Multi-Tech Systems RF600, RF660, RF760 II. Inbound Access Log

Appendix A – Disposition of Events

Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 143

Admin Port Access Requests

All requests to the Administrative port (HTTPS/HTTP to the box using the WEB GUI) are logged as Admin Port Traffic.

Access requests logged as Admin Port Access requests correspond to LO1.F of Baseline module - version 4.0, ICSA Labs.

Figure 11 shows a snapshot of Admin Port Access log.

Startup History

The system startup Timestamp is logged as Startup History. Startup History corresponds to LO1.G of Baseline module -

version 4.0, ICSA Labs.

Figure 12 shows a snapshot of Startup History.

User Defined Log

User defined logging is classified as User logs. Administrators can log packets using the Packet Filers > Add User Defined

Packet Filter Rules and selecting LOG as the action.

Note: User logging is allowed only on routed packets.

Figure 13 shows a snapshot of user defined log.

Fragmented Packets Log

Fragments packets can be logged as Dropped Fragmented. Logging of Dropped Fragmented Packets can be configured

through Packet Filters > Advanced > Drop Fragmented Packets. Logging is allowed only if fragments are dropped.

Figure 14 shows a snapshot of Fragmented Packets log.

ICMP information

Information about ICMP requests is available in the remarks. Type and Code information is displayed after the event type.

ICMP information meets requirement LO2.G of Baseline module - version 4.0, ICSA Labs.

Figure 15 shows a snapshot with ICMP information.

II. Inbound Access Log

Figure 1 – Inbound Access

Figure 2 – Snapshot of Inbound Access Log

Description of Figure 2

The Access request originated from the source (204.26.122.9) to the destination (204.54.39.103) is accepted by the

candidate firewall. Classified as Inbound Accepted.

Contents

Main RF760/660/600VPN Internet Security Appliance User Guide User Guide Record of Revisions Patents Trademarks Technical Support Contents Page Page Page Chapter 1 Product Description, Features, and Overview Product Description Features Feature Highlights Ship Kit Contents Software Recovery CD Warning License Keys System License Key What to Do if a Trial License Key Expires URL Categorization License Key AntiVirus License Key Safety Warnings Lithium Battery Caution Ethernet Ports Caution Software Recovery CD Warning Telecom Warnings for Modem RouteFinder Front Panels RF760/660VPN Front Panel When 10, the LED is Off. When 100, the LED is Green. When 1G, the LED is Orange. RF600VPN General LED Descriptions LAN, WAN, DMZ LED Descriptions RouteFinder Back Panels RF760VPN Back Panel RF660VPN Back Panel RF600VPN Back Panel Specifications Appliance Features RF760VPN RF660VPN RF600VPN VPN Features RF760VPN RF660VPN RF600VPN Firewall Features RF760VPN RF660VPN RF600VPN Management Features RF760VPN RF660VPN RF600VPN Power & Physical Description RF760VPN RF660VPN RF600VPN Overview of RouteFinder VPN Technology Networks The Firewall Network Components That Work with the Firewall Network Layer Firewalls: Packet Filter Application Layer Gateways: Proxies Protection Mechanisms Page Typical Applications Chapter 2 Installation Pre-Installation Planning Planning and Establishing the Corporate Security Policy Contents of a Corporate Internet Security Policy Planning the Network System Administrator Required Planning Installation Overview Hardware Installation Procedure Cabling Overview Setting up a Workstation and Starting the RouteFinder VPN Connections Power Up Open a Web Browser Login Web Management Software Opens Navigating Through the Screens The Web Management Screen RouteFinder Menu Bar Menu Selections Screen Buttons Chapter 2 Installation Sub-Menu Menus and Sub-Menus Chapter 3 Configuration Initial Configuration Step Set Up Your Time Zone Second Configuration Step The Wizard Setup Screen Your Basic Configuration Is Now Complete Chapter 4 Configuration Examples Example 1 LAN-to-LAN VPN (Branch Office) Setup Networks & Services Set Packet Filters Set VPN IPSec Protocol Configuring Site B Example 2 Remote Client-to-LAN VPN Configuration Page Page Chapter 5 URL Categorization Important Settings Setting Up HTTP Proxy and URL Filtering Page How to Test Web Sites for Blocking How to Test the Filtering Establishing Filtering Rules for Networks and Hosts Submitting a Site to SurfControl for Reconsideration Chapter 6 RouteFinder Software Menu Bar Important Note About Logout Logout Closes the Software Program and Saves Settings Administration Administration > System Setup Email Notification Configure Email Notifications the RouteFinder VPN Will Send SNMP Agent Community Name System Logging System Time Backward time adjustment (summer to wintertime) Administration > SSH What Is SSH Prerequisites Status and SSH Port Allowed Networks Administration > SNTP Client Administration > Administrative Access Administrative Access - Available Networks and Allowed Network Change Password Time Before Automatic Disconnect Administrative Access HTTPS Port Administrative Access HTTP Port Logo and Version on Logon Page Administration > Site Certificate Enter the Certificate Information Click Save Administration > License Key Administration > Intrusion Detection Intrusion Detection Network Intrusion Detection User-Defined Network Intrusion Detection Rules Administration > Tools PING Trace Route TCP Connect Administration > System Scheduler Administration > Factory Defaults Administration > User Authentication > Local Users Prerequisite User Definition Administration > User Authentication > RADIUS & SAM RADIUS Prerequisite RADIUS Settings SAM Prerequisite SAM SAM Settings Administration > Restart Administration > Shutdown Networks & Services Networks & Services > Networks Add Network How to Confirm Your Entries Entries on This Screen Affect Other Screens Networks & Services > Services Add Services Editing and Deleting User-Added Services Notes About Protocols Entries on This Screen Affect Other Screens Networks & Services > Network Groups Rules and Suggestions for Establishing a Network Group About the Screen Add Network Group Select Group [Group Names Entered Above Now Display Here] Networks & Services > Service Groups Rules and Suggestions for Establishing Service Groups About the Screen Add Service Group Select Group [Group Names Entered Above Now Display Here] Proxy General Information About Proxies Proxy Services and Authentication Methods To Switch Off Proxy Using Netscape Navigator To Switch Off Proxy Using Microsoft Internet Explorer Proxy > HTTP Proxy HTTP Proxy Section URL Categorization Section of the Main Proxy HTTP Screen User Authentication Section of the Main Proxy HTTP Screen Proxy > HTTP Proxy > Custom Filters Default Action for Custom URL Lists Add Custom URL List Page Proxy > SMTP Proxy Rules and Suggestions for Using SMTP Proxy SMTP Proxy Page Page Proxy > SMTP Proxy > SMTP SPAM Filtering Page Page Proxy > POP3 Proxy POP3 Virus Protection Remote POP3 Virus Protection Proxy > POP3 Proxy > POP3 SPAM Filtering POP3 SPAM Protection POP3 SPAM Filtering Page Proxy > SOCKS Proxy SOCKS Proxy Page Proxy > DNS Proxy DNS Proxy Network Setup About Interfaces About the Interfaces Screen Network Setup > Interface Local Host Domain Name Server WINS Server Network Cards IP Aliases Network Setup > PPP PPP Settings Change Your Country/Region Code Network Setup > PPPoE PPPoE on WAN Network Setup > DHCP Client Network Setup > Dynamic DNS Dynamic DNS Settings Network Setup > Routes Add Routes - Interface Route Network Setup > Masquerading Masquerading Network Setup > SNAT Important Add SNAT Definition Network Setup > DNAT Add DNAT Definition DNAT Example Examples of DNAT Network Combinations DHCP Server DHCP Server > Subnet Settings DHCP Server on LAN DHCP Server > Fixed Addresses DHCP Server Fixed Addresses Tracking Tracking > Accounting Accounting Device IP-Based Accounting VPN Accounting Tracking > Update Services System Update Server Virus Update Server Page Tracking > Backup Backup Status Tracking > Version Control CVS Settings Examples 1. Make sure the lines cvspserver 2401/tcp and cvspserver 2401/udp are present in: Packet Filters Packet Filters > Packet Filter Rules Prerequisites Show Packet Filter Rules in Popup Window System Defined Rules Add User Defined Packet Filter Rules Packet Filters > ICMP ICMP Forwarding ICMP on Firewall Packet Filters > Advanced Packet Filters > Enable/Disable Log Enable/Disable Logging VPN (Virtual Private Networks) VPN > IPSec Introduction to Virtual Private Networks The VPN Main Screen VPN IPSec Settings Add an IKE Connection Page Add a Manual Connection Page VPN > x.509 Certificates Certificate of Authority Generation Certificate Generation VPN > IPSec Bridging VPN > PPTP If you are using Windows or 98, you may also have to update Microsoft RAS update. About Setting Up PPTP Users PPTP Settings User Authentication Wizard Setup Wizard Setup Screen General Settings LAN Settings WAN Settings Page Statistics & Logs Statistics & Logs Uptime Statistics and Logs > Hardware What the Graphs Show Statistics and Logs Networks Network Interface Cards Routing Table Network Connections Interfaces SMTP Proxy Accounting Interface Based Accounting IP Based Accounting VPN Based Accounting Self Monitor Example of a Self Monitor Live Log Report IPSec IPSec Live Log IPSec Live Connections PPTP PPTP Live Log Packet Filter Show Logs View All Logs Backup Logs > Port Scans > V Intrusion Detection Live Log Portscan Live Log iew Logs HTTP Access DHCP Example of a DHCP Log Page Chapter 7 User Authentication Methods Proxy Services and Authentication Methods NT SAM (SMB) User Authentication Local" RouteFinder User Authentication Which Method Should You Choose? Authentication Setup Setting Up RADIUS Authentication Setting Up A Microsoft IAS RADIUS Server Setting Up NT/2000 SAM (SMB) Authentication Chapter 8 Frequently Asked Questions (FAQs) Page Page Page Page Page Chapter 9 Troubleshooting Page Appendix A Disposition of Events for the RouteFinder v3.2x 1. Abstract Disposition of Events Access Request Inbound Access Request Outbound Access Request II. Inbound Access Log Inbound Access (DNAT with Connection Tracking) III. Outbound Access Log IV. Access Requests through Firewall Dropped V. Access Requests to Firewall Dropped Page Page Appendix B The RouteFinder Rescue Kernel What Is a Rescue Kernel? Before You Start ISO Image Directions Links You Will Need During the Install Process Method 1 How to Perform the Install Using No External Server Assumptions: Method 2 How to Perform the Install Using an External FTP Server Assumptions: Page Board Components PC Board Component Descriptions Hardware Upgrades and Add-ons Top Cover Removal RF660VPN Processor Upgrade Memory Upgrade Hard Disk Drive Upgrade CD-ROM Drive Add-on Keyboard Connection Monitor Connection Software Add-ons SSH Sentinel IPSec VPN Client Software Email Anti-Virus Code Overnight Replacement Service Appendix D CD-ROM Drive Adapter and Pin Out CD-ROM Drive Adapter Dimensions CD-ROM Drive Adapter Pin Out Appendix E RouteFinder Maintenance Housekeeping Monitoring Updating Appendix F Ordering Accessories SupplyNet Online Ordering Instructions Appendix G Technical Support Technical Support Contacts Recording RouteFinder Information Appendix H - Multi-Tech Systems, Inc. Warranty and Repairs Policies Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 162 Appendix H Multi-Tech Systems, Inc. Warranty and Repairs Policies Multi-Tech Warranty Statement Repair Procedures for U.S. and Canadian Customers Repair Procedures for International Customers Appendix H - Multi-Tech Systems, Inc. Warranty and Repairs Policies Repair Procedures for International Distributors Appendix I Regulatory Compliance Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 164 Appendix I Regulatory Compliance EMC, Safety, and R&TTR Directive Compliance FCC Part 15 Regulation for the Modem Operation FCC Part 68 Telecom for the Modem Operation Appendix I Regulatory Compliance Industry Canada for the Modem Operation Canadian Limitations Notice for the Modem Operation Appendix J License Agreements Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 166 Appendix J License Agreements Multi-Tech Systems, Inc. End User License Agreement (EULA) IMPORTANT - READ BEFORE OPENING THE SOFTWARE PACKAGE Multi-Tech Software License Agreement Appendix J License Agreements Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 167 Multi-User Limited Warranty and License Agreement Appendix J License Agreements Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 168 GNU GENERAL PUBLIC LICENSE Preamble Page Appendix J License Agreements Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 170 SurfControl URL Filtering End-User Terms 1. DEFINITIONS 2. GRANT OF LICENSE 3. OWNERSHIP 4. COPY RESTRICTION Appendix J License Agreements Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 171 6. TRANSFER RESTRICTIONS 7. TERMINATION 8. MAINTENANCE AND UPGRADE POLICY Appendix J License Agreements Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 172 12. U.S. GOVERNMENT RESTRICTED RIGHTS 13. INDEMNITY 14. IMPORT/EXPORT Kaspersky Standard End User License Agreement. Standard End User License Agreement Support Limited Warranty Limitation of Liability Appendix K Waste Electrical and Electronic Equipment Directive (WEEE) Waste Electrical and Electronic Equipment (WEEE) Directive Instructions for Disposal of WEEE by Users in the European Union Glossary Page Page Page Page Page Page Page Page Page Index 3 A B C F G K H I O P R S T U V W X