Symantec Network Security 7100 Series frequently asked questions

Article:TECH112445  |  Created: 2004-01-15  |  Updated: 2005-01-05  |  Article URL http://www.symantec.com/docs/TECH112445
Article Type
Technical Solution


Issue



This document provides answers to some of the most commonly seen questions and issues for Symantec Network Security 7100 Series.


Solution



Where is the compact flash card and do I need one?
Symantec Network Security 7100 Series does not include a CF card. You can purchase a CF card at most retail computer outlets.

Though CF cards can be used for maintenance tasks such as backing up and restoring the configuration, the only task that requires a CF card is re-imaging the appliance. Re-imaging is used when applying the original factory image to the appliance, when updating the appliance to a new major or minor version of the operating system, and when updating the appliance to a new major version Symantec Network Security 7100 Series.

For more information, read the Using a Compact Flash with Symantec Network Security 7100 Series document.

When is it necessary to re-image the appliance?
The appliance requires re-imaging in order to apply specific types of updates to Symantec Network Security 7100 Series. Most updates do not require re-imaging the appliance. The updates that require re-imaging include a new release of Symantec Network Security 7100 Series, such as when the update includes a new major version of the operating system.

The appliance also requires re-imaging when you want to apply the original factory image to the appliance, such as when you encounter a problem that cannot readily be solved by other means, such as unconfiguring and reconfiguring the appliance.

How is unconfiguring the appliance different from re-imaging the appliance?
Re-imaging the appliance reformats the hard drive and applies the original image from the manufacturer. The process restores the appliance to the state that it was in before applying updates and configuring settings.

Unconfiguring the appliance removes specific directories and most settings. It does not remove all files and directories. After you unconfigure the appliance, the appliance is ready to be configured. When you then reconfigure the appliance, the process reinstalls the removed directories from an existing directory on the appliance.

Unconfiguring the appliance does not remove the license. It does remove all applied security updates, engine updates, and patches, including patches that update the kernel. It also removes the existing configuration except that some of the IP information, such as the DNS server, is retained. The process erases the IP address, passwords, and node number. It removes the node object from the topology in the Network Security console.

SNS 7100 has three methods for unconfiguring the appliance, which all make the same changes to the appliance. The difference between the methods is in how the appliance is accessed; from the Network Security console, from a serial console, or at the appliance itself.

How do I re-image the appliance?
Re-imaging the appliance reformats the hard drive and applies the original image from the manufacturer. Re-imaging the appliance requires a bootable Compact Flash (CF) card and an Imaging Server. To retain your configuration settings, you must create a backup of those settings before re-imaging the appliance.

To obtain a bootable CF card, read the section "How do I create a bootable CF card?" in the Using a Compact Flash with Symantec Network Security 7100 Series document.

You can save a backup of your configuration settings to a hard drive or to a CF card. To save it by means of the CF writer that is included with the appliance, use a non-bootable CF card. For instructions, read the sections "Saving initial configuration" on page 146 and "Saving your configuration" on page 170 of the Symantec Network Security 7100 Series Implementation Guide.

To restore the image, read the section "Re-imaging the appliance" on pages 178-181 in the Symantec Network Security 7100 Series Implementation Guide.

How do I create an Imaging Server?
To create an Imaging Server for use with the appliance, read the section "Setting up an Imaging Server" on page 173 of the Symantec Network Security 7100 Series Implementation Guide.

Before you begin the setup process, prepare the computer as follows:
  • Ensure that the computer that will become the Imaging Server is not on a subnet that has a separate DHCP server. During the setup process, the Imaging Server runs its own DHCP server. Having two DHCP servers on the same subnet is likely to cause communication problems.
  • If the computer that will become the Imaging Server is the DHCP server for the subnet, temporarily reconfigure it. For instructions, read the paragraph that begins with "If the Imaging Server is already configured as a DHCP server. . ." on page 175 of the Symantec Network Security 7100 Series Implementation Guide.
  • If the computer that will become the Imaging Server is on a switch that uses the Spanning Tree protocol, disable the Spanning Tree protocol on the interface to which the imaging server is connected. Otherwise, name resolution may time out if Spanning Tree takes more time to negotiate than the DHCP server allows for the Address Resolution protocol (ARP).

How do I obtain Security Updates and other updates?
You can obtain Security Updates, Engine Updates, and Product Updates (patches) by running LiveUpdate from the Network Security Console. For instructions, read the Applying Engine Updates, Security Updates, and Product Updates to Symantec Network Security 7100 Series document.

How do I rollback to a previous update?
At this time (May 2005), Symantec Network Security does not have a means by which you can uninstall selected updates. To rollback to a previous update, unconfigure and then reconfigure the appliance, and then install only the updates that you want.


References
Introduction to Symantec Network Security 7100 Series

Symantec Network Security 7100 Series documentation
Using a Compact Flash with Symantec Network Security 7100 Series
Compact Flash cards that have been tested with the Symantec Network Security 7100 Series appliance
Configuring the appliance for the Symantec Network Security 7100 Series






Legacy ID



2004071514122753


Article URL http://www.symantec.com/docs/TECH112445


Terms of use for this information are found in Legal Notices