There are two ways to install an Ingate Firewall: using a serial cable or perform a magic ping.
Installation with a serial cable requires being at the same place as the firewall, but will give more options for the start configuration.
Installation with magic ping does not require being on the same place as the firewall (but the computer has to be connected to the same logical network as the firewall), but restricts the start configuration.
For an Ingate Firewall 1400: check the voltage setting of the firewall. This is the little red switch below the power socket. Other Ingate Firewalls detect the correct voltage setting automatically.
You can use the magic ping to set an IP address for the firewall. This is how to perform a magic ping:
Plug in the power cord and turn the firewall on.
Wait while the firewall boots up.
Connect the network cables to the network interfaces.
Find out the MAC address of the firewall (printed on the back of the firewall). This is the MAC address of eth0.
Add a static entry in your local ARP table consisting of the firewall's MAC address and the IP address it should have on eth0.
This is how to add a static ARP entry if you use a Windows computer:
Run the command command (or cmd).
In the Command window, enter the command arp -s ipaddress macaddress where ipaddress is the new IP address for the eth0 interface, and macaddress is the MAC address printed on the firewall, but with all colons (:) replaced with dashes (-).
Ping this IP address to give the firewall its new IP address. You should receive a ping reply if the address distribution was successful.
Configure the rest through a web browser.
If you use a Windows 2000 or XP computer you can perform the magic ping like this instead:
Plug in the power cord and turn the firewall on.
Wait while the firewall boots up.
Connect the network cables to the network interfaces.
Find out the MAC address of the firewall (printed on the label on the firewall). This is the MAC address of eth0.
Run the Ingate.exe program in the MagicPing folder on the documentation CD.
Enter the MAC address of the firewall in the first box line.
Enter the IP address of the firewall in the second box line.
Press Configure to give the firewall the assigned IP address.
Press Login to connect to the web user interface of the firewall, and make additional configuration there.
The magic ping will not set any password. Set a password immediately via the web user interface. Before any configuration has been made, only the computer which performed the magic ping will be able to configure the Ingate Firewall.
These steps are performed when installing with a serial cable:
Connect the firewall to your workstation with the enclosed serial cable.
Plug in the power cord and turn the firewall on.
Wait while the firewall boots up.
Log on from your workstation.
Run the installation program (see following instructions).
Connect the network cables to the network interfaces.
Configure the rest through a web browser.
Connect the firewall to your workstation with the enclosed serial cable, plug in the power cord and turn the firewall on. You will have to wait a few minutes while it boots up.
If you use a Windows workstation, connect like this: Start Hyperterm. A Location dialogue will show, asking for your telephone number and area. Click Cancel followed by Yes. Then you will be asked to make a new connection. Type a name for this connection, select an icon and click OK. The Location dialogue will show again, so click Cancel followed by Yes.
Now you can select Connect using COM1 and click OK. A Port settings dialogue will show, where you select 19200 as Bits per second. Use the default configuration for all other settings. Click OK and wait for a login prompt. (In some cases you have to press Return to get the login prompt.)
If you use a Linux workstation, connect like this: Make sure that there is a symbolic link named /dev/modem which points to the serial port you connected the firewall to. Connect using minicom with the bit rate 19200 bits/s, and wait for a login prompt.
Log on as the user admin. The first time you log on, no password is required. You set the password when you run the installation script, which starts automatically when you have logged on.
Each network interface is marked with a name (Eth0, Eth1, ...), which corresponds to a tab under Network. All eth interfaces belong to ethernet cards and should only be connected using ethernet cables.
Decide which computer(s) are allowed to configure Ingate Firewall and enter the name of the network interface to which they are connected, for example, eth0. You must use the physical device name (eth0, eth1, ...).
Enter the IP address of the firewall on this interface and the network mask for the network.
A network mask can be written in two ways in Ingate Firewall:
The first looks just like an IP address, for example 255.255.192.0 or 255.255.254.0.
The other way is as a number between 0 and 32. An IP address has 32 bits, where the number of the network mask indicates how many bits are used in the network's addresses. The rest of the bits identifies the computer on the network.
Now, you can select to deactivate any network interfaces. Select y to deactivate all interfaces but the one you just configured. The remaining network interfaces can be activated later when you complete the configuration via the web interface from your work station. This only applies to interfaces which was previously active; you can't activate interfaces with this setting.
Now enter the computer or computers from which the firewall may be configured (the configuration computers).
Then enter a password for the firewall. This is the password you use in your web browser to access and change the firewall's configuration. Finally, you can reset all other configuration if you want to.
Following is a sample run of the installation program.
Select 1 to install your Ingate Firewall.
If you choose to allow only one computer to configure the firewall, you are asked for the IP address (the mask is set automatically).
If this IP address is not on the same network as the inside of the firewall, you are asked for the router. Enter the IP address of the router on the network where the firewall is connected. Now enter the network address and mask of the network containing the configuring computer.
You can choose to allow several computers to configure the firewall, by answering no to the question:
The installation program then asks for the network number. The network number is the lowest IP address in the series of numbers that includes the configuration computers (see chapter 4, Configuring Ingate Firewall). The network mask determines the number of computers that can act as configuration computers.
If the network or partial network is not directly connected to the firewall, you must enter the IP address of the router leading to that network. Then enter the network's address and mask.
Then enter a password.
Finally, you are asked if you want to reset other configuration.
If you answer n, nothing is removed. If you answer y, you have three alternatives to select from:
Clear as little as possible. This is the alternative that is used if you answer n to the question above. Both the preliminary and the permanent configurations will be updated with the configuration specified above.
Revert to the factory configuration and then apply the configuration specified above. This will affect the permanent but not the preliminary configuration.
Revert to the factory configuration and empty all logs and then apply the configuration specified above. Both the preliminary and the permanent configurations will be affected.
Select the update mode, which is what you want to remove.
All configuration is now complete. The installation program shows the configuration and asks if it is correct.
yes saves the configuration.
no runs the installation program over again.
abort ends the installation program without saving.
Now, finish configuration of the firewall from the computer/computers specified in the installation program.