method based on your deployment plan and set the IP address for the Secure Access Gateway device accordingly. Once the IP is finalized, follow these steps to configure the device's IP:

  • 1) Disconnect Computer A from the internal network and modify its IP to enable communication with the Secure Access Gateway device. For example:
    • IP Address:190.190.0.1
    • Subnet Mask:255.255.0.0
    • Default Gateway: This field can be left blank
  • 2) Use a network cable to directly connect Computer A to the management port of the Secure Access Gateway device. Open a browser on Computer A and visit http://190.190.190.190 to access the device's management login page.
  • 3) The default username is admin, and the password is initially blank. Click [OK] to enter the management interface.
  • 4) In the left menu, navigate to Network Parameters -> Basic Settings, choose the appropriate network access mode, and configure the device's IP information. Save the settings once done.

After modifying the IP, a reboot of the Secure Access Gateway device is required.

Note

For devices starting from the 2600S model, the mode selection options will include an additional setting: "Bridge (Dual Machine Backup [Primary])". This setting is necessary only for the primary device in a dual-machine hot backup configuration when using bridge mode.

39.3.2 Pre-Network Connection Settings

If the bridge deployment mode is selected and the Secure Access Gateway device is deployed between switches connected via TRUNK, the TRUNK functionality on the device needs to be enabled. This can be done in Network Parameters -> VLAN Settings. If your network environment does not require this setup, you can skip this step.

If the bridge deployment mode is chosen and the device is deployed between a Layer 2 switch and a Layer 3 switch, with multiple subnets (non-VLAN) on the Layer 2 switch's PCs and corresponding IPs on the gateway, the multi-IP binding configuration needs to be enabled. This can be done in Network Parameters -> Multi-IP Configuration. If this is not applicable to your environment, you can skip this step.

If the bypass deployment mode is selected, policy routing must be configured on the switch. For detailed assistance, please consult a technical engineer.

39.3.3 Device Network Connection

Once the IP settings for the Secure Access Gateway device are configured, it can be connected to the pre-planned deployment point.

Bridge Mode

Connection Method: Use two ports on the device to connect it to the network. You can choose any two ports from ETH0, ETH1, or ETH2.

Routing Mode

Connection Method: Use the ETH0 port of the device to connect to the switch.

If you need to change the connection port from ETH0 to another port, you can do so by following these steps:

  • 1. Navigate to System Tools -> Configuration Management -> Advanced Configuration.
  • 2. Click Set and input the following configuration content:
    • [PRP]
    • PRP=ethX
      Where X represents the specific communication port number, for example, eth3.

Bypass Mirror Mode

Connection Method: Use the device's ETH2 port to connect to the observation port. Use the ETH0 port to connect to the switch for normal communication across the network.

If you need to change the observation port to another one, follow these steps:

  • 1. Navigate to System Tools -> Configuration Management -> Advanced Configuration.
  • 2. Click Set and enter the following configuration:
    • [monitor]
    • monitor_port=ethX
      Where X represents the specific communication port number, such as eth3.

Once the device is connected to the network, you can access its management interface by entering the device's IP address in a browser, e.g., http://192.168.2.190.

Don't see what you're looking for?

Visit our knowledge base
Know more about AnySecura
Read latest news
Discover what's happening now
Need assistance?
Contact us now