The Security module serving as the FTP client and the PC serving as the FTP server Step1 Set up an upgrade environment.
Connect the PC to an Ethernet interface (for example, GigabitEthernet 0/1) on the Security module and ensure the connectivity between them.
• Use a crossover Ethernet cable to connect Ethernet interface GigabitEthernet 0/1 on the Security module to the PC.
• Configure IP addresses for the FTP server and client and ensure that they are on the same network segment. In this example, the IP address of the FTP server (PC) is 192.168.80.200 and that of the FTP client (GigabitEthernet 0/1) is 192.168.80.10. Use the ping command to check the connectivity between them.
• Enable the terminal emulation program on the PC. NOTE:
• For modules except SSL VPN modules, to upgrade using the CLI, you need only directly connect the PC
to the Security module.
• For the SSL VPN module, because the module does not provide service ports on its panel, you need to
use a crossover Ethernet cable to connect the service port (such as GigabitEthernet 3/0/1) of the switch or router to the PC, and guarantee that the Security SSL VPN module can communicate with the PC.
Step2 Use the dir command to query the files in the current file system and the available space on the CF card to prepare for application upgrade. For the query method, see step 2 in “Upgrading Application Files with TFTP at the CLI”.
Step3 Log in to the FTP server.
<HP> ftp 192.168.80.200 Trying 192.168.80.200 ... Press CTRL+K to abort
Connected to 192.168.80.200.
220 3Com 3CDaemon FTP Server Version 2.0 User(192.168.80.200:(none)):guest
331 User name ok, need password Password:
[ftp]
Step4 Upgrade applications.
Using FTP, you can download application files from the FTP server to overwrite existing application files on the Security module to implement application upgrade. The upgraded application files take effect at the next boot.
# Download the main.bin file from the FTP server to the Security module.
[ftp] get main.bin main.bin
cfa0:/main.bin has been existing. Overwrite it? [Y/N]:y 227 Entering passive mode (192,168,80,200,5,33)
125 Using existing data connection
226 Closing data connection; File transfer successful.
FTP: 10867848 byte(s) received in 472.515 second(s), 23.00K byte(s)/sec
NOTE:
• When you download an application file, if the file name already exists on the Security module, you will
be prompted whether to overwrite the existing file. You need to enter Y or N to make a confirmation.
• You can upgrade configuration files in the way you upgrade application files. You can use a text editor
to modify a configuration file. You can download the modified configuration file to the Security module and the modified configuration file takes effect at the next boot.
• If you want the Security module to use the downloaded file, you need to specify the file for the next boot.
For related information, see “Specifying Files”.
Step5 Back up application files.
Using FTP, you can upload application files from the Security module to the FTP server for the backup purpose.
# Upload the main.bin file from the Security module to the FTP server and save it as main.bin.
[ftp] put main.bin main.bin
227 Entering passive mode (192,168,80,200,5,34) 125 Using existing data connection
226 Closing data connection; File transfer successful.
FTP: 10867848 byte(s) sent in 172.505 second(s), 63.00Kbyte(s)/sec [ftp] quit
221 Service closing control connection
NOTE:
• When you back up an application file, if the file name already exists on the FTP server, the existing file
will directly be overwritten.
• You can back up configuration files in the way you back up application files.
The Security module serving as the FTP server and the PC serving as the FTP client Step1 Set up an upgrade environment.
Connect the PC to an Ethernet interface (for example, GigabitEthernet 0/1) on the Security module and ensure the connectivity between them.
• Use a crossover Ethernet cable to connect Ethernet interface GigabitEthernet 0/1 on the Security module to the PC.
• Configure IP addresses for the Security module and the PC and ensure that they are on the same network segment. In this example, the IP address of Ethernet interface GigabitEthernet 0/1 on the Security module is 192.168.80.10 and that of the PC is 192.168.80.200.
• Use the ping command to check the connectivity between them. Step2 Enable the FTP service.
# Enable the FTP server.
[HP] ftp server enable
# Configure an FTP username and password.
[HP] local-user guest
[HP-luser- guest] service-type ftp [HP-luser- guest] password simple 123456 [HP-luser-guest] level 3
NOTE:
• You can use the FTP service after you have configured authorization and authentication on the FTP
server. Multiple clients can simultaneously access the FTP server. A remote FTP client sends a request to the FTP server. The FTP server executes an action accordingly and returns the execution result to the FTP client.
• After you have configured authentication and authorization on the FTP server, you need to set the user
level to 3. Otherwise, when you use the backup files to restore those on the Security module, “You have
no rights to store files” will be prompted.
Step3 Enable the FTP client program on the PC.
In the following example, Windows XP’s built-in FTP client program is illustrated. Enter ftp in the DOS window.
C:\Documents and Settings\Administrator>ftp ftp>
ftp> open 192.168.80.10 Connected to 192.168.80.10. 220 FTP service ready.
User (192.168.80.10:(none)): guest 331 Password required for guest Password:
230 User logged in.
Step4 Upgrade applications.
Using FTP, you can upload application files from the client to overwrite the existing application files on the server (Security module) to implement application upgrade. The upgraded application files take effect at the next boot.
# Upload the main_bac.bin file from the PC to the Security module and save it as main.bin.
ftp> binary
200 Type set to I. ftp> lcd d:\update
Local directory now D:\update. ftp> put main_bac.bin main.bin
150 Opening BINARY mode data connection for main.bin. 226 Transfer complete.
FTP: 11673608 byte(s) sent in 7.648 second(s), 1526.00Kbyte(s)/sec
NOTE:
• When you upgrade an application file, if the file name already exists on the FTP server, the existing file
will directly be overwritten.
• You can upgrade configuration files in the way you upgrade application files. You can use a text editor
to modify a configuration file. You can download the modified configuration file to the Security module and the modified configuration file takes effect at the next boot.
Step5 Back up application files.
Using FTP, you can download application files from the FTP server (Security module) to the FTP client (the PC) for the backup purpose.
# Download the main.bin file from the Security module to the PC and save it as main_bac.bin.
ftp> get main.bin main_bac.bin 200 Port command okay.
150 Opening BINARY mode data connection for main.bin. 226 Transfer complete.
FTP: 11673608 byte(s) received in 12.735 second(s), 916.00K byte(s)/sec ftp> quit
NOTE:
• When you download an application file, if the file name already exists on the PC, you will be prompted
whether to overwrite the existing file. You need to enter Y or N to make a confirmation.
• You can back up configuration files in the way you back up application files.
Maintaining Files
You can maintain files on the file control submenu or at the CLI.
Maintaining Files on the File Control Submenu
You can modify the type of an application file, display all files, and delete a file on the file control submenu.
Select 4 on the main menu to enter the file control submenu as follows:
========================<File CONTROL>=======================
|Note:the operating device is cfa0 |
| <1> Display All File(s) |
| <2> Set Application File type |
| <3> Delete File |
| <0> Exit To Main Menu | ============================================================= Enter your choice(0-3):
Displaying all files
Select 1 on the file control submenu. The following information is displayed:
Display all file(s) in cfa0:
'M' = MAIN 'B' = BACKUP 'S' = SECURE 'N/A' = NOT ASSIGNED ============================================================= NO. Size(B) Time Type Name
1 10129712 Apr/11/2007 05:39:50 B cfa0:/main.bin 2 1227 May/11/2007 16:25:52 N/A cfa0:/startup.cfg 3 2294 May/11/2007 14:47:32 N/A cfa0:/~/startup.cfg 4 2094 May/11/2007 13:47:34 N/A cfa0:/~/startup_bac.cfg
Modifying a file type
You can modify the type of application files of type M, B or N/A except type S on the file control submenu, or at the CLI after the Security module boots.
Step1 Select 2 on the file control submenu. The following information is displayed:
'M' = MAIN 'B' = BACKUP 'S' = SECURE 'N/A' = NOT ASSIGNED ============================================================= NO. Size(B) Time Type Name
1 10129712 Jun/11/2007 05:39:50 B cfa0:/main.bin 0 Exit
============================================================= Enter file no:
Step2 Enter a file number (for example, 1) and press Enter. The following information is displayed.
Modify the file attribute:
| <1> +Main |
| <2> -Main |
| <3> +Backup |
| <4> -Backup |
| <0> Exit | Enter your choice(0-4):
You can add/remove a type attribute, M (main) or B (backup), to/from a file by selecting a choice 1 to 4. For more information of each type of files, see “Files”.
Deleting a file
Step1 Select 3 on the file control submenu. The following information is displayed:
Deleting the file in cfa0:
'M' = MAIN 'B' = BACKUP 'S' = SECURE 'N/A' = NOT ASSIGNED ============================================================= NO. Size(B) Time Type Name
1 10129712 Apr/11/2007 05:39:50 B cfa0:/main.bin 2 1227 May/11/2007 16:25:52 N/A cfa0:/startup.cfg 3 2294 May/11/2007 14:47:32 N/A cfa0:/~/startup.cfg 4 2094 May/11/2007 13:47:34 N/A cfa0:/~/startup_bac.cfg 0 Exit
============================================================= Enter file no:
The file you selected is cfa0:/~/startup_bac.cfg,Delete it? [Y/N]
Step3 Enter Y. The following information appears, indicating the file is successfully deleted.
Deleting... Done!