Manuals / Brands / Computer Equipment / Network Card / Planet Technology / Computer Equipment / Network Card

Planet Technology CS-500 Chapter 2: Hardware Installation, 2.1 Installation Requirements, 2.2 Operation Mode, 2.2.1Transparent Mode Connection Example, - Network Requirements

1 215

Download 215 pages, 7.37 Mb

Content Security Gateway User’s Manual

Chapter 2: Hardware Installation

2.1 Installation Requirements

Before installing the Content Security Gateway, make sure your network meets the following requirements.

- Mechanical Requirements

The Content Security Gateway is to be installed between your Internet connection and local area network. The Content Security Gateway can be placed on the table or rack. Locate the unit near the power outlet.

- Electrical Requirements

The Content Security Gateway is a power-required device, it means, the Content Security Gateway will not work until it is powered. If your networked PCs will need to transmit data all the time, please consider use an UPS (Uninterrupted Power Supply) for your Content Security Gateway. It will prevent you from network data loss. In some area, installing a surge suppression device may also help to protect your Content Security Gateway from being damaged by unregulated surge or current to the Content Security Gateway.

- Network Requirements

In order for Content Security Gateway to secure your network traffic, the traffic must pass through Content Security Gateway at a useful point in a network. In most situations, the Content Security Gateway should be placed behind the Internet connection device.

2.2 Operation Mode

CS-500 DMZ port supports three operation modes, Disable, NAT and Transparent. In Disable mode, the DMZ port is not active. In transparent mode, CS-500 works as proxy with forward DMZ packet to WAN and forward WAN packet to DMZ, the DMZ and WAN side IP addresses are in the same subnet. In NAT mode, DMZ side user will share one public IP address of WAN port to make Internet connection. Please find the following two pictures for example.

2.2.1Transparent Mode Connection Example

Internet

ISP

ADSL Modem

CS-500

WAN: 61.11.11.11

LAN:

DMZ: Transparent

192.168.1.1

to WAN

LAN PC 1:	LAN PC 2:	DMZ PC 3:	DMZ PC 2:
192.168.1.2	192.168.1.3	61.11.11.12	61.11.11.13

- 5 -

Contents

Page Copyright Disclaimer CE mark Warning Trademarks Customer Service Table of Contents Page Page Chapter 1: Introduction 1.1 Features 1.2 Package Contents 1.3 Content Security Gateway Front View 1.4 Content Security Gateway Rear Panel 1.5 Specification Page Chapter 2: Hardware Installation 2.1 Installation Requirements 2.2 Operation Mode 2.2.1Transparent Mode Connection Example 2.2.2 NAT Mode Connecting Example Chapter 3: Getting Started 3.1 Web Configuration STEP 1: STEP 2: 3.2 Configure WAN interface 3.3 Configure DMZ interface 3.4 Configure Policy STEP 3: STEP 4: Chapter 4: Web Configuration 4.1 System Administration: Configure: Logout: 4.1.1 Admin Settings of the Administration table Admin Name: admin Privilege: read / write 4.1.2 Permitted IPs Add Permitted IPs Address Name IP Address Netmask Ping 4.1.3 Software Update 4.1.4 Setting Exporting Content Security Gateway settings File Download Administrator Importing Content Security Gateway settings Content Security Gateway Restoring Factory Default Settings Step 1. Select Reset Factory Settings under Backup/Restore Configuration System Name Setting Device Name Email Setting SMTP Server IP: E-Mail Web Management (WAN Interface) Set Web Management (WAN Interface) MTU (set networking packet length) MTU Setting Link Speed / Duplex Mode Setting Dynamic Routing (RIPv2) Routing information update timer: Routing information timeout: 4.1.5 Date/Time 4.1.6 Multiple Subnet Multiple Subnet settings Multiple Subnet WAN Interface IP / Forwarding Mode: Interface: Alias IP of Int. Interface / Netmask: Local port IP address and subnet Mask Routing Mode Multiple Subnet functions Adding a Multiple Subnet Routing Mode Alias IP of LAN Interface: WAN Interface IP: Add WAN IP Forwarding Mode: Step 4: Modify a Multiple Subnet Routing Mode Removing a Multiple Subnet Routing Mode 4.1.7 Route Table Modifying a Static Route: Modify Static Route Removing a Static Route 4.1.8 DHCP 4.1.9 Dynamic DNS !: Update Status Domain name: WAN IP Address: How to use dynamic DNS: How to register: Service providers WAN IP Address Automatically User Name Password 4.1.10 Host Table Host Name: Virtual IP Address: Adding a new Host Table Add New Host Table Modifying a Host Table 4.1.11 Language 4.1.12 Logout 4.2 Interface 4.2.1 LAN 4.2.2 WAN Max. Upstream/Downstream Bandwidth: The bandwidth provided by ISP Auto Disconnect Page Page 4.2.3 DMZ 4.3 Policy Object 4.3.1 Address 4.3.1.1 LAN Get Static IP address from DHCP Server Modifying an LAN Address Modify Address Removing a LAN Address 4.3.1.2 LAN Group Adding a LAN Group Add New Address Group Available address: Selected address: Add members: Available address Selected address Removing a LAN Group 4.3.1.3 WAN Modifying an WAN Address Removing an WAN Address 4.3.1.4 WAN Group Modifying a WAN Group 4.3.1.5 DMZ Adding a new DMZ Address: Modifying a DMZ Address: 4.3.1.6 DMZ Group Adding a DMZ Group: Step 2. In the Add New Address Group window: Step 4. Add members: Step 5. Remove members: Modifying a DMZ Group: Step 3. Add members: vailable Address Step 4. Remove members: 4.3.2 Service 4.3.2.1 Pre-defined 4.3.2.2 Custom Service name Protocol Client port Service port Adding a new Service Modifying Custom Services Removing Custom Services 4.3.2.3 Group To add new services: Available service To remove services: Modifying Service Groups Add new services: 4.3.3 Schedule Adding a new Schedule Add New Schedule Schedule Name: Period: Start time 4.3.4 QoS Configuration of QoS Priority Add New QoS Downstream Bandwidth: Upstream Bandwidth: Modify QoS Delete QoS Delete Example about how to install QoS correctly Page 4.3.5 Authentication 4.3.5.1 Auth Setting 4.3.5.2 Auth User Adding a new Auth User New User Auth User Step 2. In the Auth-User window: „Auth-UserName: enter the username of new Authentication NOTE User Login Page Definitions: Modifying the Authentication User Auth-User: Removing a Authentication User 4.3.5.3 Auth Group Modifying Auth Group Modify Auth group 4.3.5.4 Radius Serve 4.3.5.5 POP3 4.3.6 Content Blocking 4.3.6.1 URL Blocking Adding a URL policy Add New URL String Modifying a URL String Policy Removing a URL String policy 4.3.6.2 Scripts Step 1: Click P2P below Content Blocking menu 4.3.6.4 IM 4.3.6.5 Download 4.3.6.6 Upload 4.3.7 Virtual Server 4.3.7.1Mapped IP Entering the Mapped IP window Mapped IP Virtual Server WAN IP Map to Virtual IP Modifying a Mapped IP Removing a Mapped IP 4.3.7.2 Virtual Server “Click here to configure” Configuring a Real IP for a Virtual Server Server 1/2/3/4 click here to configure Modifying a Virtual Server IP Address Removing a Virtual Server Setting the Virtual Server’s services Virtual Server Real IP: Service (Port): External Service Port: Load Balance Server: Adding New Virtual Server Service Configuration Modifying the Virtual Server configurations Removing the Virtual Server service 4.3.8 VPN 4.3.8.1 IPSec Autokey Gateway IP: IPSec Algorithm: Adding the Autokey IKE VPN Auto Keyed Tunnel Necessary Item Remote Gateway or Client – Dynamic IP: Preshared Key: Encapsulation ISAKMP Algorithm ENC Algorithm: 4.3.8.2 PPTP Server Disable PPTP: Enable PPTP: Encryption: Client IP Range: Allow remote client to connect to Internet: Modifying PPTP Server Removing PPTP Server Select VPN→PPTP Server 4.3.8.3 PPTP Client Adding a PPTP Client User name: Server IP or Domain Name: NAT (Connect to Windows PPTP Server): Modifying PPTP Client 4.3.8.4 Tunnel Source Subnet: Destination Subnet: IPSec/PPTP: Pause Adding a Tunnel Modifying a Tunnel Removing Tunnel Pausing a Tunnel Step 3. When There are 5 examples of VPN setting Example Example 1. Create a VPN connection between two Content Security Gateways Page Page Page Page Page Configuration of CS-500 Page Page Configuration of WinXP Page Page Page Step 10. Disable Activate the default response rule. And click Next Page Page Page Page Page Page Page Step 25. Click OK Page Page Page Page Page Page Page Page Page Page Page Step 50. Click ok Page Page Page Page Page Page Page Page Page Page Page Page Page Step 2: 4.4 Policy 4.4.1 Outgoing Source: Destination: Service: Action: Option: Source Address: Destination Address: Authentication User: Traffic Log: Statistics: 4.4.2 Incoming Incoming Adding an Incoming Policy Schedule: NAT: Modifying Incoming Policy 4.4.3 WAN To DMZ & LAN To DMZ Adding a new WAN To DMZ Policy: Services Step 3: Click OK Modifying a WAN To DMZ policy: 4.4.4 DMZ To WAN & DMZ To LAN Entering the DMZ To WAN window: DMZ To WAN The fields in the DMZ To WAN window are: Adding a DMZ To WAN Policy: Page Modifying a DMZ To WAN policy: Removing a DMZ To WAN Policy: Step 2. In the Remove confirmation dialogue box, click OK 4.5 Mail Security 4.5.1 Configure Mail Relay: Mail Relay Example 1: To setup CS-500as Gateway (Mail Server in DMZ, Transparent Mode) Preparation: STEP Page „Select Allowed External IP of Mail Relay 4.5.2 Anti-Spam 4.5.2.1 Setting 4.5.2.2Rule Rule Name: Comments: •Combination: And: Or: Adding a new Rule Modifying a Rule Removing a Rule 4.5.2.3 Whitelist 4.5.2.4 Blacklist Adding a new Blacklist Modifying a Blacklist Removing a Blacklist 4.5.2.5 Training Example: How to train mail into CS-500 Outlook Express New Folder Create Folder STEP 2﹒In Inbox-OutlookExpress, move spam mail to SpamMail Folder: Move SpamMail OK Compact Properties SpamMail Properties Spam Mail for Training Note: The training file that uploads to When the training file of 4.5.2.6 Spam Mail 4.5.3 Anti-Virus 4.5.3.1 Setting Virus Scan Engine Clam Disable Action of Infected Mail Delete the virus mail 4.5.3.2 Virus Mail 4.6 IDP 4.6.1 Setting 4.6.2 Signature Max. Threshold Pkts / Sec: Blocking Time: Action Drop Protocol: Source Port: Destination Port: Risk: Content: „Destination Port: Enter 80:80 Risk Content Outgoing Policy 4.6.3 IDP Report 4.7 Anomaly Flow IP 4.8 Monitor 4.8.1 Log 4.8.1.1 Traffic Traffic Log Table Time Port: Disposition: Downloading the Traffic Logs 4.8.1.2 Event 4.8.1.3 Connection 4.8.1.4 Log Backup 4.8.2 Accounting Report 4.8.2.1 Setting 4.8.2.2 Outbound Outbound Source IP Accounting Report Top: Downstream: Upstream: First Packet: Outbound Destination IP Accounting Report Outbound Service Accounting Report 4.8.2.3 Inbound Inbound Source IP Accounting Report Inbound Destination IP Accounting Report Inbound Service Accounting Report 4.8.3 Statistic 4.8.3.1 WAN Statistics 4.8.3.2 Policy Statistics Time: 4.8.4 Status 4.8.4.1 Interface Status 4.8.4.2 Authentication 4.8.4.3 ARP Table 4.8.4.4 DHCP Clients