Allied Telesis 5.5.3-1.x 10GbE UTM Firewall User Guide

: October 31, 2023
: Allied Telesis

Table of Contents

Allied Telesis 5.5.3-1.x 10GbE UTM Firewall
Getting the most from this Release Note
Introduction
Obtaining User Documentation
Backup the system
Backup application data
Remove obsolete files from memory
References
Read User Manual Online (PDF format)
Download This Manual (PDF format)

Allied Telesis 5.5.3-1.x 10GbE UTM Firewall

Allied-Telesis-5.5.3-1-x-10GbE-UTM-Firewall-PRODUCT

Acknowledgments
2023 Allied Telesis Inc. All rights reserved. No part of this publication may be reproduced without prior written permission from Allied Telesis, Inc. Allied Telesis, Inc. reserves the right to make changes in specifications and other information contained in this document without prior written notice. The information provided herein is subject to change without notice. In no event shall Allied Telesis, Inc. be liable for any incidental, special, indirect, or consequential damages whatsoever, including but not limited to lost profits, arising out of or related to this manual or the information contained herein, even if Allied Telesis, Inc. has been advised of, known, or should have known, the possibility of such damages.

Allied Telesis, AlliedWare Plus, Allied Telesis Management Framework, EPSRing, SwitchBlade, VCStack, and VCStack Plus are trademarks or registered trademarks in the United States and elsewhere of Allied Telesis, Inc. Adobe, Acrobat, and Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. Additional brands, names, and products mentioned herein may be trademarks of their respective companies.

Getting the most from this Release Note

To get the best from this release note, we recommend using Adobe Acrobat Reader version 8 or later. You can download Acrobat free from www.adobe.com

What’s New in 10G UTM
Firewall v5.5.3-1.3 (NFV-APL-1.8.2)

Introduction

This release note describes the new features in 10G UTM Firewall v5.5.3-1.3.You can obtain the software files from the Software Download area of the Allied Telesis website. Log in using your assigned email address and password. Contact your authorized Allied Telesis support center to obtain licenses.

Caution: Information in this release note is subject to change without notice and does not represent a commitment on the part of Allied Telesis, Inc.
While every effort has been made to ensure that the information contained within this document and the features and changes described are accurate, Allied Telesis, Inc. can not accept any type of liability for errors in, or omissions arising from, the use of this information.

UTM Firewall
The Allied Telesis 10G Unified Threat Management (UTM) Firewall is an ideal integrated security platform for modern businesses. A powerful 10G firewall and threat protection are combined with comprehensive VPN capability. Easily and securely connect the head office to branch offices for an innovative high- performance business solution. It is a virtualized version of the AlliedWare Plus Next Generation Firewall and runs on the Vista Manager Network Appliance (VST-APL). The software on the VST-APL consists of an ISO file containing the operating system, and an APP file for the 10G UTM Firewall application. When you upgrade, you must upgrade both the VST-APL operating system and the application to a supported set of versions, as shown in the following table:

Table 1: NFV-APL-1.8.2 Software component versions

Software Component	Version
VST-APL Operating System	Version 1.8.3: ATVSTAPL-1.8.3.iso
AW+ Firewall application	Version 5.5.3-1.3

vfw-x86-64-5.5.3-1.3.app

New features in 5.5.3-1.3
This version adds:

new features and enhancements as described in the AlliedWare Plus Release Note.

Obtaining User Documentation

10GbE UTM
Firewall
documentation
The Datasheet, Installation Guide, User Guide, and Release Notes for 10GbE UTM Firewall are available from:

10GbE UTM Firewall Datasheet
Vista Manager Appliance (VST-APL) Installation Guide.
10GbE UTM Firewall Release Note
AlliedWare Plus Release Note
Isolating Traffic with the 10GbE UTM Firewall
Feature Overview and Configuration

Guide
Getting Started with the Device GUI on UTM Firewalls
Vista Manager Network Appliance (VST-APL) User Guide

AlliedWare Plus documentation
For full AlliedWare Plus documentation, see our online documentation library on our website, alliedtelesis.com.

Upgrading the VST-APL appliance and the firewall app
To upgrade, you need to
“Backup the system” on page 6
“Backup application data” on page 8
“Download component software” on page 8
“Upgrade the 10GbE UTM Firewall app” on page 10
“Remove obsolete files from memory” on page 11

Backup the system

You can use the Backup and Restore feature to create a backup file for a VST- APL Network Appliance.

The backup file records, and can be restored: the appliance configuration
of the APP file stored in the appliance’s persistent memory.
These contain the image of the application software.
snapshots of the application instance. This is a snapshot of the configuration and application data of an application instance on the device.

Backup and restore: back up the appliance
To back up all the appliance configuration, any application image files (.app), and the application data for the application instance, follow these steps. This provides a backup that can later be used to restore the application instance or the application configuration and application instance.

If there is an unsaved appliance configuration that you want to include in the backup, click the Save button at the top of the VST-APL GUI page.
Connect external media for storing the backup to the appliance’s USB port. The external media must have one of the following supported formats: FAT32, exFAT, ext2, ext3 or ext4. Note that if the external media file system format does not support a sufficiently large file size, the backup will fail. Choose a different external media with a file system format that supports a larger maximum file size, such as ext4.
In the VST-APL menu, navigate to System > Backup and Restore
On the Backup and Restore page, click + Create Backup at the top right of the Previous Backups panel. The Backup dialog box opens, showing the default settings for the backup you are about to create, and the storage space it estimates that you need to have free on the external media. In the Backup dialog box, click the down arrow at the right of Select backup location, and from the locations available, choose the external media connected previously. Check that the backup location has sufficient free space for the new backup file. You can see the free space available on the backup media in this panel. You can also see the file system of the external media by navigating to the System > File Management page and then clicking in the file path at the top of the File System (fs) panel.
By default, the backup configuration sets the device to back up everything it can. Check that the following are selected for backup:
- Back up configuration file? is set to Yes. This sets the file default.cfg to back up.
- the application image file stored in the device’s file system: vfw-x86_64-x.x.x.app
- the firewall application instance on the device.
- If an application instance to back up does not show the firewall app, then make sure it is Running or Stopped. (To check this, from the VST-APL menu, navigate to the
- VST-APL page for the application or to System > Container Services).
Click the green Back Up Now button at the bottom right. The backup dialog box closes, and the current backup job shows in the In Progress panel in the Backup and Restore page. Backing up may take several minutes. The backup filename will have a format like this:_backup_YYYYMMDD_HHMMSS.abk for example A103590000000000_backup_20220113_011350.abk. If the appliance estimates that the space required for the backup is close to the free space available on the external media, a pop-up window with a warning message appears after clicking Back Up Now. Consider providing more free space on the external media.
When the backup is complete, it disappears from the In Progress panel and shows in the Previous Backups panel. Here you can see the time (Last Modified) and file size of the backup. Status Valid confirms that the backup file has been stored successfully with a valid checksum file. For more information about the Backup and Restore feature and how to restore a VST-APL system or application, see the Vista Manager Network Appliance Technical Document page on our website.

Backup application data

We recommend backing up application data regularly. You should also back up the application data before following this upgrade procedure. See the relevant application’s user manual for information on how to back up an application.

Download component software
You need the new image file in the appliance’s persistent storage to change the running software. Make sure to upgrade the operating system and the application, so that they match. To see which version of the VST-APL operating system the appliance is currently running, use the VST-APL GUI to navigate to the System > About page. To see the application files loaded in the appliance memory, navigate to the System > File Management page. To see the current version of an application running on the appliance, go to the GUI page for the application by clicking on its menu item, and hover over the instance information icon in the Deployed Application panel. Caution: Ensure you obtain the software image files from Allied Telesis. If you try to install software that is not provided by Allied Telesis, there is a risk of corrupting the installation.

Download the following files from the Software Download Centre. Save them to a directory that the appliance can access, such as the device your GUI browser is running on.
ATVSTAPL-x.x.x.iso —the appliance software operating system, where x.x.x is the new version number of the operating system.
vfw-x86_64-x.x.x.app—the application image file for the new version of the 10GbE UTM Firewall app, where x.x.x is the new version number of the app you are installing.

Upgrade the operating system
Before upgrading the operating system, make sure to:

“Backup the system” on page 6
“Download component software” on page 8

To upgrade the VST-APL operating system, follow these steps

In the File Management page Set Boot Release File panel, click Browse.
Select the new software version and click Apply.
Reboot the appliance by clicking the green Reboot button at the top right of the File Management page.
Click Reboot again to confirm. The appliance will shut down any applications that are running, install the new version of the VST-APL operating system, and restart any applications that were running when the appliance configuration was last saved. This may take several minutes. The appliance configuration, including IP addressing, is retained from the last time it was saved.
When the upgrade has been completed, you will need to re-authenticate to access the appliance.
To verify the currently running software version, log in to your VST-APL Web GUI, and navigate to the System > About page. The Software Version should agree with the VST-APL Web GUI version.

Upgrade the 10GbE UTM Firewall app
The following section will guide you through the instructions for upgrading the 10GbE UTM Firewall on your device. Before upgrading the Firewall app, you need the image file for the Firewall app:

vfw-x86_64-x.x.x.app where x.x.x is the new version number you are installing.

Upload the new version and update the 10GbE UTM Firewall app

Log in to the Device GUI.
Navigate to the File Management page (System->File Management).
Click the Upload button, opening up the File Upload sub-menu.
Navigate to the vfw-x86_64-x.x.x.app file and select it.
Once the file is uploaded, select AW+ Firewall from the main menu.
If the AW+ Firewall is running, click on the Stop button.
Once the AW+ Firewall has stopped running, click on the Upgrade button.
Click on the arrow to open the drop-down, select the new version, and click Apply.
Click on the Start button to restart the AlliedWare Plus Firewall.

Remove obsolete files from memory

You can make more space available in the device’s persistent memory by removing obsolete files. We recommend removing the .iso file for the previous version of the operating system. Keep the current versions.