Hillstone Networks

StoneOS Getting Started Guide

Version 5.5R8

TechDocs | docs.hillstonenet.com
Copyright 2020 Hillstone Networks. All rights reserved.
Information in this document is subject to change without notice. The software described in
this document is furnished under a license agreement or nondisclosure agreement. The software
may be used or copied only in accordance with the terms of those agreements. No part of this
publication may be reproduced, stored in a retrieval system, or transmitted in any form or any
means electronic or mechanical, including photocopying and recording for any purpose other
than the purchaser's personal use without the written permission of Hillstone Networks.
Hillstone Networks
Commercial use of the document is forbidden.

Contact Information:
US Headquarters:
Hillstone Networks
5201 Great America Pkwy, #420
Santa Clara, CA 95054
Phone: 1-408-508-6750
https://www.hillstonenet.com/about-us/contact/

About this Guide:

This guide gives you comprehensive configuration instructions of Hillstone Networks StoneOS
.
For more information, refer to the documentation site: https://docs.hillstonenet.com.cn
To provide feedback on the documentation, please write to us at: TechDocs@hillstonenet.com
Hillstone Networks
TWNO: TW-WUG-UNI-A-5.5R8-EN-V1.0-12/7/2020
Contents

Contents 1

Getting Started Guide 1

Initial Visit to Web Interface 2

Preparing the StoneOS System 4

Installing Licenses 4

Creating a System Administrator 4

Adding Trust Hosts 6

Upgrading StoneOS Firmware 7

Updating Signature Database 7

Connecting to Internet Under Routing Mode 9

Restoring Factory Settings 17

Restoring using a pin 17

Restoring via WebUI 19

TOC - 1
Getting Started Guide
This guide helps you go through the initial configuration and the basic set-up of your Hillstone
device. The intended reader is your company's network administrator.
This guide is used when you have finished mounting your device. After following the steps in this
guide, your private network will be able to access the Internet. To set up security functions, you
will need to read the User Guide (WebUI User Guide or CLI User Guide).
You may configure your firewall in the following sequence:

1. "Initial Visit to Web Interface" on Page 2

2. "Preparing the StoneOS System" on Page 4, including:

l "Installing Licenses" on Page 4

l "Creating a System Administrator" on Page 4

l "Adding Trust Hosts" on Page 6

l "Upgrading StoneOS Firmware" on Page 7

l "Updating Signature Database" on Page 7

3. "Connecting to Internet Under Routing Mode" on Page 9

4. "Restoring Factory Settings" on Page 17

Getting Started Guide 1

Initial Visit to Web Interface
Interface eth0/0 is configured with IP address 192.168.1.1/24 by default and it is open to SSH、
PING、SNMP、HTTP connection types(except for some custom versions). For the initial visit,
use this interface.
To visit the web interface for the first time, take the following steps:

1. Go to your computer's Ethernet properties and set the IPv4 protocol as below.

2. Connect an RJ-45 Ethernet cable from your computer to the eth0/0 of the device.

2 Getting Started Guide

 3. In your browser's address bar, type "http://192.168.1.1" and press Enter.

4. In the login interface, type the default username and password: hillstone/hillstone.

5. At the first sign of address, the user needs to read and accept the EULA ( end-user license
agreements ), click EULA to view the details of EULA.

6. Click Login, and the device's system will initiate.

Getting Started Guide 3

Preparing the StoneOS System

Installing Licenses
Licenses control features and performance.
Before installing any license, you must purchase a license code.
To install a license, take the following steps:

1. Go to System > License.

Click Import to open Import License page.Choose one of the three ways to import a
license:

2.

l Upload License File: Select the radio button, click Browse, and select the license file
(a .txt file).

l Manual Input: Select the radio button, and paste the license code into the text box.

3. Click OK.

4. To make the license take effect, reboot the system. Go to System > Device Management >
Options, and click Reboot.

Creating a System Administrator

System administrator has the authority to read, write and execute all the features in system.
To create a system administrator, take the following steps:

4 Getting Started Guide

 1. Go to System > Device Management > Administrator.

2. Click New.

In the Admin Configuration dialog box, enter values

Option Value

Name Admin

Role Administrator

Password 123456

Confirm Pass- 123456

word

Getting Started Guide 5

 Option Value

Login Type Select Telnet, SSH, HTTPand HTTPS.

3. Click OK.

Notes: The system has a default administrator "hillstone" , which cannot be deleted
or renamed.

Adding Trust Hosts

The trust host is administrator's host. Only computers included in the trust hosts can manage sys-
tem.
To add a trust host, take the following steps:

1. Go to System > Device Management.

2. Select Trusted Host tab, and click New.

In the Trust Host Configuration dialog box, enter value

6 Getting Started Guide

 Option Value

Type Select IP/Netmask

IP 192.168.1.2/24

Login Type Select all: Telnet, SSH, HTTP and HTTPS

3. Click OK.

Upgrading StoneOS Firmware

Notes: Back up your configuration files before upgrading your system.

To upgrade your system firmware, take the following steps:

1. Go to System > Upgrade Management.

2. Select Browse and choose the new image from your local computer.

3. Click Reboot to make new firmware take effect, then click Apply.

4. System will automatically reboot when it finishes installing the new firmware.

Updating Signature Database

Features that require constant updates of signature are license controlled. You must purchase the
license in order to be able to update the signature libraries. By default, the system will auto-
matically update the databases daily.
Toupdate a database, take the following steps:

1. Go to System > Upgrade Management, and click the <Signature Database Update> tab.

2. Find your intended database, and choose one of the following two ways to upgrade.

l Remote Update: Click Update , and system will automatically update the database.

Getting Started Guide 7

 l Local Update: Select Browse to open the file explorer, and select your local signature
file to import it into system.

8 Getting Started Guide

Connecting to Internet Under Routing Mode
In routing mode, the device is working as a gateway and router between two networks. This sec-
tion shows how to connect and configure a new Hillstone device in routing mode to securely con-
nect the private network to the Internet.

To get your private network access to Internet through a Hillstone device, take the following
steps:
Step 1: Connecting to the device

1. Connect one port (e.g. eth0/1) of Hillstone device to your ISP network. In this way,
"eth0/1" is in the untrust zone.

2. Connect your internal network to another Ethernet interfaces (e.g. eth0/0) of the device.
This means "eth0/0" is connected to the trust zone.

3. Power on the Hillstone device and your PCs.

4. If one of the internal interfaces already has been configured with an IP address, use a
browser to visit that address from one of your internal PCs.
If it is a new device, use the methods in "Initial Visit to Web Interface" on Page 2 to visit.

5. Enter "hillstone" for both the username and the password.

Step 2: Configuring interfaces

Getting Started Guide 9

 1. Go to Network > Interface.

2. Double click ethernet0/1.

10 Getting Started Guide

 In the Ethernet Interface dialog box, enter values

Option Value

Binding Zone L3-zone

Zone untrust

Type Static IP

IP Address 202.10.1.2 (public IP address provided by your ISP)

Netmask 255.255.255.0

Management Select protocols that you want to use to access the

device.

3. Click OK.

Step 3: Creating a NAT rule to translate internal IP to public IP

Getting Started Guide 11

 1. Go to Policy > NAT > SNAT.

2. Click New

In the SNAT Configuration dialog box, enter values

Option Value

Source Address Entry, Any

Address

Destination Address Entry, Any

Address

12 Getting Started Guide

 Option Value

Egress Egress interface, ethernet 0/1

Translated Egress IP

Sticky Enable

3. Click OK.

Step 4: Creating a security policy to allow internal users access Internet.

1. Go to Policy > Security Policy>Policy.

2. Click New,select Policy from the drop-down list.

Getting Started Guide 13

 In the Policy Configuration dialog box, enter values.

Source Information

Zone trust

Address Any

14 Getting Started Guide

 Destination Information

Zone untrust

Address Any

Other Information

Service/Service Group Any

APP/APP Group -----

Action Permit

3. Click OK.

Step 5: Configuring a default route

1. Go to Network >Routing > Destination Route.

Getting Started Guide 15

 2. Click New.

In the Destination Route Configuration dialog box, enter values.

Option Value

Destination 0.0.0.0 (means all network)

Subnet Mask 0.0.0.0 (means all subnets)

Gateway 202.10.1.1 (gateway provided by your ISP)

3. Click OK.

16 Getting Started Guide

Restoring Factory Settings

Notes: Resetting your device will erase all configurations, including the settings that
have been saved. Please be cautious!

To restore the factory default settings, use one of the following ways:

l "Restoring using a pin" on Page 17

l "Restoring via WebUI" on Page 19

Restoring using a pin

To restore factory default settings using a pin, take the following steps:

Model Step

SG-6000-X10800、SG-6000-X9180、SG- 1. Keep the device powered on.

6000-X8180
2. If only one SCM module is installed, use
a pin to press the CLR button in the pin-
hole of the SCM module; if two SCM
modules are installed, use a pin to press
the CLR button in the pinhole of one
SCM module, and then use a pin to press
the CLR button in the pinhole of the
other SCM module simultaneously
within 5 seconds.

3. Keep pressing until the STA and PWR

LEDs of the SCM module(s) turn solid
red. System will start to reset itself.

Getting Started Guide 17

Model Step

4. When restoring is complete, system will

reboot automatically.

SG-6000-X7180、SG-6000-X6180、SG-6000- Method 1:
X6150、SG-6000-X6150-GS
1. Power off the device.
SG-6000- C4000、SG-6000-C3100、SG-6000-
C3000、SG-6000-C2100、SG-6000-C2000、 2. Use a pin to press the CLR button in the

SG-6000-C1500、SG-6000-C1300、SG-6000- pinhole; keep pressing and power on the

C1200W、SG-6000-C1000、SG-6000-C600 device.

SG-6000- E5960、SG-6000-E5760、SG-6000- 3. Keep pressing until the STA and ALM

E5660、SG-6000-E2800、SG-6000-E2800- LEDs turn solid red. System will start to
GM、SG-6000-E2300、E2300-GM、SG- reset itself.
6000-E1700、SG-6000-E1700-GM、SG-
4. When restoring is complete, system will
6000-E1606、SG-6000-E1605、SG-6000-
reboot automatically.
E1600、SG-6000-E1600-GM、SG-6000-
Method 2:
E1500、SG-6000-E1100
1. Keep the device powered on.

2. With the STA LED blinking, use a pin

to press the CLR button in the pinhole
for 2 minutes.

3. Keep pressing until the STA and ALM

LEDs turn solid red. System will start to
reset itself.

4. When restoring is complete, system will

reboot automatically.

SG-6000- E6368、SG-6000-E6360、SG-6000- 1. When the device is working, use a pin to

18 Getting Started Guide

Model Step

E6168、SG-6000-E6160、SG-6000-E5960- press the CLR button in the pinhole and

GM、SG-6000-E5568、SG-6000-E5560、SG- the device will restart.
6000-E5268、SG-6000-E5260、SG-6000-
2. After the device restarts, the CON port
E5168、SG-6000-E3968、SG-6000-E3965、
outputs the information of CLR button
SG-6000-E3960、SG-6000-E3960-GM、SG-
pressed and the STA and ALM LEDs
6000-E3668、SG-6000-E3662、SG-6000-
turn solid red. After the LEDs turn off,
E3660、SG-6000-E3660-GM、SG-6000-
the device will restart again.
E2868、SG-6000-E2860
SG-6000-C6050、SG-6000-C5650、SG-6000-
C5450、SG-6000-C5250、SG-6000-C5050、
SG-6000-C4550、SG-6000-C4100
SG-6000-T5860、SG-6000-T5060、SG-6000-
T3860、SG-6000-T2860、SG-6000-T1860
SG-6000-A3800、SG-6000-A3700、SG-6000-
A3600、SG-6000-A3000、SG-6000-A2600、
SG-6000-A2000、SG-6000-A1100、SG-6000-
A1000
SG-6000-K9180

SG-6000-K6280、SG-6000-K3680、SG-6000- There is no CLR button on those models. To

K2680 restore the factory default settings of those mod-
els, contact Hillstone Technical Support.

Restoring via WebUI

To restore factory default settings via WebUI, take the following steps:

Getting Started Guide 19

 1. Go to System > Configuration File Management>Configuration File List.

2. Click Backup Restore.

3. In the prompt, click Restore.

4. Click OK to confirm.

5. The device will automatically reboot and be back to factory settings.

20 Getting Started Guide