Manuals / Brands / Computer Equipment / Network Card / Planet Technology / Computer Equipment / Network Card

Planet Technology CS-500 4.8 Monitor, 4.8.1 Log, 4.8.1.1 Traffic, Log, Enable, E-mail, Traffic, What is Log, How to use the Log, Alert Notification:, Enable Anomaly Flow IP Blocking

1 215

Download 215 pages, 7.37 Mb

Content Security Gateway User’s Manual

Enable Anomaly Flow IP Blocking: Select this option to enable the Anomaly Flow IP blocking function. Once the Anomaly Flow IP attacked is detected, it will block the connection for user-drefined blocking time.

Enable E-mail Alert Notification: When Anomaly Flow IP attacked is detected, send alert e-mail to administrator by using e-mail address defined on System -> Setting.

Enable NetBIOS Alert Notification: When Anomaly Flow IP attacked is detected, send alart message to administrator by using “Net send” command.

After enabling the needed options, click OK to activate the changes.

4.8 Monitor

CS-500 provides varied of information that can be used to check the status.

4.8.1 Log

The Content Security Gateway supports traffic logging and event logging to monitor and record services, connection times, and the source and destination network address. The Administrator may also download the log files for backup purposes. The Administrator mainly uses the Log menu to monitor the traffic passing through the Content Security Gateway.

What is Log?

Log records all connections that pass through the Content Security Gateway’s control policies. Traffic log’s parameters are setup when setting up control policies. Traffic logs record the details of packets such as the start and stop time of connection, the duration of connection, the source address, the destination address and services requested, for each control policy. Event logs record the contents of System Configuration changes made by the Administrator such as the time of change, settings that change, the IP address used to log on, etc.

How to use the Log

The Administrator can use the log data to monitor and manage the device and the networks. The Administrator can view the logged data to evaluate and troubleshoot the network, such as pinpointing the source of traffic congestions.

4.8.1.1 Traffic

The Administrator queries the Content Security Gateway for information, such as source address, destination address, start time, and Protocol port of all connections.

Entering the Traffic Log window

Step 1. Click the Traffic option under Log menu to enter the Traffic Log window.

- 193 -

Contents

Page Copyright Disclaimer CE mark Warning Trademarks Customer Service Table of Contents Page Page Chapter 1: Introduction 1.1 Features 1.2 Package Contents 1.3 Content Security Gateway Front View 1.4 Content Security Gateway Rear Panel 1.5 Specification Page Chapter 2: Hardware Installation 2.1 Installation Requirements 2.2 Operation Mode 2.2.1Transparent Mode Connection Example 2.2.2 NAT Mode Connecting Example Chapter 3: Getting Started 3.1 Web Configuration STEP 1: STEP 2: 3.2 Configure WAN interface 3.3 Configure DMZ interface 3.4 Configure Policy STEP 3: STEP 4: Chapter 4: Web Configuration 4.1 System Administration: Configure: Logout: 4.1.1 Admin Settings of the Administration table Admin Name: admin Privilege: read / write 4.1.2 Permitted IPs Add Permitted IPs Address Name IP Address Netmask Ping 4.1.3 Software Update 4.1.4 Setting Exporting Content Security Gateway settings File Download Administrator Importing Content Security Gateway settings Content Security Gateway Restoring Factory Default Settings Step 1. Select Reset Factory Settings under Backup/Restore Configuration System Name Setting Device Name Email Setting SMTP Server IP: E-Mail Web Management (WAN Interface) Set Web Management (WAN Interface) MTU (set networking packet length) MTU Setting Link Speed / Duplex Mode Setting Dynamic Routing (RIPv2) Routing information update timer: Routing information timeout: 4.1.5 Date/Time 4.1.6 Multiple Subnet Multiple Subnet settings Multiple Subnet WAN Interface IP / Forwarding Mode: Interface: Alias IP of Int. Interface / Netmask: Local port IP address and subnet Mask Routing Mode Multiple Subnet functions Adding a Multiple Subnet Routing Mode Alias IP of LAN Interface: WAN Interface IP: Add WAN IP Forwarding Mode: Step 4: Modify a Multiple Subnet Routing Mode Removing a Multiple Subnet Routing Mode 4.1.7 Route Table Modifying a Static Route: Modify Static Route Removing a Static Route 4.1.8 DHCP 4.1.9 Dynamic DNS !: Update Status Domain name: WAN IP Address: How to use dynamic DNS: How to register: Service providers WAN IP Address Automatically User Name Password 4.1.10 Host Table Host Name: Virtual IP Address: Adding a new Host Table Add New Host Table Modifying a Host Table 4.1.11 Language 4.1.12 Logout 4.2 Interface 4.2.1 LAN 4.2.2 WAN Max. Upstream/Downstream Bandwidth: The bandwidth provided by ISP Auto Disconnect Page Page 4.2.3 DMZ 4.3 Policy Object 4.3.1 Address 4.3.1.1 LAN Get Static IP address from DHCP Server Modifying an LAN Address Modify Address Removing a LAN Address 4.3.1.2 LAN Group Adding a LAN Group Add New Address Group Available address: Selected address: Add members: Available address Selected address Removing a LAN Group 4.3.1.3 WAN Modifying an WAN Address Removing an WAN Address 4.3.1.4 WAN Group Modifying a WAN Group 4.3.1.5 DMZ Adding a new DMZ Address: Modifying a DMZ Address: 4.3.1.6 DMZ Group Adding a DMZ Group: Step 2. In the Add New Address Group window: Step 4. Add members: Step 5. Remove members: Modifying a DMZ Group: Step 3. Add members: vailable Address Step 4. Remove members: 4.3.2 Service 4.3.2.1 Pre-defined 4.3.2.2 Custom Service name Protocol Client port Service port Adding a new Service Modifying Custom Services Removing Custom Services 4.3.2.3 Group To add new services: Available service To remove services: Modifying Service Groups Add new services: 4.3.3 Schedule Adding a new Schedule Add New Schedule Schedule Name: Period: Start time 4.3.4 QoS Configuration of QoS Priority Add New QoS Downstream Bandwidth: Upstream Bandwidth: Modify QoS Delete QoS Delete Example about how to install QoS correctly Page 4.3.5 Authentication 4.3.5.1 Auth Setting 4.3.5.2 Auth User Adding a new Auth User New User Auth User Step 2. In the Auth-User window: „Auth-UserName: enter the username of new Authentication NOTE User Login Page Definitions: Modifying the Authentication User Auth-User: Removing a Authentication User 4.3.5.3 Auth Group Modifying Auth Group Modify Auth group 4.3.5.4 Radius Serve 4.3.5.5 POP3 4.3.6 Content Blocking 4.3.6.1 URL Blocking Adding a URL policy Add New URL String Modifying a URL String Policy Removing a URL String policy 4.3.6.2 Scripts Step 1: Click P2P below Content Blocking menu 4.3.6.4 IM 4.3.6.5 Download 4.3.6.6 Upload 4.3.7 Virtual Server 4.3.7.1Mapped IP Entering the Mapped IP window Mapped IP Virtual Server WAN IP Map to Virtual IP Modifying a Mapped IP Removing a Mapped IP 4.3.7.2 Virtual Server “Click here to configure” Configuring a Real IP for a Virtual Server Server 1/2/3/4 click here to configure Modifying a Virtual Server IP Address Removing a Virtual Server Setting the Virtual Server’s services Virtual Server Real IP: Service (Port): External Service Port: Load Balance Server: Adding New Virtual Server Service Configuration Modifying the Virtual Server configurations Removing the Virtual Server service 4.3.8 VPN 4.3.8.1 IPSec Autokey Gateway IP: IPSec Algorithm: Adding the Autokey IKE VPN Auto Keyed Tunnel Necessary Item Remote Gateway or Client – Dynamic IP: Preshared Key: Encapsulation ISAKMP Algorithm ENC Algorithm: 4.3.8.2 PPTP Server Disable PPTP: Enable PPTP: Encryption: Client IP Range: Allow remote client to connect to Internet: Modifying PPTP Server Removing PPTP Server Select VPN→PPTP Server 4.3.8.3 PPTP Client Adding a PPTP Client User name: Server IP or Domain Name: NAT (Connect to Windows PPTP Server): Modifying PPTP Client 4.3.8.4 Tunnel Source Subnet: Destination Subnet: IPSec/PPTP: Pause Adding a Tunnel Modifying a Tunnel Removing Tunnel Pausing a Tunnel Step 3. When There are 5 examples of VPN setting Example Example 1. Create a VPN connection between two Content Security Gateways Page Page Page Page Page Configuration of CS-500 Page Page Configuration of WinXP Page Page Page Step 10. Disable Activate the default response rule. And click Next Page Page Page Page Page Page Page Step 25. Click OK Page Page Page Page Page Page Page Page Page Page Page Step 50. Click ok Page Page Page Page Page Page Page Page Page Page Page Page Page Step 2: 4.4 Policy 4.4.1 Outgoing Source: Destination: Service: Action: Option: Source Address: Destination Address: Authentication User: Traffic Log: Statistics: 4.4.2 Incoming Incoming Adding an Incoming Policy Schedule: NAT: Modifying Incoming Policy 4.4.3 WAN To DMZ & LAN To DMZ Adding a new WAN To DMZ Policy: Services Step 3: Click OK Modifying a WAN To DMZ policy: 4.4.4 DMZ To WAN & DMZ To LAN Entering the DMZ To WAN window: DMZ To WAN The fields in the DMZ To WAN window are: Adding a DMZ To WAN Policy: Page Modifying a DMZ To WAN policy: Removing a DMZ To WAN Policy: Step 2. In the Remove confirmation dialogue box, click OK 4.5 Mail Security 4.5.1 Configure Mail Relay: Mail Relay Example 1: To setup CS-500as Gateway (Mail Server in DMZ, Transparent Mode) Preparation: STEP Page „Select Allowed External IP of Mail Relay 4.5.2 Anti-Spam 4.5.2.1 Setting 4.5.2.2Rule Rule Name: Comments: •Combination: And: Or: Adding a new Rule Modifying a Rule Removing a Rule 4.5.2.3 Whitelist 4.5.2.4 Blacklist Adding a new Blacklist Modifying a Blacklist Removing a Blacklist 4.5.2.5 Training Example: How to train mail into CS-500 Outlook Express New Folder Create Folder STEP 2﹒In Inbox-OutlookExpress, move spam mail to SpamMail Folder: Move SpamMail OK Compact Properties SpamMail Properties Spam Mail for Training Note: The training file that uploads to When the training file of 4.5.2.6 Spam Mail 4.5.3 Anti-Virus 4.5.3.1 Setting Virus Scan Engine Clam Disable Action of Infected Mail Delete the virus mail 4.5.3.2 Virus Mail 4.6 IDP 4.6.1 Setting 4.6.2 Signature Max. Threshold Pkts / Sec: Blocking Time: Action Drop Protocol: Source Port: Destination Port: Risk: Content: „Destination Port: Enter 80:80 Risk Content Outgoing Policy 4.6.3 IDP Report 4.7 Anomaly Flow IP 4.8 Monitor 4.8.1 Log 4.8.1.1 Traffic Traffic Log Table Time Port: Disposition: Downloading the Traffic Logs 4.8.1.2 Event 4.8.1.3 Connection 4.8.1.4 Log Backup 4.8.2 Accounting Report 4.8.2.1 Setting 4.8.2.2 Outbound Outbound Source IP Accounting Report Top: Downstream: Upstream: First Packet: Outbound Destination IP Accounting Report Outbound Service Accounting Report 4.8.2.3 Inbound Inbound Source IP Accounting Report Inbound Destination IP Accounting Report Inbound Service Accounting Report 4.8.3 Statistic 4.8.3.1 WAN Statistics 4.8.3.2 Policy Statistics Time: 4.8.4 Status 4.8.4.1 Interface Status 4.8.4.2 Authentication 4.8.4.3 ARP Table 4.8.4.4 DHCP Clients