Manuals
/
Brands
/
Computer Equipment
/
Network Card
/
Planet Technology
/
Computer Equipment
/
Network Card
Planet Technology
CS-500 manual
1
1
215
215
Download
215 pages, 7.37 Mb
Content Security Gateway User’s Manual
Content Security Gateway
CS-500
User’s Manual
Contents
Page
Copyright
Disclaimer
CE mark Warning
Trademarks
Customer Service
Table of Contents
Page
Page
Chapter 1: Introduction
1.1 Features
1.2 Package Contents
1.3 Content Security Gateway Front View
1.4 Content Security Gateway Rear Panel
1.5 Specification
Page
Chapter 2: Hardware Installation
2.1 Installation Requirements
2.2 Operation Mode
2.2.1Transparent Mode Connection Example
2.2.2 NAT Mode Connecting Example
Chapter 3: Getting Started
3.1 Web Configuration
STEP 1:
STEP 2:
3.2 Configure WAN interface
3.3 Configure DMZ interface
3.4 Configure Policy
STEP 3:
STEP 4:
Chapter 4: Web Configuration
4.1 System
Administration:
Configure:
Logout:
4.1.1 Admin
Settings of the Administration table
Admin Name:
admin
Privilege:
read / write
4.1.2 Permitted IPs
Add Permitted IPs Address
Name
IP Address
Netmask
Ping
4.1.3 Software Update
4.1.4 Setting
Exporting Content Security Gateway settings
File Download
Administrator
Importing Content Security Gateway settings
Content Security Gateway
Restoring Factory Default Settings
Step 1. Select Reset Factory Settings under Backup/Restore Configuration
System Name Setting
Device Name
Email Setting
SMTP Server IP:
E-Mail
Web Management (WAN Interface)
Set Web Management (WAN Interface)
MTU (set networking packet length)
MTU Setting
Link Speed / Duplex Mode Setting
Dynamic Routing (RIPv2)
Routing information update timer:
Routing information timeout:
4.1.5 Date/Time
4.1.6 Multiple Subnet
Multiple Subnet settings
Multiple Subnet
WAN Interface IP / Forwarding Mode:
Interface:
Alias IP of Int. Interface / Netmask: Local port IP address and subnet Mask
Routing Mode
Multiple Subnet functions
Adding a Multiple Subnet Routing Mode
Alias IP of LAN Interface:
WAN Interface IP: Add WAN IP
Forwarding Mode:
Step 4:
Modify a Multiple Subnet Routing Mode
Removing a Multiple Subnet Routing Mode
4.1.7 Route Table
Modifying a Static Route:
Modify Static Route
Removing a Static Route
4.1.8 DHCP
4.1.9 Dynamic DNS
!: Update Status
Domain name:
WAN IP Address:
How to use dynamic DNS:
How to register:
Service providers
WAN IP Address
Automatically
User Name
Password
4.1.10 Host Table
Host Name:
Virtual IP Address:
Adding a new Host Table
Add New Host Table
Modifying a Host Table
4.1.11 Language
4.1.12 Logout
4.2 Interface
4.2.1 LAN
4.2.2 WAN
Max. Upstream/Downstream Bandwidth: The bandwidth provided by ISP
Auto Disconnect
Page
Page
4.2.3 DMZ
4.3 Policy Object
4.3.1 Address
4.3.1.1 LAN
Get Static IP address from DHCP Server
Modifying an LAN Address
Modify Address
Removing a LAN Address
4.3.1.2 LAN Group
Adding a LAN Group
Add New Address Group
Available address:
Selected address:
Add members:
Available address
Selected address
Removing a LAN Group
4.3.1.3 WAN
Modifying an WAN Address
Removing an WAN Address
4.3.1.4 WAN Group
Modifying a WAN Group
4.3.1.5 DMZ
Adding a new DMZ Address:
Modifying a DMZ Address:
4.3.1.6 DMZ Group
Adding a DMZ Group:
Step 2. In the Add New Address Group window:
Step 4. Add members:
Step 5. Remove members:
Modifying a DMZ Group:
Step 3. Add members:
vailable Address
Step 4. Remove members:
4.3.2 Service
4.3.2.1 Pre-defined
4.3.2.2 Custom
Service name
Protocol
Client port
Service port
Adding a new Service
Modifying Custom Services
Removing Custom Services
4.3.2.3 Group
To add new services:
Available service
To remove services:
Modifying Service Groups
Add new services:
4.3.3 Schedule
Adding a new Schedule
Add New Schedule
Schedule Name:
Period:
Start time
4.3.4 QoS
Configuration of QoS
Priority
Add New QoS
Downstream Bandwidth:
Upstream Bandwidth:
Modify QoS
Delete QoS
Delete
Example about how to install QoS correctly
Page
4.3.5 Authentication
4.3.5.1 Auth Setting
4.3.5.2 Auth User
Adding a new Auth User
New User
Auth User
Step 2. In the Auth-User window:
Auth-UserName: enter the username of new Authentication
NOTE
User Login Page Definitions:
Modifying the Authentication User
Auth-User:
Removing a Authentication User
4.3.5.3 Auth Group
Modifying Auth Group
Modify Auth group
4.3.5.4 Radius Serve
4.3.5.5 POP3
4.3.6 Content Blocking
4.3.6.1 URL Blocking
Adding a URL policy
Add New URL String
Modifying a URL String Policy
Removing a URL String policy
4.3.6.2 Scripts
Step 1: Click P2P below Content Blocking menu
4.3.6.4 IM
4.3.6.5 Download
4.3.6.6 Upload
4.3.7 Virtual Server
4.3.7.1Mapped IP
Entering the Mapped IP window
Mapped IP
Virtual Server
WAN IP
Map to Virtual IP
Modifying a Mapped IP
Removing a Mapped IP
4.3.7.2 Virtual Server
“Click here to configure”
Configuring a Real IP for a Virtual Server
Server 1/2/3/4
click here to configure
Modifying a Virtual Server IP Address
Removing a Virtual Server
Setting the Virtual Server’s services
Virtual Server Real IP:
Service (Port):
External Service Port:
Load Balance Server:
Adding New Virtual Server Service Configuration
Modifying the Virtual Server configurations
Removing the Virtual Server service
4.3.8 VPN
4.3.8.1 IPSec Autokey
Gateway IP:
IPSec Algorithm:
Adding the Autokey IKE
VPN Auto Keyed Tunnel
Necessary Item
Remote Gateway or Client – Dynamic IP:
Preshared Key:
Encapsulation
ISAKMP Algorithm
ENC Algorithm:
4.3.8.2 PPTP Server
Disable PPTP:
Enable PPTP:
Encryption:
Client IP Range:
Allow remote client to connect to Internet:
Modifying PPTP Server
Removing PPTP Server
Select VPN→PPTP Server
4.3.8.3 PPTP Client
Adding a PPTP Client
User name:
Server IP or Domain Name:
NAT (Connect to Windows PPTP Server):
Modifying PPTP Client
4.3.8.4 Tunnel
Source Subnet:
Destination Subnet:
IPSec/PPTP:
Pause
Adding a Tunnel
Modifying a Tunnel
Removing Tunnel
Pausing a Tunnel
Step 3. When
There are 5 examples of VPN setting
Example
Example 1. Create a VPN connection between two Content Security Gateways
Page
Page
Page
Page
Page
Configuration of CS-500
Page
Page
Configuration of WinXP
Page
Page
Page
Step 10. Disable Activate the default response rule. And click Next
Page
Page
Page
Page
Page
Page
Page
Step 25. Click OK
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Step 50. Click ok
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Page
Step 2:
4.4 Policy
4.4.1 Outgoing
Source:
Destination:
Service:
Action:
Option:
Source Address:
Destination Address:
Authentication User:
Traffic Log:
Statistics:
4.4.2 Incoming
Incoming
Adding an Incoming Policy
Schedule:
NAT:
Modifying Incoming Policy
4.4.3 WAN To DMZ & LAN To DMZ
Adding a new WAN To DMZ Policy:
Services
Step 3: Click OK
Modifying a WAN To DMZ policy:
4.4.4 DMZ To WAN & DMZ To LAN
Entering the DMZ To WAN window:
DMZ To WAN
The fields in the DMZ To WAN window are:
Adding a DMZ To WAN Policy:
Page
Modifying a DMZ To WAN policy:
Removing a DMZ To WAN Policy:
Step 2. In the Remove confirmation dialogue box, click OK
4.5 Mail Security
4.5.1 Configure
Mail Relay:
Mail Relay
Example 1: To setup CS-500as Gateway (Mail Server in DMZ, Transparent Mode)
Preparation:
STEP
Page
Select Allowed External IP of Mail Relay
4.5.2 Anti-Spam
4.5.2.1 Setting
4.5.2.2Rule
Rule Name:
Comments:
•Combination:
And:
Or:
Adding a new Rule
Modifying a Rule
Removing a Rule
4.5.2.3 Whitelist
4.5.2.4 Blacklist
Adding a new Blacklist
Modifying a Blacklist
Removing a Blacklist
4.5.2.5 Training
Example: How to train mail into CS-500
Outlook Express
New Folder
Create Folder
STEP 2﹒In Inbox-OutlookExpress, move spam mail to SpamMail Folder:
Move
SpamMail
OK
Compact
Properties
SpamMail Properties
Spam Mail for Training
Note:
The training file that uploads to
When the training file of
4.5.2.6 Spam Mail
4.5.3 Anti-Virus
4.5.3.1 Setting
Virus Scan Engine
Clam
Disable
Action of Infected Mail
Delete the virus mail
4.5.3.2 Virus Mail
4.6 IDP
4.6.1 Setting
4.6.2 Signature
Max. Threshold
Pkts / Sec:
Blocking Time:
Action
Drop
Protocol:
Source Port:
Destination Port:
Risk:
Content:
Destination Port: Enter 80:80
Risk
Content
Outgoing Policy
4.6.3 IDP Report
4.7 Anomaly Flow IP
4.8 Monitor
4.8.1 Log
4.8.1.1 Traffic
Traffic Log Table
Time
Port:
Disposition:
Downloading the Traffic Logs
4.8.1.2 Event
4.8.1.3 Connection
4.8.1.4 Log Backup
4.8.2 Accounting Report
4.8.2.1 Setting
4.8.2.2 Outbound
Outbound Source IP Accounting Report
Top:
Downstream:
Upstream:
First Packet:
Outbound Destination IP Accounting Report
Outbound Service Accounting Report
4.8.2.3 Inbound
Inbound Source IP Accounting Report
Inbound Destination IP Accounting Report
Inbound Service Accounting Report
4.8.3 Statistic
4.8.3.1 WAN Statistics
4.8.3.2 Policy Statistics
Time:
4.8.4 Status
4.8.4.1 Interface Status
4.8.4.2 Authentication
4.8.4.3 ARP Table
4.8.4.4 DHCP Clients