Manuals / Brands / Computer Equipment / Network Card / Planet Technology / Computer Equipment / Network Card

Planet Technology CS-500 4.1.10 Host Table, System, Configure, Host Table

1 215

Download 215 pages, 7.37 Mb

Content Security Gateway User’s Manual

4.1.10 Host Table

The Content Security Gateway’s Administrator may use the Host Table function to make the Content Security Gateway act as a DNS Server for the LAN and DMZ network. All DNS requests to a specific Domain Name will be routed to the Content Security Gateway’s IP address. For example, let’s say an organization has their mail server (i.e., mail.planet.com.tw) in the DMZ network (i.e. 192.168.10.10). The outside Internet world may access the mail server of the organization easily by its domain name, providing that the Administrator has set up Virtual Server or Mapped IP settings correctly. However, for the users in the LAN network, their WAN DNS server will assign them a public IP address for the mail server. So for the LAN network to access the mail server (mail.planet.com.tw), they would have to go out to the Internet, then come back through the Content Security Gateway to access the mail server. Essentially, the LAN network is accessing the mail server by a real public IP address, while the mail server serves their request by a NAT address and not a real one.

This odd situation occurs when there are servers in the DMZ network and they are bound to real IP addresses. To avoid this, set up Host Table so all the LAN network computers will use the Content Security Gateway as a DNS server, which acts as the DNS proxy.

If you want to use the Host Table function of the device, the end user’s main DNS server IP address should be the same IP Address as the device.

Click on System in the menu bar, then click on Host Table below the Configure menu. The Host Table window will appear.

- 34 -

Contents

Page Copyright Disclaimer CE mark Warning Trademarks Customer Service Table of Contents Page Page Chapter 1: Introduction 1.1 Features 1.2 Package Contents 1.3 Content Security Gateway Front View 1.4 Content Security Gateway Rear Panel 1.5 Specification Page Chapter 2: Hardware Installation 2.1 Installation Requirements 2.2 Operation Mode 2.2.1Transparent Mode Connection Example 2.2.2 NAT Mode Connecting Example Chapter 3: Getting Started 3.1 Web Configuration STEP 1: STEP 2: 3.2 Configure WAN interface 3.3 Configure DMZ interface 3.4 Configure Policy STEP 3: STEP 4: Chapter 4: Web Configuration 4.1 System Administration: Configure: Logout: 4.1.1 Admin Settings of the Administration table Admin Name: admin Privilege: read / write 4.1.2 Permitted IPs Add Permitted IPs Address Name IP Address Netmask Ping 4.1.3 Software Update 4.1.4 Setting Exporting Content Security Gateway settings File Download Administrator Importing Content Security Gateway settings Content Security Gateway Restoring Factory Default Settings Step 1. Select Reset Factory Settings under Backup/Restore Configuration System Name Setting Device Name Email Setting SMTP Server IP: E-Mail Web Management (WAN Interface) Set Web Management (WAN Interface) MTU (set networking packet length) MTU Setting Link Speed / Duplex Mode Setting Dynamic Routing (RIPv2) Routing information update timer: Routing information timeout: 4.1.5 Date/Time 4.1.6 Multiple Subnet Multiple Subnet settings Multiple Subnet WAN Interface IP / Forwarding Mode: Interface: Alias IP of Int. Interface / Netmask: Local port IP address and subnet Mask Routing Mode Multiple Subnet functions Adding a Multiple Subnet Routing Mode Alias IP of LAN Interface: WAN Interface IP: Add WAN IP Forwarding Mode: Step 4: Modify a Multiple Subnet Routing Mode Removing a Multiple Subnet Routing Mode 4.1.7 Route Table Modifying a Static Route: Modify Static Route Removing a Static Route 4.1.8 DHCP 4.1.9 Dynamic DNS !: Update Status Domain name: WAN IP Address: How to use dynamic DNS: How to register: Service providers WAN IP Address Automatically User Name Password 4.1.10 Host Table Host Name: Virtual IP Address: Adding a new Host Table Add New Host Table Modifying a Host Table 4.1.11 Language 4.1.12 Logout 4.2 Interface 4.2.1 LAN 4.2.2 WAN Max. Upstream/Downstream Bandwidth: The bandwidth provided by ISP Auto Disconnect Page Page 4.2.3 DMZ 4.3 Policy Object 4.3.1 Address 4.3.1.1 LAN Get Static IP address from DHCP Server Modifying an LAN Address Modify Address Removing a LAN Address 4.3.1.2 LAN Group Adding a LAN Group Add New Address Group Available address: Selected address: Add members: Available address Selected address Removing a LAN Group 4.3.1.3 WAN Modifying an WAN Address Removing an WAN Address 4.3.1.4 WAN Group Modifying a WAN Group 4.3.1.5 DMZ Adding a new DMZ Address: Modifying a DMZ Address: 4.3.1.6 DMZ Group Adding a DMZ Group: Step 2. In the Add New Address Group window: Step 4. Add members: Step 5. Remove members: Modifying a DMZ Group: Step 3. Add members: vailable Address Step 4. Remove members: 4.3.2 Service 4.3.2.1 Pre-defined 4.3.2.2 Custom Service name Protocol Client port Service port Adding a new Service Modifying Custom Services Removing Custom Services 4.3.2.3 Group To add new services: Available service To remove services: Modifying Service Groups Add new services: 4.3.3 Schedule Adding a new Schedule Add New Schedule Schedule Name: Period: Start time 4.3.4 QoS Configuration of QoS Priority Add New QoS Downstream Bandwidth: Upstream Bandwidth: Modify QoS Delete QoS Delete Example about how to install QoS correctly Page 4.3.5 Authentication 4.3.5.1 Auth Setting 4.3.5.2 Auth User Adding a new Auth User New User Auth User Step 2. In the Auth-User window: „Auth-UserName: enter the username of new Authentication NOTE User Login Page Definitions: Modifying the Authentication User Auth-User: Removing a Authentication User 4.3.5.3 Auth Group Modifying Auth Group Modify Auth group 4.3.5.4 Radius Serve 4.3.5.5 POP3 4.3.6 Content Blocking 4.3.6.1 URL Blocking Adding a URL policy Add New URL String Modifying a URL String Policy Removing a URL String policy 4.3.6.2 Scripts Step 1: Click P2P below Content Blocking menu 4.3.6.4 IM 4.3.6.5 Download 4.3.6.6 Upload 4.3.7 Virtual Server 4.3.7.1Mapped IP Entering the Mapped IP window Mapped IP Virtual Server WAN IP Map to Virtual IP Modifying a Mapped IP Removing a Mapped IP 4.3.7.2 Virtual Server “Click here to configure” Configuring a Real IP for a Virtual Server Server 1/2/3/4 click here to configure Modifying a Virtual Server IP Address Removing a Virtual Server Setting the Virtual Server’s services Virtual Server Real IP: Service (Port): External Service Port: Load Balance Server: Adding New Virtual Server Service Configuration Modifying the Virtual Server configurations Removing the Virtual Server service 4.3.8 VPN 4.3.8.1 IPSec Autokey Gateway IP: IPSec Algorithm: Adding the Autokey IKE VPN Auto Keyed Tunnel Necessary Item Remote Gateway or Client – Dynamic IP: Preshared Key: Encapsulation ISAKMP Algorithm ENC Algorithm: 4.3.8.2 PPTP Server Disable PPTP: Enable PPTP: Encryption: Client IP Range: Allow remote client to connect to Internet: Modifying PPTP Server Removing PPTP Server Select VPN→PPTP Server 4.3.8.3 PPTP Client Adding a PPTP Client User name: Server IP or Domain Name: NAT (Connect to Windows PPTP Server): Modifying PPTP Client 4.3.8.4 Tunnel Source Subnet: Destination Subnet: IPSec/PPTP: Pause Adding a Tunnel Modifying a Tunnel Removing Tunnel Pausing a Tunnel Step 3. When There are 5 examples of VPN setting Example Example 1. Create a VPN connection between two Content Security Gateways Page Page Page Page Page Configuration of CS-500 Page Page Configuration of WinXP Page Page Page Step 10. Disable Activate the default response rule. And click Next Page Page Page Page Page Page Page Step 25. Click OK Page Page Page Page Page Page Page Page Page Page Page Step 50. Click ok Page Page Page Page Page Page Page Page Page Page Page Page Page Step 2: 4.4 Policy 4.4.1 Outgoing Source: Destination: Service: Action: Option: Source Address: Destination Address: Authentication User: Traffic Log: Statistics: 4.4.2 Incoming Incoming Adding an Incoming Policy Schedule: NAT: Modifying Incoming Policy 4.4.3 WAN To DMZ & LAN To DMZ Adding a new WAN To DMZ Policy: Services Step 3: Click OK Modifying a WAN To DMZ policy: 4.4.4 DMZ To WAN & DMZ To LAN Entering the DMZ To WAN window: DMZ To WAN The fields in the DMZ To WAN window are: Adding a DMZ To WAN Policy: Page Modifying a DMZ To WAN policy: Removing a DMZ To WAN Policy: Step 2. In the Remove confirmation dialogue box, click OK 4.5 Mail Security 4.5.1 Configure Mail Relay: Mail Relay Example 1: To setup CS-500as Gateway (Mail Server in DMZ, Transparent Mode) Preparation: STEP Page „Select Allowed External IP of Mail Relay 4.5.2 Anti-Spam 4.5.2.1 Setting 4.5.2.2Rule Rule Name: Comments: •Combination: And: Or: Adding a new Rule Modifying a Rule Removing a Rule 4.5.2.3 Whitelist 4.5.2.4 Blacklist Adding a new Blacklist Modifying a Blacklist Removing a Blacklist 4.5.2.5 Training Example: How to train mail into CS-500 Outlook Express New Folder Create Folder STEP 2﹒In Inbox-OutlookExpress, move spam mail to SpamMail Folder: Move SpamMail OK Compact Properties SpamMail Properties Spam Mail for Training Note: The training file that uploads to When the training file of 4.5.2.6 Spam Mail 4.5.3 Anti-Virus 4.5.3.1 Setting Virus Scan Engine Clam Disable Action of Infected Mail Delete the virus mail 4.5.3.2 Virus Mail 4.6 IDP 4.6.1 Setting 4.6.2 Signature Max. Threshold Pkts / Sec: Blocking Time: Action Drop Protocol: Source Port: Destination Port: Risk: Content: „Destination Port: Enter 80:80 Risk Content Outgoing Policy 4.6.3 IDP Report 4.7 Anomaly Flow IP 4.8 Monitor 4.8.1 Log 4.8.1.1 Traffic Traffic Log Table Time Port: Disposition: Downloading the Traffic Logs 4.8.1.2 Event 4.8.1.3 Connection 4.8.1.4 Log Backup 4.8.2 Accounting Report 4.8.2.1 Setting 4.8.2.2 Outbound Outbound Source IP Accounting Report Top: Downstream: Upstream: First Packet: Outbound Destination IP Accounting Report Outbound Service Accounting Report 4.8.2.3 Inbound Inbound Source IP Accounting Report Inbound Destination IP Accounting Report Inbound Service Accounting Report 4.8.3 Statistic 4.8.3.1 WAN Statistics 4.8.3.2 Policy Statistics Time: 4.8.4 Status 4.8.4.1 Interface Status 4.8.4.2 Authentication 4.8.4.3 ARP Table 4.8.4.4 DHCP Clients