Basic firewall setup

This procedure assumes:

This is a new installation in a non-running system or the firewall is being installed in a running system with no communications between DeltaV workstations and the plant LAN.
The firewall is at the default settings to start.
You have printed and completed the Smart Firewall configuration worksheets and have the required setup information available.
You have some basic knowledge about Ethernet networks and understand how to set up the network addressing of the firewall and use basic Windows command line commands to test communications between computers.

This procedure follows a best practices approach to configuring the firewall and establishing communications between computers on either side of the firewall. There are many ways to accomplish this and you are welcome to develop the procedure that best fits the deployment method used in your company. Review the entire procedure before starting the firewall setup for the first time.

Note

If you are deploying the Emerson Smart Firewall in a system with existing communications between DeltaV workstations and external computers there are deployment issues to consider that are not covered in this procedure. Depending on the existing network architecture there are network addressing issues that must be resolved to ensure that the existing communications continue to function after the firewall is installed. It is recommended that you work with your IT department for help in deploying the Emerson Smart Firewall.

Ensure that the PC connected to the firewall is set to obtain IP address from firewall or it has a static 192.168.1.XXX /255.255.255.0 address and subnet mask. The firewall's web UI defaults to this subnet and will assign the PC an address using DHCP.
Connect the network cable and wait for the PC to obtain an address or wait until the PC shows that there are communications with the firewall.
Open Internet Explorer and go to https://192.168.1.1. You will get a certificate error warning because the firewall uses secure HTTP but Emerson does not install certificates. You can ignore this warning.
Click the account link on the web UI's toolbar and change the administrator's default password.
It is a best practice to change the default admin password. Be sure to note the new password. If you forget the password it can be reset using the serial interface.
In the firewall's web user interface (UI) navigate to the Configuration tab, select System time, set the time zone and click Apply.
On the Configuration tab, make a selection in the Change system time area and click Apply. If you are not using an NTP server or if the firewall is not connected to the NTP server yet then select Synchronize with local machine.
It is good practice to immediately set the logging function to the current local time in order for setup events to be correctly logged.
Navigate to Administration → Backup/Restore and create a backup. It is recommended that you give the backup a meaningful name such as "firewall defaults". Since there is no menu selection to reset the firewall to the default settings, you can use this backup to restore the firewall to the default settings if necessary.
Navigate to Administration → Configuration audit and save the default settings as a text file. This will provide documentation if you need to reset a specific parameter to a default value.
On the Configuration tab, click External USB drive and click the Save Now button to test and ensure the USB drive is functioning correctly.
If you receive an error that the configuration cannot be saved, remove the USB drive from the firewall and format it with FAT32 using any Windows computer. If the USB drive is faulty, it may need to be replaced with a 4GB Nano USB USB 2.0 compatible with Windows. Reinstall the cover to protect the USB interface.
On the Configuration tab, click Technical Support and see if any errors are logged. If there are errors, save a copy of the error package to send to Emerson for analysis. An error log does not necessarily indicate that you need to stop using the firewall so you can continue with the setup.
If you will be sharing firewall administrator duties this is a good time to create the other administrator users using a default password. It is good practice for users to log in with a unique user name so you can track any changes. You can also create a View only user if required. Since it is view only it is possible to create a single shared user for this function.

This completes the basic firewall setup. The next step is to install the firewall in the network where it will eventually reside.