Manuals / Brands / Computer Equipment / Network Card / Planet Technology / Computer Equipment / Network Card

Planet Technology CS-500 4.6.2 Signature, IDP, Log, Custom, Anomaly, Anomaly, Enable:, Low Risk, Anomaly:, High Risk, Syn Flood, IDP Report, Medium Risk, Pre-defined, Definition:

1 215

Download 215 pages, 7.37 Mb

Content Security Gateway User’s Manual

2.Click OK.

3.High Risk: Select drop and log function.

4.Medium Risk: Select drop and log function.

5.Low Risk: Select pass and log function.

6.Click OK.

7.Enable IDP function in policy.

When the attack behavior matches the signature, CS-500 will produce log as follows in Log function of IDP Report.

4.6.2 Signature

Provide relative compare rule to different attack behavior, include three sections: Anomaly, Pre-definedand Custom.

Anomaly:

Anomaly signature can allow user to define the signature, in order to detect and prevent the irregular attack behavior. Take Syn Flood as the example:

Definition:

Enable: Check to enable the protection for Syn Flood signature.

- 188 -

Contents

Page Copyright Disclaimer CE mark Warning Trademarks Customer Service Table of Contents Page Page Chapter 1: Introduction 1.1 Features 1.2 Package Contents 1.3 Content Security Gateway Front View 1.4 Content Security Gateway Rear Panel 1.5 Specification Page Chapter 2: Hardware Installation 2.1 Installation Requirements 2.2 Operation Mode 2.2.1Transparent Mode Connection Example 2.2.2 NAT Mode Connecting Example Chapter 3: Getting Started 3.1 Web Configuration STEP 1: STEP 2: 3.2 Configure WAN interface 3.3 Configure DMZ interface 3.4 Configure Policy STEP 3: STEP 4: Chapter 4: Web Configuration 4.1 System Administration: Configure: Logout: 4.1.1 Admin Settings of the Administration table Admin Name: admin Privilege: read / write 4.1.2 Permitted IPs Add Permitted IPs Address Name IP Address Netmask Ping 4.1.3 Software Update 4.1.4 Setting Exporting Content Security Gateway settings File Download Administrator Importing Content Security Gateway settings Content Security Gateway Restoring Factory Default Settings Step 1. Select Reset Factory Settings under Backup/Restore Configuration System Name Setting Device Name Email Setting SMTP Server IP: E-Mail Web Management (WAN Interface) Set Web Management (WAN Interface) MTU (set networking packet length) MTU Setting Link Speed / Duplex Mode Setting Dynamic Routing (RIPv2) Routing information update timer: Routing information timeout: 4.1.5 Date/Time 4.1.6 Multiple Subnet Multiple Subnet settings Multiple Subnet WAN Interface IP / Forwarding Mode: Interface: Alias IP of Int. Interface / Netmask: Local port IP address and subnet Mask Routing Mode Multiple Subnet functions Adding a Multiple Subnet Routing Mode Alias IP of LAN Interface: WAN Interface IP: Add WAN IP Forwarding Mode: Step 4: Modify a Multiple Subnet Routing Mode Removing a Multiple Subnet Routing Mode 4.1.7 Route Table Modifying a Static Route: Modify Static Route Removing a Static Route 4.1.8 DHCP 4.1.9 Dynamic DNS !: Update Status Domain name: WAN IP Address: How to use dynamic DNS: How to register: Service providers WAN IP Address Automatically User Name Password 4.1.10 Host Table Host Name: Virtual IP Address: Adding a new Host Table Add New Host Table Modifying a Host Table 4.1.11 Language 4.1.12 Logout 4.2 Interface 4.2.1 LAN 4.2.2 WAN Max. Upstream/Downstream Bandwidth: The bandwidth provided by ISP Auto Disconnect Page Page 4.2.3 DMZ 4.3 Policy Object 4.3.1 Address 4.3.1.1 LAN Get Static IP address from DHCP Server Modifying an LAN Address Modify Address Removing a LAN Address 4.3.1.2 LAN Group Adding a LAN Group Add New Address Group Available address: Selected address: Add members: Available address Selected address Removing a LAN Group 4.3.1.3 WAN Modifying an WAN Address Removing an WAN Address 4.3.1.4 WAN Group Modifying a WAN Group 4.3.1.5 DMZ Adding a new DMZ Address: Modifying a DMZ Address: 4.3.1.6 DMZ Group Adding a DMZ Group: Step 2. In the Add New Address Group window: Step 4. Add members: Step 5. Remove members: Modifying a DMZ Group: Step 3. Add members: vailable Address Step 4. Remove members: 4.3.2 Service 4.3.2.1 Pre-defined 4.3.2.2 Custom Service name Protocol Client port Service port Adding a new Service Modifying Custom Services Removing Custom Services 4.3.2.3 Group To add new services: Available service To remove services: Modifying Service Groups Add new services: 4.3.3 Schedule Adding a new Schedule Add New Schedule Schedule Name: Period: Start time 4.3.4 QoS Configuration of QoS Priority Add New QoS Downstream Bandwidth: Upstream Bandwidth: Modify QoS Delete QoS Delete Example about how to install QoS correctly Page 4.3.5 Authentication 4.3.5.1 Auth Setting 4.3.5.2 Auth User Adding a new Auth User New User Auth User Step 2. In the Auth-User window: „Auth-UserName: enter the username of new Authentication NOTE User Login Page Definitions: Modifying the Authentication User Auth-User: Removing a Authentication User 4.3.5.3 Auth Group Modifying Auth Group Modify Auth group 4.3.5.4 Radius Serve 4.3.5.5 POP3 4.3.6 Content Blocking 4.3.6.1 URL Blocking Adding a URL policy Add New URL String Modifying a URL String Policy Removing a URL String policy 4.3.6.2 Scripts Step 1: Click P2P below Content Blocking menu 4.3.6.4 IM 4.3.6.5 Download 4.3.6.6 Upload 4.3.7 Virtual Server 4.3.7.1Mapped IP Entering the Mapped IP window Mapped IP Virtual Server WAN IP Map to Virtual IP Modifying a Mapped IP Removing a Mapped IP 4.3.7.2 Virtual Server “Click here to configure” Configuring a Real IP for a Virtual Server Server 1/2/3/4 click here to configure Modifying a Virtual Server IP Address Removing a Virtual Server Setting the Virtual Server’s services Virtual Server Real IP: Service (Port): External Service Port: Load Balance Server: Adding New Virtual Server Service Configuration Modifying the Virtual Server configurations Removing the Virtual Server service 4.3.8 VPN 4.3.8.1 IPSec Autokey Gateway IP: IPSec Algorithm: Adding the Autokey IKE VPN Auto Keyed Tunnel Necessary Item Remote Gateway or Client – Dynamic IP: Preshared Key: Encapsulation ISAKMP Algorithm ENC Algorithm: 4.3.8.2 PPTP Server Disable PPTP: Enable PPTP: Encryption: Client IP Range: Allow remote client to connect to Internet: Modifying PPTP Server Removing PPTP Server Select VPN→PPTP Server 4.3.8.3 PPTP Client Adding a PPTP Client User name: Server IP or Domain Name: NAT (Connect to Windows PPTP Server): Modifying PPTP Client 4.3.8.4 Tunnel Source Subnet: Destination Subnet: IPSec/PPTP: Pause Adding a Tunnel Modifying a Tunnel Removing Tunnel Pausing a Tunnel Step 3. When There are 5 examples of VPN setting Example Example 1. Create a VPN connection between two Content Security Gateways Page Page Page Page Page Configuration of CS-500 Page Page Configuration of WinXP Page Page Page Step 10. Disable Activate the default response rule. And click Next Page Page Page Page Page Page Page Step 25. Click OK Page Page Page Page Page Page Page Page Page Page Page Step 50. Click ok Page Page Page Page Page Page Page Page Page Page Page Page Page Step 2: 4.4 Policy 4.4.1 Outgoing Source: Destination: Service: Action: Option: Source Address: Destination Address: Authentication User: Traffic Log: Statistics: 4.4.2 Incoming Incoming Adding an Incoming Policy Schedule: NAT: Modifying Incoming Policy 4.4.3 WAN To DMZ & LAN To DMZ Adding a new WAN To DMZ Policy: Services Step 3: Click OK Modifying a WAN To DMZ policy: 4.4.4 DMZ To WAN & DMZ To LAN Entering the DMZ To WAN window: DMZ To WAN The fields in the DMZ To WAN window are: Adding a DMZ To WAN Policy: Page Modifying a DMZ To WAN policy: Removing a DMZ To WAN Policy: Step 2. In the Remove confirmation dialogue box, click OK 4.5 Mail Security 4.5.1 Configure Mail Relay: Mail Relay Example 1: To setup CS-500as Gateway (Mail Server in DMZ, Transparent Mode) Preparation: STEP Page „Select Allowed External IP of Mail Relay 4.5.2 Anti-Spam 4.5.2.1 Setting 4.5.2.2Rule Rule Name: Comments: •Combination: And: Or: Adding a new Rule Modifying a Rule Removing a Rule 4.5.2.3 Whitelist 4.5.2.4 Blacklist Adding a new Blacklist Modifying a Blacklist Removing a Blacklist 4.5.2.5 Training Example: How to train mail into CS-500 Outlook Express New Folder Create Folder STEP 2﹒In Inbox-OutlookExpress, move spam mail to SpamMail Folder: Move SpamMail OK Compact Properties SpamMail Properties Spam Mail for Training Note: The training file that uploads to When the training file of 4.5.2.6 Spam Mail 4.5.3 Anti-Virus 4.5.3.1 Setting Virus Scan Engine Clam Disable Action of Infected Mail Delete the virus mail 4.5.3.2 Virus Mail 4.6 IDP 4.6.1 Setting 4.6.2 Signature Max. Threshold Pkts / Sec: Blocking Time: Action Drop Protocol: Source Port: Destination Port: Risk: Content: „Destination Port: Enter 80:80 Risk Content Outgoing Policy 4.6.3 IDP Report 4.7 Anomaly Flow IP 4.8 Monitor 4.8.1 Log 4.8.1.1 Traffic Traffic Log Table Time Port: Disposition: Downloading the Traffic Logs 4.8.1.2 Event 4.8.1.3 Connection 4.8.1.4 Log Backup 4.8.2 Accounting Report 4.8.2.1 Setting 4.8.2.2 Outbound Outbound Source IP Accounting Report Top: Downstream: Upstream: First Packet: Outbound Destination IP Accounting Report Outbound Service Accounting Report 4.8.2.3 Inbound Inbound Source IP Accounting Report Inbound Destination IP Accounting Report Inbound Service Accounting Report 4.8.3 Statistic 4.8.3.1 WAN Statistics 4.8.3.2 Policy Statistics Time: 4.8.4 Status 4.8.4.1 Interface Status 4.8.4.2 Authentication 4.8.4.3 ARP Table 4.8.4.4 DHCP Clients