Manuals / Brands / Computer Equipment / Network Card / Multi-Tech Systems / Computer Equipment / Network Card

Multi-Tech Systems RF600, RF660, RF760 Overview of RouteFinder VPN Technology

1 189

Download 189 pages, 2.58 Mb

Chapter 1 – Product Description, Features, and Overview

Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 17

Overview of RouteFinder VPN Technology

Before we look at how the RouteFinder works and how to use it, we will illustrate why the RouteFinder is necessary for the

protection of networks, as well as show which problems and risks exist without an appropriate security system.

Networks

The systems in the global network communicate via the Internet Protocol Family (IP), including TCP, UDP, or ICMP. The IP

addresses are the basis of this communication. They identify all available units within the network.

The Internet itself is actually just a collection of computer networks around the world of varying shape, size, and speed.

Where two or more networks join, a whole host of tasks arise, which are dealt with by routers, bridges, or gateways. A

special type of connection between two networks is called a firewall.

Generally speaking, three types of networks meet at the firewall:

1. External network/Wide Area Network (WAN)

2. Internal Network/Local Area Network (LAN)

3. De-Militarized Zone (DMZ)

The Firewall

The characteristic tasks of a firewall as a connection between WAN, LAN and DMZ are:

• Protection from unauthorized access

• Access control

• Ensure information integrity

• Perform analysis of protocols

• Alert the administrator of relevant network events

• Conceal internal network structure

• Decoupling of servers and clients via proxies

• Ensure confidentiality

There are several generic network components that, brought together under the heading Firewall, are responsible

for these tasks. The following sections provide a brief look at some of the forms and their derivatives.

Network Components That Work with the Firewall

Network Layer Firewalls: Packet Filter

As the name suggests, the Packet Filter is where IP packets (consisting of address information, some flags, and the

payload) are filtered. With this kind of firewall you can grant or deny access to services, according to different

variables. Some of these variables are:

• The source address

• The target address

• The protocol (e.g. TCP, UDP, ICMP)

• The port number

Contents

Main RF760/660/600VPN Internet Security Appliance User Guide User Guide Record of Revisions Patents Trademarks Technical Support Contents Page Page Page Chapter 1 Product Description, Features, and Overview Product Description Features Feature Highlights Ship Kit Contents Software Recovery CD Warning License Keys System License Key What to Do if a Trial License Key Expires URL Categorization License Key AntiVirus License Key Safety Warnings Lithium Battery Caution Ethernet Ports Caution Software Recovery CD Warning Telecom Warnings for Modem RouteFinder Front Panels RF760/660VPN Front Panel When 10, the LED is Off. When 100, the LED is Green. When 1G, the LED is Orange. RF600VPN General LED Descriptions LAN, WAN, DMZ LED Descriptions RouteFinder Back Panels RF760VPN Back Panel RF660VPN Back Panel RF600VPN Back Panel Specifications Appliance Features RF760VPN RF660VPN RF600VPN VPN Features RF760VPN RF660VPN RF600VPN Firewall Features RF760VPN RF660VPN RF600VPN Management Features RF760VPN RF660VPN RF600VPN Power & Physical Description RF760VPN RF660VPN RF600VPN Overview of RouteFinder VPN Technology Networks The Firewall Network Components That Work with the Firewall Network Layer Firewalls: Packet Filter Application Layer Gateways: Proxies Protection Mechanisms Page Typical Applications Chapter 2 Installation Pre-Installation Planning Planning and Establishing the Corporate Security Policy Contents of a Corporate Internet Security Policy Planning the Network System Administrator Required Planning Installation Overview Hardware Installation Procedure Cabling Overview Setting up a Workstation and Starting the RouteFinder VPN Connections Power Up Open a Web Browser Login Web Management Software Opens Navigating Through the Screens The Web Management Screen RouteFinder Menu Bar Menu Selections Screen Buttons Chapter 2 Installation Sub-Menu Menus and Sub-Menus Chapter 3 Configuration Initial Configuration Step Set Up Your Time Zone Second Configuration Step The Wizard Setup Screen Your Basic Configuration Is Now Complete Chapter 4 Configuration Examples Example 1 LAN-to-LAN VPN (Branch Office) Setup Networks & Services Set Packet Filters Set VPN IPSec Protocol Configuring Site B Example 2 Remote Client-to-LAN VPN Configuration Page Page Chapter 5 URL Categorization Important Settings Setting Up HTTP Proxy and URL Filtering Page How to Test Web Sites for Blocking How to Test the Filtering Establishing Filtering Rules for Networks and Hosts Submitting a Site to SurfControl for Reconsideration Chapter 6 RouteFinder Software Menu Bar Important Note About Logout Logout Closes the Software Program and Saves Settings Administration Administration > System Setup Email Notification Configure Email Notifications the RouteFinder VPN Will Send SNMP Agent Community Name System Logging System Time Backward time adjustment (summer to wintertime) Administration > SSH What Is SSH Prerequisites Status and SSH Port Allowed Networks Administration > SNTP Client Administration > Administrative Access Administrative Access - Available Networks and Allowed Network Change Password Time Before Automatic Disconnect Administrative Access HTTPS Port Administrative Access HTTP Port Logo and Version on Logon Page Administration > Site Certificate Enter the Certificate Information Click Save Administration > License Key Administration > Intrusion Detection Intrusion Detection Network Intrusion Detection User-Defined Network Intrusion Detection Rules Administration > Tools PING Trace Route TCP Connect Administration > System Scheduler Administration > Factory Defaults Administration > User Authentication > Local Users Prerequisite User Definition Administration > User Authentication > RADIUS & SAM RADIUS Prerequisite RADIUS Settings SAM Prerequisite SAM SAM Settings Administration > Restart Administration > Shutdown Networks & Services Networks & Services > Networks Add Network How to Confirm Your Entries Entries on This Screen Affect Other Screens Networks & Services > Services Add Services Editing and Deleting User-Added Services Notes About Protocols Entries on This Screen Affect Other Screens Networks & Services > Network Groups Rules and Suggestions for Establishing a Network Group About the Screen Add Network Group Select Group [Group Names Entered Above Now Display Here] Networks & Services > Service Groups Rules and Suggestions for Establishing Service Groups About the Screen Add Service Group Select Group [Group Names Entered Above Now Display Here] Proxy General Information About Proxies Proxy Services and Authentication Methods To Switch Off Proxy Using Netscape Navigator To Switch Off Proxy Using Microsoft Internet Explorer Proxy > HTTP Proxy HTTP Proxy Section URL Categorization Section of the Main Proxy HTTP Screen User Authentication Section of the Main Proxy HTTP Screen Proxy > HTTP Proxy > Custom Filters Default Action for Custom URL Lists Add Custom URL List Page Proxy > SMTP Proxy Rules and Suggestions for Using SMTP Proxy SMTP Proxy Page Page Proxy > SMTP Proxy > SMTP SPAM Filtering Page Page Proxy > POP3 Proxy POP3 Virus Protection Remote POP3 Virus Protection Proxy > POP3 Proxy > POP3 SPAM Filtering POP3 SPAM Protection POP3 SPAM Filtering Page Proxy > SOCKS Proxy SOCKS Proxy Page Proxy > DNS Proxy DNS Proxy Network Setup About Interfaces About the Interfaces Screen Network Setup > Interface Local Host Domain Name Server WINS Server Network Cards IP Aliases Network Setup > PPP PPP Settings Change Your Country/Region Code Network Setup > PPPoE PPPoE on WAN Network Setup > DHCP Client Network Setup > Dynamic DNS Dynamic DNS Settings Network Setup > Routes Add Routes - Interface Route Network Setup > Masquerading Masquerading Network Setup > SNAT Important Add SNAT Definition Network Setup > DNAT Add DNAT Definition DNAT Example Examples of DNAT Network Combinations DHCP Server DHCP Server > Subnet Settings DHCP Server on LAN DHCP Server > Fixed Addresses DHCP Server Fixed Addresses Tracking Tracking > Accounting Accounting Device IP-Based Accounting VPN Accounting Tracking > Update Services System Update Server Virus Update Server Page Tracking > Backup Backup Status Tracking > Version Control CVS Settings Examples 1. Make sure the lines cvspserver 2401/tcp and cvspserver 2401/udp are present in: Packet Filters Packet Filters > Packet Filter Rules Prerequisites Show Packet Filter Rules in Popup Window System Defined Rules Add User Defined Packet Filter Rules Packet Filters > ICMP ICMP Forwarding ICMP on Firewall Packet Filters > Advanced Packet Filters > Enable/Disable Log Enable/Disable Logging VPN (Virtual Private Networks) VPN > IPSec Introduction to Virtual Private Networks The VPN Main Screen VPN IPSec Settings Add an IKE Connection Page Add a Manual Connection Page VPN > x.509 Certificates Certificate of Authority Generation Certificate Generation VPN > IPSec Bridging VPN > PPTP If you are using Windows or 98, you may also have to update Microsoft RAS update. About Setting Up PPTP Users PPTP Settings User Authentication Wizard Setup Wizard Setup Screen General Settings LAN Settings WAN Settings Page Statistics & Logs Statistics & Logs Uptime Statistics and Logs > Hardware What the Graphs Show Statistics and Logs Networks Network Interface Cards Routing Table Network Connections Interfaces SMTP Proxy Accounting Interface Based Accounting IP Based Accounting VPN Based Accounting Self Monitor Example of a Self Monitor Live Log Report IPSec IPSec Live Log IPSec Live Connections PPTP PPTP Live Log Packet Filter Show Logs View All Logs Backup Logs > Port Scans > V Intrusion Detection Live Log Portscan Live Log iew Logs HTTP Access DHCP Example of a DHCP Log Page Chapter 7 User Authentication Methods Proxy Services and Authentication Methods NT SAM (SMB) User Authentication Local" RouteFinder User Authentication Which Method Should You Choose? Authentication Setup Setting Up RADIUS Authentication Setting Up A Microsoft IAS RADIUS Server Setting Up NT/2000 SAM (SMB) Authentication Chapter 8 Frequently Asked Questions (FAQs) Page Page Page Page Page Chapter 9 Troubleshooting Page Appendix A Disposition of Events for the RouteFinder v3.2x 1. Abstract Disposition of Events Access Request Inbound Access Request Outbound Access Request II. Inbound Access Log Inbound Access (DNAT with Connection Tracking) III. Outbound Access Log IV. Access Requests through Firewall Dropped V. Access Requests to Firewall Dropped Page Page Appendix B The RouteFinder Rescue Kernel What Is a Rescue Kernel? Before You Start ISO Image Directions Links You Will Need During the Install Process Method 1 How to Perform the Install Using No External Server Assumptions: Method 2 How to Perform the Install Using an External FTP Server Assumptions: Page Board Components PC Board Component Descriptions Hardware Upgrades and Add-ons Top Cover Removal RF660VPN Processor Upgrade Memory Upgrade Hard Disk Drive Upgrade CD-ROM Drive Add-on Keyboard Connection Monitor Connection Software Add-ons SSH Sentinel IPSec VPN Client Software Email Anti-Virus Code Overnight Replacement Service Appendix D CD-ROM Drive Adapter and Pin Out CD-ROM Drive Adapter Dimensions CD-ROM Drive Adapter Pin Out Appendix E RouteFinder Maintenance Housekeeping Monitoring Updating Appendix F Ordering Accessories SupplyNet Online Ordering Instructions Appendix G Technical Support Technical Support Contacts Recording RouteFinder Information Appendix H - Multi-Tech Systems, Inc. Warranty and Repairs Policies Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 162 Appendix H Multi-Tech Systems, Inc. Warranty and Repairs Policies Multi-Tech Warranty Statement Repair Procedures for U.S. and Canadian Customers Repair Procedures for International Customers Appendix H - Multi-Tech Systems, Inc. Warranty and Repairs Policies Repair Procedures for International Distributors Appendix I Regulatory Compliance Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 164 Appendix I Regulatory Compliance EMC, Safety, and R&TTR Directive Compliance FCC Part 15 Regulation for the Modem Operation FCC Part 68 Telecom for the Modem Operation Appendix I Regulatory Compliance Industry Canada for the Modem Operation Canadian Limitations Notice for the Modem Operation Appendix J License Agreements Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 166 Appendix J License Agreements Multi-Tech Systems, Inc. End User License Agreement (EULA) IMPORTANT - READ BEFORE OPENING THE SOFTWARE PACKAGE Multi-Tech Software License Agreement Appendix J License Agreements Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 167 Multi-User Limited Warranty and License Agreement Appendix J License Agreements Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 168 GNU GENERAL PUBLIC LICENSE Preamble Page Appendix J License Agreements Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 170 SurfControl URL Filtering End-User Terms 1. DEFINITIONS 2. GRANT OF LICENSE 3. OWNERSHIP 4. COPY RESTRICTION Appendix J License Agreements Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 171 6. TRANSFER RESTRICTIONS 7. TERMINATION 8. MAINTENANCE AND UPGRADE POLICY Appendix J License Agreements Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 172 12. U.S. GOVERNMENT RESTRICTED RIGHTS 13. INDEMNITY 14. IMPORT/EXPORT Kaspersky Standard End User License Agreement. Standard End User License Agreement Support Limited Warranty Limitation of Liability Appendix K Waste Electrical and Electronic Equipment Directive (WEEE) Waste Electrical and Electronic Equipment (WEEE) Directive Instructions for Disposal of WEEE by Users in the European Union Glossary Page Page Page Page Page Page Page Page Page Index 3 A B C F G K H I O P R S T U V W X