Main
RF760/660/600VPN Internet Security Appliance
User Guide
User Guide
Record of Revisions
Patents
Trademarks
Technical Support
Contents
Page
Page
Page
Chapter 1 Product Description, Features, and Overview
Product Description
Features
Feature Highlights
Ship Kit Contents
Software Recovery CD Warning
License Keys
System License Key
What to Do if a Trial License Key Expires
URL Categorization License Key
AntiVirus License Key
Safety Warnings
Lithium Battery Caution
Ethernet Ports Caution
Software Recovery CD Warning
Telecom Warnings for Modem
RouteFinder Front Panels
RF760/660VPN Front Panel
When 10, the LED is Off. When 100, the LED is Green. When 1G, the LED is Orange.
RF600VPN
General LED Descriptions
LAN, WAN, DMZ LED Descriptions
RouteFinder Back Panels
RF760VPN Back Panel
RF660VPN Back Panel
RF600VPN Back Panel
Specifications
Appliance Features RF760VPN RF660VPN RF600VPN
VPN Features RF760VPN RF660VPN RF600VPN
Firewall Features RF760VPN RF660VPN RF600VPN
Management Features RF760VPN RF660VPN RF600VPN
Power & Physical Description
RF760VPN RF660VPN RF600VPN
Overview of RouteFinder VPN Technology
Networks
The Firewall
Network Components That Work with the Firewall
Network Layer Firewalls: Packet Filter
Application Layer Gateways: Proxies
Protection Mechanisms
Page
Typical Applications
Chapter 2 Installation
Pre-Installation Planning
Planning and Establishing the Corporate Security Policy
Contents of a Corporate Internet Security Policy
Planning the Network
System Administrator Required Planning
Installation Overview
Hardware Installation Procedure
Cabling Overview
Setting up a Workstation and Starting the RouteFinder VPN
Connections
Power Up
Open a Web Browser
Login
Web Management Software Opens
Navigating Through the Screens
The Web Management Screen
RouteFinder Menu Bar Menu Selections
Screen Buttons
Chapter 2 Installation
Sub-Menu
Menus and Sub-Menus
Chapter 3 Configuration
Initial Configuration Step
Set Up Your Time Zone
Second Configuration Step
The Wizard Setup Screen
Your Basic Configuration Is Now Complete
Chapter 4 Configuration Examples
Example 1 LAN-to-LAN VPN (Branch Office)
Setup Networks & Services
Set Packet Filters
Set VPN IPSec Protocol
Configuring Site B
Example 2 Remote Client-to-LAN VPN Configuration
Page
Page
Chapter 5 URL Categorization
Important Settings
Setting Up HTTP Proxy and URL Filtering
Page
How to Test Web Sites for Blocking
How to Test the Filtering
Establishing Filtering Rules for Networks and Hosts
Submitting a Site to SurfControl for Reconsideration
Chapter 6 RouteFinder Software
Menu Bar
Important Note About Logout
Logout Closes the Software Program and Saves Settings
Administration
Administration > System Setup
Email Notification
Configure Email Notifications the RouteFinder VPN Will Send
SNMP Agent Community Name
System Logging
System Time
Backward time adjustment (summer to wintertime)
Administration > SSH
What Is SSH
Prerequisites
Status and SSH Port
Allowed Networks
Administration > SNTP Client
Administration > Administrative Access
Administrative Access - Available Networks and Allowed Network
Change Password
Time Before Automatic Disconnect
Administrative Access HTTPS Port
Administrative Access HTTP Port
Logo and Version on Logon Page
Administration > Site Certificate
Enter the Certificate Information
Click Save
Administration > License Key
Administration > Intrusion Detection
Intrusion Detection
Network Intrusion Detection
User-Defined Network Intrusion Detection Rules
Administration > Tools
PING
Trace Route
TCP Connect
Administration > System Scheduler
Administration > Factory Defaults
Administration > User Authentication > Local Users
Prerequisite
User Definition
Administration > User Authentication > RADIUS & SAM
RADIUS Prerequisite
RADIUS Settings
SAM Prerequisite
SAM
SAM Settings
Administration > Restart
Administration > Shutdown
Networks & Services
Networks & Services > Networks
Add Network
How to Confirm Your Entries
Entries on This Screen Affect Other Screens
Networks & Services > Services
Add Services
Editing and Deleting User-Added Services
Notes About Protocols
Entries on This Screen Affect Other Screens
Networks & Services > Network Groups
Rules and Suggestions for Establishing a Network Group
About the Screen
Add Network Group
Select Group [Group Names Entered Above Now Display Here]
Networks & Services > Service Groups
Rules and Suggestions for Establishing Service Groups
About the Screen
Add Service Group
Select Group [Group Names Entered Above Now Display Here]
Proxy
General Information About Proxies
Proxy Services and Authentication Methods
To Switch Off Proxy Using Netscape Navigator
To Switch Off Proxy Using Microsoft Internet Explorer
Proxy > HTTP Proxy
HTTP Proxy Section
URL Categorization Section of the Main Proxy HTTP Screen
User Authentication Section of the Main Proxy HTTP Screen
Proxy > HTTP Proxy > Custom Filters
Default Action for Custom URL Lists
Add Custom URL List
Page
Proxy > SMTP Proxy
Rules and Suggestions for Using SMTP Proxy
SMTP Proxy
Page
Page
Proxy
>
SMTP Proxy
>
SMTP SPAM Filtering
Page
Page
Proxy > POP3 Proxy
POP3 Virus Protection
Remote POP3 Virus Protection
Proxy > POP3 Proxy > POP3 SPAM Filtering
POP3 SPAM Protection
POP3 SPAM Filtering
Page
Proxy > SOCKS Proxy
SOCKS Proxy
Page
Proxy > DNS Proxy
DNS Proxy
Network Setup
About Interfaces
About the Interfaces Screen
Network Setup > Interface
Local Host
Domain Name Server
WINS Server
Network Cards
IP Aliases
Network Setup > PPP
PPP Settings
Change Your Country/Region Code
Network Setup > PPPoE
PPPoE on WAN
Network Setup > DHCP Client
Network Setup > Dynamic DNS
Dynamic DNS Settings
Network Setup > Routes
Add Routes - Interface Route
Network Setup > Masquerading
Masquerading
Network Setup > SNAT
Important
Add SNAT Definition
Network Setup > DNAT
Add DNAT Definition
DNAT Example
Examples of DNAT Network Combinations
DHCP Server
DHCP Server > Subnet Settings
DHCP Server on LAN
DHCP Server > Fixed Addresses
DHCP Server Fixed Addresses
Tracking
Tracking > Accounting
Accounting Device
IP-Based Accounting
VPN Accounting
Tracking > Update Services
System Update Server
Virus Update Server
Page
Tracking > Backup
Backup
Status
Tracking > Version Control
CVS Settings
Examples
1. Make sure the lines cvspserver 2401/tcp and cvspserver 2401/udp are present in:
Packet Filters
Packet Filters > Packet Filter Rules
Prerequisites
Show Packet Filter Rules in Popup Window
System Defined Rules
Add User Defined Packet Filter Rules
Packet Filters > ICMP
ICMP Forwarding
ICMP on Firewall
Packet Filters > Advanced
Packet Filters > Enable/Disable Log
Enable/Disable Logging
VPN (Virtual Private Networks)
VPN > IPSec
Introduction to Virtual Private Networks
The VPN Main Screen
VPN IPSec Settings
Add an IKE Connection
Page
Add a Manual Connection
Page
VPN > x.509 Certificates
Certificate of Authority Generation
Certificate Generation
VPN > IPSec Bridging
VPN > PPTP
If you are using Windows or 98, you may also have to update Microsoft RAS update.
About Setting Up PPTP Users
PPTP Settings
User Authentication
Wizard Setup
Wizard Setup Screen
General Settings
LAN Settings
WAN Settings
Page
Statistics & Logs
Statistics & Logs
Uptime
Statistics and Logs > Hardware
What the Graphs Show
Statistics and Logs
Networks
Network Interface Cards
Routing Table
Network Connections
Interfaces
SMTP Proxy
Accounting
Interface Based Accounting
IP Based Accounting
VPN Based Accounting
Self Monitor
Example of a Self Monitor Live Log Report
IPSec
IPSec Live Log
IPSec Live Connections
PPTP
PPTP Live Log
Packet Filter
Show Logs
View All Logs
Backup Logs
>
Port Scans
> V
Intrusion Detection Live Log
Portscan Live Log
iew Logs
HTTP Access
DHCP
Example of a DHCP Log
Page
Chapter 7 User Authentication Methods
Proxy Services and Authentication Methods
NT SAM (SMB) User Authentication
Local" RouteFinder User Authentication
Which Method Should You Choose?
Authentication Setup
Setting Up RADIUS Authentication
Setting Up A Microsoft IAS RADIUS Server
Setting Up NT/2000 SAM (SMB) Authentication
Chapter 8 Frequently Asked Questions (FAQs)
Page
Page
Page
Page
Page
Chapter 9 Troubleshooting
Page
Appendix A Disposition of Events for the RouteFinder v3.2x
1. Abstract
Disposition of Events
Access Request
Inbound Access Request
Outbound Access Request
II. Inbound Access Log
Inbound Access (DNAT with Connection Tracking)
III. Outbound Access Log
IV. Access Requests through Firewall Dropped
V. Access Requests to Firewall Dropped
Page
Page
Appendix B The RouteFinder Rescue Kernel
What Is a Rescue Kernel?
Before You Start
ISO Image Directions
Links You Will Need During the Install Process
Method 1 How to Perform the Install Using No External Server
Assumptions:
Method 2 How to Perform the Install Using an External FTP Server
Assumptions:
Page
Board Components
PC Board Component Descriptions
Hardware Upgrades and Add-ons
Top Cover Removal
RF660VPN Processor Upgrade
Memory Upgrade
Hard Disk Drive Upgrade
CD-ROM Drive Add-on
Keyboard Connection
Monitor Connection
Software Add-ons
SSH Sentinel IPSec VPN Client Software
Email Anti-Virus Code
Overnight Replacement Service
Appendix D CD-ROM Drive Adapter and Pin Out
CD-ROM Drive Adapter Dimensions
CD-ROM Drive Adapter Pin Out
Appendix E RouteFinder Maintenance
Housekeeping
Monitoring
Updating
Appendix F Ordering Accessories
SupplyNet Online Ordering Instructions
Appendix G Technical Support
Technical Support Contacts
Recording RouteFinder Information
Appendix H - Multi-Tech Systems, Inc. Warranty and Repairs Policies
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 162
Appendix H Multi-Tech Systems, Inc. Warranty and Repairs Policies
Multi-Tech Warranty Statement
Repair Procedures for U.S. and Canadian Customers
Repair Procedures for International Customers
Appendix H - Multi-Tech Systems, Inc. Warranty and Repairs Policies
Repair Procedures for International Distributors
Appendix I Regulatory Compliance
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 164
Appendix I Regulatory Compliance
EMC, Safety, and R&TTR Directive Compliance
FCC Part 15 Regulation for the Modem Operation
FCC Part 68 Telecom for the Modem Operation
Appendix I Regulatory Compliance
Industry Canada for the Modem Operation
Canadian Limitations Notice for the Modem Operation
Appendix J License Agreements
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 166
Appendix J License Agreements
Multi-Tech Systems, Inc. End User License Agreement (EULA)
IMPORTANT - READ BEFORE OPENING THE SOFTWARE PACKAGE
Multi-Tech Software License Agreement
Appendix J License Agreements
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 167
Multi-User Limited Warranty and License Agreement
Appendix J License Agreements
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 168
GNU GENERAL PUBLIC LICENSE
Preamble
Page
Appendix J License Agreements
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 170
SurfControl URL Filtering End-User Terms
1. DEFINITIONS
2. GRANT OF LICENSE
3. OWNERSHIP
4. COPY RESTRICTION
Appendix J License Agreements
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 171
6. TRANSFER RESTRICTIONS
7. TERMINATION
8. MAINTENANCE AND UPGRADE POLICY
Appendix J License Agreements
Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 172
12. U.S. GOVERNMENT RESTRICTED RIGHTS
13. INDEMNITY
14. IMPORT/EXPORT
Kaspersky Standard End User License Agreement.
Standard End User License Agreement
Support
Limited Warranty
Limitation of Liability
Appendix K Waste Electrical and Electronic Equipment Directive (WEEE)
Waste Electrical and Electronic Equipment (WEEE) Directive
Instructions for Disposal of WEEE by Users in the European Union
Glossary
Page
Page
Page
Page
Page
Page
Page
Page
Page
Index
3
A
B
C
F
G
K
H
I
O
P
R
S
T
U
V
W
X
