Planet Technology CS-500 manual

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215

Ir a la página of

Buen manual de instrucciones

Las leyes obligan al vendedor a entregarle al comprador, junto con el producto, el manual de instrucciones Planet Technology CS-500. La falta del manual o facilitar información incorrecta al consumidor constituyen una base de reclamación por no estar de acuerdo el producto con el contrato. Según la ley, está permitido adjuntar un manual de otra forma que no sea en papel, lo cual últimamente es bastante común y los fabricantes nos facilitan un manual gráfico, su versión electrónica Planet Technology CS-500 o vídeos de instrucciones para usuarios. La condición es que tenga una forma legible y entendible.

¿Qué es un manual de instrucciones?

El nombre proviene de la palabra latina “instructio”, es decir, ordenar. Por lo tanto, en un manual Planet Technology CS-500 se puede encontrar la descripción de las etapas de actuación. El propósito de un manual es enseñar, facilitar el encendido o el uso de un dispositivo o la realización de acciones concretas. Un manual de instrucciones también es una fuente de información acerca de un objeto o un servicio, es una pista.

Desafortunadamente pocos usuarios destinan su tiempo a leer manuales Planet Technology CS-500, sin embargo, un buen manual nos permite, no solo conocer una cantidad de funcionalidades adicionales del dispositivo comprado, sino también evitar la mayoría de fallos.

Entonces, ¿qué debe contener el manual de instrucciones perfecto?

Sobre todo, un manual de instrucciones Planet Technology CS-500 debe contener:
- información acerca de las especificaciones técnicas del dispositivo Planet Technology CS-500
- nombre de fabricante y año de fabricación del dispositivo Planet Technology CS-500
- condiciones de uso, configuración y mantenimiento del dispositivo Planet Technology CS-500
- marcas de seguridad y certificados que confirmen su concordancia con determinadas normativas

¿Por qué no leemos los manuales de instrucciones?

Normalmente es por la falta de tiempo y seguridad acerca de las funcionalidades determinadas de los dispositivos comprados. Desafortunadamente la conexión y el encendido de Planet Technology CS-500 no es suficiente. El manual de instrucciones siempre contiene una serie de indicaciones acerca de determinadas funcionalidades, normas de seguridad, consejos de mantenimiento (incluso qué productos usar), fallos eventuales de Planet Technology CS-500 y maneras de solucionar los problemas que puedan ocurrir durante su uso. Al final, en un manual se pueden encontrar los detalles de servicio técnico Planet Technology en caso de que las soluciones propuestas no hayan funcionado. Actualmente gozan de éxito manuales de instrucciones en forma de animaciones interesantes o vídeo manuales que llegan al usuario mucho mejor que en forma de un folleto. Este tipo de manual ayuda a que el usuario vea el vídeo entero sin saltarse las especificaciones y las descripciones técnicas complicadas de Planet Technology CS-500, como se suele hacer teniendo una versión en papel.

¿Por qué vale la pena leer los manuales de instrucciones?

Sobre todo es en ellos donde encontraremos las respuestas acerca de la construcción, las posibilidades del dispositivo Planet Technology CS-500, el uso de determinados accesorios y una serie de informaciones que permiten aprovechar completamente sus funciones y comodidades.

Tras una compra exitosa de un equipo o un dispositivo, vale la pena dedicar un momento para familiarizarse con cada parte del manual Planet Technology CS-500. Actualmente se preparan y traducen con dedicación, para que no solo sean comprensibles para los usuarios, sino que también cumplan su función básica de información y ayuda.

Índice de manuales de instrucciones

  • Página 1

    Content Security Gateway User ’s Ma nual Content Security Gateway CS-500 User ’ s Manual[...]

  • Página 2

    Content Security Gateway User ’s Ma nual Copyright Copyright (C) 2005 PLANET T echnolog y Corp. All right s reserved. The products and programs described in this User ’s Manual are licensed products of PLANET T echnology , This User ’s Manual contains proprietary information protected by copyright, and this Us er ’s Manual and all accompany[...]

  • Página 3

    Content Security Gateway User ’s Ma nual T able of Content s CHAPTER 1: IN TRODUCTION ........................................................................................................ ................ 1 1.1 F EA TURES ...........................................................................................................................[...]

  • Página 4

    Content Security Gateway User ’s Ma nual 4.3 P OLICY O BJECT ............................................................................................................................... ................. 43 4.3.1 Address ............................................................................................................................[...]

  • Página 5

    Content Security Gateway User ’s Ma nual 4.4.4 DMZ T o WAN & DMZ T o LAN ............................................................................................................ 162 4.5 M AIL S ECURITY ............................................................................................................................... ..........[...]

  • Página 6

    Content Security Gateway User ’s Ma nual Chapter 1: Introduction The innovation of the Internet has created a tremendous worldwide venue for e-business an d information sharing, but it also creates network security problem s, so the secu rity request will be the primary concerned for the enterprise. Planet’ s Content Security Gatewa y CS-500, a[...]

  • Página 7

    Content Security Gateway User ’s Ma nual 1.2 Package Contents The following items should be included: CS-500  Content Security Gateway  User ’s Manual CD-ROM  This Quick Inst allation Guide  Power Adapter If any of the contents are missi ng or damaged, please cont act your dealer or distributor immedi ately . 1.3 Content Security Ga[...]

  • Página 8

    Content Security Gateway User ’s Ma nual settings. WAN Connect to your xDSL/Cable modem or other Internet connection devices LAN Connect to your local PC, switch o r other local network device DMZ Connect to your server or oth er network device 1.5 Specification Product Content Security Gateway Model CS-500 Hardware LAN 1 x 10/100Mbps RJ-45 W AN [...]

  • Página 9

    Content Security Gateway User ’s Ma nual IDP Anomaly: Syn Flood, UDP Flood, ICMP Flood and mo re. Pre-defined : Backdoor , DDoS, DoS, Exploit, NetBIOS and S pyware. Custom: User defined based on TCP , UDP , ICMP or IP protocol. QoS Policy rules with Inbound/Outbound traf fic manageme nt Guaranteed and maximum bandwi dth Scheduled in unit of 30 mi[...]

  • Página 10

    Content Security Gateway User ’s Ma nual Chapter 2: Hardware Inst allation 2.1 Inst allation Requirement s Before installing the Content Security Gateway, make sure your network meets the following requirements. - Mechanical Requiremen ts The Content Security Gateway is to be i nstalled bet ween your Internet connection and local area network. Th[...]

  • Página 11

    Content Security Gateway User ’s Ma nual The WAN and DMZ side IP addre sses are on the same su bnet. This application is suitable if you have a subnet of IP addresses and you do not want to chan ge any IP configuration on the subnet. 2.2.2 NAT Mode Connecting Example In te rn et ADSL Mode m CS-5 00 W AN: 61.11. 11.11 LAN PC 1: 192.168. 1.2 LAN PC[...]

  • Página 12

    Content Security Gateway User ’s Ma nual Chapter 3: Getting S t arted 3.1 Web Configuration STEP 1: Connect both the Administrator ’s PC an d the LAN port of the Content Security Gateway to a hub or switch. Make sure there is a link light on the hub/swit ch for both connections. The Cont ent Security Gateway has an embedded web server used for [...]

  • Página 13

    Content Security Gateway User ’s Ma nual 3.2 Configure WAN interface After entering the username and p assword, the Content Se curity Gateway WEB UI screen will display . Select the Interface tab on the lef t menu then click on W AN below it. Click on Modify button of W AN, the following page is shown. PPPoE (ADSL User): This option is for PPPoE [...]

  • Página 14

    Content Security Gateway User ’s Ma nual Default Gateway : This will be the Gateway IP address. Domain Name Server (DNS): Thi s is the IP Address of the DNS server . For PPTP (European User Only): This i s mainly used in Europe. Y ou need to know the PPTP Server address as well as your name and p assword. User Name: The user name is provided by I[...]

  • Página 15

    Content Security Gateway User ’s Ma nual Destination Address – select “Out side_Any” Service - select “ANY ” Action - select “Permit” Click on OK to apply the changes. STEP 4: The configuration is succe ssful when the screen belo w is displayed. Please make sure that all the comp uters that are conne cted to the LAN port have their [...]

  • Página 16

    Content Security Gateway User ’s Ma nual Chapter 4: W eb Configuration 4.1 System The Content Security Gateway Administration and monitoring configuration is set by t he System Administrator . The System Administrator can add or modify System se ttings and monitoring mode. The sub Administrators can only read System settings but not modify them. [...]

  • Página 17

    Content Security Gateway User ’s Ma nual DHCP: Administrator can config ure DHCP (Dynami c Host Configuration Protocol) settings for the LAN (LAN) network. Dy nam ic D NS: The Dynamic DNS (require Dynamic DNS S ervice) allows you to alias a dyn amic IP a ddress to a static hostname, allowi ng your device to be more easily a ccessed by specific na[...]

  • Página 18

    Content Security Gateway User ’s Ma nual Settings of the Administration table Admin Name: The username of Administrators fo r the Content Security Gateway . The user admin cannot be removed. Privilege: The privilege s of Administrators (Admin or Sub Admin) The username of the main Administrator is Admin with read / write privilege. Sub Admin may [...]

  • Página 19

    Content Security Gateway User ’s Ma nual Removing a Sub Admin Step 1. In the Administration table, locate th e Admin name you want to edit, and click on the Rem ove option in the Configure field. Step 2. The Remove confirmation pop-up box will appear. Click OK to remove that Sub Admin or click Cancel to cancel. 4.1.2 Permitted IPs Only the author[...]

  • Página 20

    Content Security Gateway User ’s Ma nual Add Permitted IPs Address Step 1. Click New Entr y button. Step 2. In IP Address field, enter the LAN IP address or W AN IP address.  Name : Enter the host name for the auth orized IP address.  IP Addres s : Enter the LAN IP addres s or W AN IP address.  Netmask : Enter the netmask of LA N/W AN. ?[...]

  • Página 21

    Content Security Gateway User ’s Ma nual 4.1.3 Software Update Under Sof tware Update , the admin m ay update the device’ s softwa re with a newer software. Y ou may acquire the current version number of software in V ersion Number . Administrators may visit di stributor ’s web site to download the latest version and save it in server’s har[...]

  • Página 22

    Content Security Gateway User ’s Ma nual ÍÍ Exporting Content Security Gate w ay settings Step 1. Under Backup/Res tore Configuration , click on the Do wnload button next to Export System Settings to Client . Step 2. When the File Download pop-up window appears, choose the destination place to save the exported file. The Administrator may choos[...]

  • Página 23

    Content Security Gateway User ’s Ma nual Importing Content Security Gate way settings Under Backup/Restore Configuration , click on the Bro wse button next to Import System Settings from Client . When the Choose File pop-up window appears, select the file which cont ains the saved Content Security Gateway Settings, then click OK . Click OK to imp[...]

  • Página 24

    Content Security Gateway User ’s Ma nual System Name Setting Input the name you want into Devi ce Nam e column to be the device name. Email Setting Step 1. Select Enable E-mail Alert Notificatio n under E-Mail Setting . This function will enable the Content Security Gateway to send e-mail alerts to the System Administrator when the network is bei[...]

  • Página 25

    Content Security Gateway User ’s Ma nual Web Manage ment (W AN Interface) The administrator can change the port n umber used by HTTP port1 anytime. (Remote UI Management) Step 1. Set Web Ma nagement (W AN Interface). The administrator can change the p ort number used by HTTP port anytime. MTU (set networking p acket length) The administrator can [...]

  • Página 26

    Content Security Gateway User ’s Ma nual to the network. Y ou can choo se to enable LAN, W AN or DMZ interface to allow send out the RIP protocol in a period of time to update the 0 will cut of f the routi ng automatically until it receives RIP protocol again. Th e default timer is 80 seconds. Dynamic Routing (RIPv2) Enable Dynamic Routing (RIPv2[...]

  • Página 27

    Content Security Gateway User ’s Ma nual T o-Appliance Packe t Lo gging Whe sou n the function is selected, the CS-500 will record the packets that contain t he IP address of CS-500 in rce or destination, the records will display in Traffic Log for adm inistrator to inquire about. Cont ent Security Gateway will be rebooted . A confirmation pop-up[...]

  • Página 28

    Content Security Gateway User ’s Ma nual Step 4. Update system clock ev ery □ minutes You can set the interval time to synchronize with utside servers. If you set it to 0, it means the device will not synchronize automatically. mputer ’ s clock. Click OK to apply the setting or click Cancel to discard changes. o Follow this step to sync to yo[...]

  • Página 29

    Content Security Gateway User ’s Ma nual Multiple Subnet settings Click Sy stem on the left side menu bar, select Configure then click Multiple Subnet to enter Multiple Subnet window . s and Forwarding Mode. ultiple Subnet. Click Modi fy to modify the p arameters of Multiple Subnet r click Delete to delete se ttings. Step the new win dow . IP add[...]

  • Página 30

    Content Security Gateway User ’s Ma nual Step 1: Find the IP address you want to modify and click Modify . Step 2: Enter the new IP address in Modify Multiple Subnet window . Step 3: Click the OK button below to change the setti ng or click Ca ncel to discard changes. Removing a Multiple Subnet Step 1: Find the IP address you want to delete and c[...]

  • Página 31

    Content Security Gateway User ’s Ma nual Sales: Alias IP of LAN interface - 168.85.88.65, Netm ask: 255.255.255.192 Procurement: Alias IP of LAN interface - 168.85.88.129, Netmask: 255.25 5.255.192 Accounting: Alias IP of LAN interface - 168.85.88.193, Netm ask: 255.255.25 5.192 Click System on th e left side menu bar , then click Mult iple Subne[...]

  • Página 32

    Content Security Gateway User ’s Ma nual Step 4: Adding a new W AN to LAN Policy . In the Incoming window , click the New Entry button. Modify a Multiple Subnet Routing Mode Step 1: Find the IP address you want to modify in Multiple Subnet menu, then click M odify button, on the right Step 3: Click the OK button below to change the setti ng or cl[...]

  • Página 33

    Content Security Gateway User ’s Ma nual 4.1.7 Route Table In this section, the Administrator c an add static routes for the networks. Entering the Route T able screen Step 1. Click System on the lef t hand sid e menu bar , then click Route T able below the Configure menu. The Route T able window appears, in which curre nt route settings are show[...]

  • Página 34

    Content Security Gateway User ’s Ma nual Step 4. Click OK to add the new static route or click Cancel to cancel. Modifying a St atic Route: Step 1. In the Route T able menu, find the route to edi t and click the corresponding Modify option in the Configure field. Step 2. In the Modify St atic Route window , modify the necessary routing addresses.[...]

  • Página 35

    Content Security Gateway User ’s Ma nual 4.1.8 DHCP In the section, the Administrator can configure DHCP (Dynamic Host Configuration Protocol) setting s for the LAN (LAN) network. Entering the DHCP w indow Click System on the lef t hand side menu bar , then cli ck DHCP below the Configure menu. The DHCP window appears in whi ch current D HCP sett[...]

  • Página 36

    Content Security Gateway User ’s Ma nual Dynamic IP Address functions  Subnet: LAN network’s su bnet  Netmask: LA N network’ s netmask  Gateway: LAN network’s gateway IP address  Broadcast: L AN network’ s broadcast IP address Enabling DHCP Support Step 1. In the Dynamic IP Address window , click Enable DHCP Support . Domain N[...]

  • Página 37

    Content Security Gateway User ’s Ma nual ÍÍ Click Dynam ic DNS in the System menu to enter Dy namic DNS window . The icons in Dynamic DNS window: !: Up date S t atus, Connecting; Update succeed; Update fail; Unidentified error . Domain name: Enter the p assword provided by ISP . W AN IP Address: IP addre ss of the W AN port. Configure: Modify d[...]

  • Página 38

    Content Security Gateway User ’s Ma nual Service providers : Select service providers. Sign up : to the service providers’ website. W AN IP Address : IP Address of the W AN port.  Automatically : Check to automatically fill in the W AN IP . 。 User Name : Enter the registered user name. Password : Enter the password provided by ISP (Inte rn[...]

  • Página 39

    Content Security Gateway User ’s Ma nual 4.1.10 Host Table The Content Security Gateway’ s Administrator may use the Host T able function to make the Content Security Gateway act as a DNS Server for the LAN and DMZ network. All DNS request s to a specific Domain Name will be routed to the Content Security Gateway’ s IP address. For ex ample, [...]

  • Página 40

    Content Security Gateway User ’s Ma nual ÍÍ Below is the information needed for setting up the Ho st T able : • Host Name: The domain name of the server • Virtual IP Address: The vi rtual IP addre ss respective to Host T able • Configure: modify or remove each Host T able policy Adding a new Host T able Step 1: Click on the Ne w Entry but[...]

  • Página 41

    Content Security Gateway User ’s Ma nual Removing a Host T able Step 1: In the Host T able window , find the policy to be removed and click the corresponding Re move option in the Configure field. Step 2: A confirmation pop-up box will appear , click OK to remove the Host T able or click Cancel . 4.1.11 Language Administrator can configure the Co[...]

  • Página 42

    Content Security Gateway User ’s Ma nual Step 2. Click Logout the Content Security Gateway . Step 3. Click OK to logout or click Cancel to discard the change. ÍÍ 4.2 Interface In this section, the Administrator can set up the IP addresses for the of fice network. The Administrator m ay configure the IP addresses of the LAN network, t he W AN ne[...]

  • Página 43

    Content Security Gateway User ’s Ma nual IP Address: The private IP address of the C ontent Security Gateway’ s LAN network is the IP address of the LAN port of the device. The default IP address is 192. 168.1.1. If the new LAN IP Address is not 192.168.1.1, the Administrator needs to set the IP Address on th e computer to be on the same subnet[...]

  • Página 44

    Content Security Gateway User ’s Ma nual Username: Enter the PPPoE username provided by the ISP . Password: Enter the PPPoE password provided by the ISP . IP Address provided by ISP: Dy nam ic: Select this if the IP address is automatically assigned by the ISP . Fixed: Select this if you were given a static IP addre ss. Enter the IP address t hat[...]

  • Página 45

    Content Security Gateway User ’s Ma nual IP Addre ss: The dynamic IP address obtained by the Cont ent Security Gatewa y from the ISP will be displayed here. This is the IP addre ss of the W AN port of the device. MAC Address: This is the MAC Address of the device. Hostname: This will be t he name assign to the device. Some cable modem ISP assign [...]

  • Página 46

    Content Security Gateway User ’s Ma nual Ping: Select this to allow the W AN network to ping th e IP Address of the Content Security Gateway . This will allow people from the Internet to be able to ping the Content Security Gateway . If set to enable, the device will respond to echo request p ackets from the W AN network. HTTP: Select this to all[...]

  • Página 47

    Content Security Gateway User ’s Ma nual H T T P : Select this to allow the device WEBUI to be accessed from the W AN network. This will allow the WebUI to be configure d from a user on the Interne t. Keep in mind that the device always requires a username and p assword to enter the W ebUI. 4.2.3 DMZ The Administrator uses the DMZ Interface to se[...]

  • Página 48

    Content Security Gateway User ’s Ma nual DMZ Interface : Display DMZ NA T Mode /DMZ TRANSP ARENT Mode functions of DMZ to show if they are enabled or disabled. IP Address : The private IP address of the Content Secu rity Gateway’ s DMZ interface. This will be the IP address of the DMZ port. If it is in NA T mode, the IP address the Administrato[...]

  • Página 49

    Content Security Gateway User ’s Ma nual How to use Address Table With easily recognized names of IP addresses and names of add ress group s shown in the address t able, the Administrator can use these names as the source addres s or d estination address of co ntrol policies. The address table should be bu ilt before creating control policie s, s[...]

  • Página 50

    Content Security Gateway User ’s Ma nual If you want to enable Get S tatic IP add ress from DHCP Server function, enter the MAC Address then check the Get St atic IP address from DHCP Server . Modifying an LAN Address Step 1. In the LAN window, locate the name of t he network to be modified. Click the Modify option in its corresponding Configure [...]

  • Página 51

    Content Security Gateway User ’s Ma nual 4.3.1.2 LAN Group Entering the LAN Group windo w The LAN Addresses may be combined t ogether to become a group . Step 1. Click LAN Group under the Addre ss menu to enter the LAN Group window . Th e current setting information for the LAN network group a ppears on the screen. ÍÍ Definitions Name: Name of [...]

  • Página 52

    Content Security Gateway User ’s Ma nual Group. Ad Step 1. N Group window, clic k the New Entry button to enter th e Add New Address Group Step 2 In work. w group. Step 3. d in Available address list, and click the Add>> button to add them to the Selected address list. Step 4. ss list, and click the s list. Step 5. Click OK to add the new g[...]

  • Página 53

    Content Security Gateway User ’s Ma nual Step 2. w Step 3. vailable address list, and cli ck the Add>> button to add Step 4. list, and click the <<Remove button ress list. Click OK to save change s or click Can cel to discard changes. A indow displaying the information of the selected g roup appears:  Available address: list names [...]

  • Página 54

    Content Security Gateway User ’s Ma nual 4.3.1.3 WAN Entering the W AN window Step 1. Click WA N under the Address menu to enter t he WAN window. The curre nt setting information, such as the name of the WAN netwo rk, IP and Netmask addresse s will show on the screen. ÍÍ Definitions Name : Name of W AN network address. IP/Netmask : IP addre ss/[...]

  • Página 55

    Content Security Gateway User ’s Ma nual Step 2. In the Add New Address window, enter the settings for a new WAN network addre ss. Step 3. Click OK to add the specified WAN network or cli ck Cancel to discard changes. Modifying an W AN Address Step 1. In the WAN table, locate t he name of the net work to be modified and click the Modify option in[...]

  • Página 56

    Content Security Gateway User ’s Ma nual 4.3.1.4 WAN Group Entering the W AN Group windo w Step 1. Click the W AN Group under the Address menu bar to enter the W AN window . The current settings for the W AN network group(s) will appea r on the screen. ÍÍ Definitions : Name : Name of the W AN group. Member : Members of the group. Configure : Co[...]

  • Página 57

    Content Security Gateway User ’s Ma nual window will appear . Step 2. In the Add New Address Group wi ndow the following fields will appea r:  Name: enter the name of the new group.  Available address: List the name s of all the members of the WAN network.  Selected address: List the names to assign to the new group.  Add members: Sel[...]

  • Página 58

    Content Security Gateway User ’s Ma nual Removing a W AN Group Step 1. In the WAN Group window, locate the group to be removed and click its corresp onding Modify option in the Configure field. Step 2. In the Remove confirmation pop-up box, click OK to remove the group or click Cancel to discard changes. 4.3.1.5 DMZ Entering the DMZ windo w: Clic[...]

  • Página 59

    Content Security Gateway User ’s Ma nual Adding a new DMZ Address: Step 1. In the DMZ window, click the New Entry button. Step 2. In the Add New Address window, enter the settings for a new DMZ address. Step 3. Click OK to add the specified DMZ or click Can cel to discard changes. Modifying a DMZ Address: Step 1. In the DMZ window, locate the nam[...]

  • Página 60

    Content Security Gateway User ’s Ma nual Removing a DMZ Address: Step 1. In the DMZ window, locate the name of the network to be removed and click the Remove option in its correspon ding Configure field. Step 2. In the Remove confirmation pop-up box, click OK to remove the address or click Cancel to discard changes. 4.3.1.6 DMZ Group Entering the[...]

  • Página 61

    Content Security Gateway User ’s Ma nual Adding a DMZ Group: Step 1. In the DMZ Group window, click the Ne w En try butto n. Step 2. In the Add New Address Group window:  Available address: list names of all members of the DMZ.  Selected address: list names to assign to a new group. Step 3. Name: enter a name for the new group. Step 4. Add [...]

  • Página 62

    Content Security Gateway User ’s Ma nual Modifying a DMZ Group: Step 1. In the DMZ Group window, locate the DMZ group to be modified and click its corresponding Modify button in the Configure field. Step 2. A window displaying information about the selected grou p appears:  Available address: list the names of all the members of the DMZ.  S[...]

  • Página 63

    Content Security Gateway User ’s Ma nual Removing a DMZ Group: Ste p 1. In the DMZ Group window , locate the group to be removed and click it s corresponding Remove option in the Configure field. Ste p 2. In the Remove confirmation pop-up box, click OK to remove the group. 4.3.2 Service In this section, network services are defined and n ew netw [...]

  • Página 64

    Content Security Gateway User ’s Ma nual and the server port ranges from 0 to 1023. How do I use Service? The Administrator can ad d new service group names in the Group option under Se rvice menu, and assign desire d services into that ne w group. Using service gro up the Ad ministrator ca n simplify the processes of s etting up control policies[...]

  • Página 65

    Content Security Gateway User ’s Ma nual Step 1. Click Cu stom under it. A window will appea r with a tabl e showing all services currently defined by the Administrator . ÍÍ Definitions : Service name : The defined servi ce name. Protocol : Network protocol used in the basi c setting. Such as TCP 、 UDP or others. Client port : The range of Cl[...]

  • Página 66

    Content Security Gateway User ’s Ma nual Modifying Custom Services Step 1. A table showing the current settings of t he selecte d service appears on the screen Step 2. Enter the new values. Step 3. Click OK to accept editing; or click Cancel . Removing Custom Serv ices Step 1. Click its correspondin g Remove option in the Con figure field. Step 2[...]

  • Página 67

    Content Security Gateway User ’s Ma nual 4.3.2.3 Group Accessing the Group windo w Step 1. Click Group under it. A wi ndow will appear with a t able displaying current service group settings set by the Administrator . ÍÍ Definitions : Group name : The Grou p name of the defined Service. Service : The Service item of the Grou p. Configure : Conf[...]

  • Página 68

    Content Security Gateway User ’s Ma nual Step 3. Enter the ne w group name in the grou p Name field. This will be the name referencing the created group. Step 4. To add new servi ces: Select the services d esired to be ad ded in the Av ailable serv ice list and then click the Add>> button to add them to the group. Step 5. To remove services[...]

  • Página 69

    Content Security Gateway User ’s Ma nual Removing Service Group s In the Remov e confirmation pop-up box, click OK to remove the selected service group or click Cancel to cancel removing. 4.3.3 Schedule The Content Security Gateway allows the Administ rator to configur e a schedule for policies to take affect. By creating a schedule, the Administ[...]

  • Página 70

    Content Security Gateway User ’s Ma nual The following items are displayed in this window: Name: the name assigned to the schedule Configure: modify or remove Adding a new Schedule Step 1. Click on the New Entry button and the Add New Schedule window will appear.  Schedule Name: Fill in a name for the new schedule.  Period: Configure the st[...]

  • Página 71

    Content Security Gateway User ’s Ma nual Step 1. In the Schedule window, find the policy to be modified and click the corresponding Modify option in the Configure field. Make needed changes. Step 2. Click OK to save changes. Removing a Schedule Step 1. In the Schedule window, find the policy to be removed and click the corre sponding Remove optio[...]

  • Página 72

    Content Security Gateway User ’s Ma nual Configuration of QoS Click QoS in the menu bar on the lef t hand side. ÍÍ Definitions : Name : The n ame of the QoS you want to configure. WA N : Display W AN interface. Downstream Band w idt h : T o configure the Guaranteed Bandwid th and Maximum Bandwi dth. Up stream Band width : T o configure the Guar[...]

  • Página 73

    Content Security Gateway User ’s Ma nual Modify QoS Step 1. Click QoS in the menu bar on the lef t hand side. Click the Modify button to modify QoS. Definition: Name : The n ame of the QoS you want to configure. Downstream Band w idth: To configure the Guarateed Bandwidth and Maximum Bandwidth. Upstream Bandwidth: To configure the Guarateed Bandw[...]

  • Página 74

    Content Security Gateway User ’s Ma nual Step 2. Configure the LAN host o r W AN host IP address that need to filter with QoS feature. Be aware that the Netmask must set to 255.255.255.255 if y ou only want to configure a sing le IP address. Step 3. Set up the QoS rule. - 69 -[...]

  • Página 75

    Content Security Gateway User ’s Ma nual Step 4. Enable the QoS rule in Outgoing or Incoming Policy . 4.3.5 Authentication By configuring the Authentication, you can control the user ’ s access right time of LAN to W AN. The administrator can configure the aut hentication according to the auth entication account and password. CS-500 configures [...]

  • Página 76

    Content Security Gateway User ’s Ma nual Authentication Port: The port num ber used for user login pa ge. Generally, when user want to acce ss WAN network and t he a uthentication (Policy -> Outgoing) is enabled, the user only need to open a web page a nd the User Login page will pop up. But if user does not need to open the web page and also [...]

  • Página 77

    Content Security Gateway User ’s Ma nual Definitions : Name : The name of the Authenticatio n you want to configure. Configure: modify settings or remove users. Adding a new Auth User Step 1. In the Authentication window, click the New User button to create a new Auth User. Step 2. In the Auth-U ser window:  Auth-User Name: enter the usernam[...]

  • Página 78

    Content Security Gateway User ’s Ma nual NOTE : When the LAN user access to W AN network and do not use for a whil e, the connection will be time-out. User has to re-login again. The default time is 30 minutes and you can config ure this time by “Authentication”-> “Auth Setting” pag e. In the form of controlling the [Outgoing] Policy ,[...]

  • Página 79

    Content Security Gateway User ’s Ma nual Modifying the Authentication User Step 1. In the Authentication wi ndow, locate the Auth -User name you want to edit, and click on Modify in the Configure field. Step 2. The Modify Auth-User Pass w ord window will appear. Enter in th e required information:  Auth-User: show original authentication user [...]

  • Página 80

    Content Security Gateway User ’s Ma nual 4.3.5.3 Auth Group Accessing the Auth Group window Click Authentication in the menu bar on the lef t hand side of the window . Click Auth Gr oup under it. A window will appear with a t able displaying curre nt Auth Group settings by the Administrator . Adding Auth Group Step 1. In the Auth Group window, c [...]

  • Página 81

    Content Security Gateway User ’s Ma nual Modifying Auth Group Step 1. In the Auth Group window, locate the Auth Group to be edited. Click its corresponding Modify option in the Configure field. Step 2. In the Modify Auth group window the fo llowing fields are displayed ::  Name: Enter the new Auth Group name .  Available auth user: List all[...]

  • Página 82

    Content Security Gateway User ’s Ma nual Removing Auth Group Step 1. In the Auth Group window, locate the Auth Group to be removed and click its corresponding Remove option in the Configure field. Step 2. In the Remove confirmation pop-up box, click OK to remove the selected service group or click Cancel to cancel removing. 4.3.5.4 Radius Serve C[...]

  • Página 83

    Content Security Gateway User ’s Ma nual Definition ♦ Enable RADIUS Serv er : Enable RADIUS Server Authentication. ♦ RADIUS Server IP : Enter RADIUS Se rver IP address. ♦ RADIUS Server Port : Enter RA DIUS Server Port. The default port is 1812. ♦ Shared Secret : The Pa ssword for CS-500 to access RADIUS Se rver . ♦ Enable 802.1x RADIUS [...]

  • Página 84

    Content Security Gateway User ’s Ma nual 4.3.6 Content Blocking Content Blocking includes “ URL ”, “ Scripts ”, “ P2P ”, “ IM ”, “ Download ” and “ Upload ”. URL: The administrator ca n use a complete domain name or key word to ma ke rules for specific web sites. Script s : T o let Popup 、 Act iveX 、 Java 、 Cookie in[...]

  • Página 85

    Content Security Gateway User ’s Ma nual Configure : T o change the settings of URL Blocking, click Modify to change th e parameters; click Delete to delete the settings. Adding a URL policy Step 1. After clicking New Entry , the Add New URL S t ring wind ow will appear . Step 2. Enter the URL of the website to be blocked. Step 3. Click OK to add[...]

  • Página 86

    Content Security Gateway User ’s Ma nual Step 1. In the URL window, find the policy to be remove d and click the corre sponding Remove option in the Configure field. Step 2. A confirmation pop-up box will appear, click on OK to remove the policy or click on Cancel to discard changes. 4.3.6.2 Scripts To let Popup , ActiveX , Java , or Cookies in o[...]

  • Página 87

    Content Security Gateway User ’s Ma nual Í Í When the system detects the setting, the Content Security Gateway will spontan eously work . 4.3.6.3 P2P Step 1: C l i c k P2P below Content Blocking menu. Step 2: S e l e c t P2P detective functions: eDonkey Blocking: Prevent eDonkey co nnection built up. Bit Torrent Blocking: Prevent Bit Torrent co[...]

  • Página 88

    Content Security Gateway User ’s Ma nual will display at the top side. 4.3.6.4 IM Step 1: C l i c k IM below Content Blocking menu. Step 2: S e l e c t IM detective functions: MSN Messenger B locking: To sele ct to block MSN Me ssenger login , File Transfer , Voice or Camer a transferring. Yahoo Messenger Blocking: To sele ct to block Yahoo Messe[...]

  • Página 89

    Content Security Gateway User ’s Ma nual ÍÍ 4.3.6.6 Upload Step 1: C l i c k Upload below Content Blocking menu. Step 2: S e l e c t Upload detective functions: All Types Block: To block all types of the files uploading from web page. Audio and Video Types block: To block audio an d video uploading from web page.. Extensions Block: To block spe[...]

  • Página 90

    Content Security Gateway User ’s Ma nual assigns each computer a private IP address, and convert s it into a real IP address through Content Security Gateway’s NA T (Network Addre ss T ranslation) function. If a server providing service to the W AN networks is located in the LAN networks, out side users can’t directly conn ect to the server b[...]

  • Página 91

    Content Security Gateway User ’s Ma nual address of the W AN network, and the real IP is transla ted to a private IP of the LAN network. Mapped IP and Virtual Server are the two method s to translate the r eal IP into private IP . Mapped IP map s IP in one-to-one fashion; that means, all services of one real W A N IP address is m apped to one pri[...]

  • Página 92

    Content Security Gateway User ’s Ma nual Modifying a Mapped IP Step 1. In the Mapped IP table, locate the Mapped IP you w ant it to be modified and click its corresponding Modify option in the Configure field. Step 2. Enter settings in the Modify Mapped IP window. Step 3. Click OK to save change or click Cancel to cancel. NOTE: A Mapped IP cannot[...]

  • Página 93

    Content Security Gateway User ’s Ma nual 4.3.7.2 Virtual Server Virtual serve r is a one-to-many mapping tech nique, whic h map s a real IP address from the W AN interface to private IP addre sses of the LAN network. This function provid es services or applications defined in the Service menu to enter into the LAN n etwork. Unlike a mapp ed IP wh[...]

  • Página 94

    Content Security Gateway User ’s Ma nual Configure : T o change the service configuration, click Configure to change the para meters; click Delete to delete the configuration. This virtual server provides four real IP addre sses, which means you can setup four virtual servers at most. The administrator can select V irtual Server1/2/3/4 under V ir[...]

  • Página 95

    Content Security Gateway User ’s Ma nual Removing a V irtual Server Step 1. Click the virtual serve r to be removed in t he correspondin g Virtual Server option under the Virtual Server menu bar. A new window displayin g the virtual server’s IP address and service appears on the screen. Step 2. Click the Virtual Server’s IP Address button at [...]

  • Página 96

    Content Security Gateway User ’s Ma nual Server (Load Balance Server).  External Service Port: Input the port number that the vi rtual server will u se. Changing the Service will change the port number to match the service.  Load Balance Server: The internal server IP addre ss mapped by the virtual server. Four computer IP addresses can be [...]

  • Página 97

    Content Security Gateway User ’s Ma nual  Virtual Server Real IP: displays the WAN IP address assigned to the Virtual Server  Service (Port): select the service from the pull down list that will be provided by the Real Server (Load Balance Server).  External Service Port: Input the port number that the vi rtual server will u se. Changing[...]

  • Página 98

    Content Security Gateway User ’s Ma nual Click OK to execute the change of t he virtual server , or click Cancel to discard changes. NOTE: If the destination Network in Policy has set a virtual server , it will not be able to change or configure this virtual server , you have to remo ve this configuration of Policy , and then you can execute the [...]

  • Página 99

    Content Security Gateway User ’s Ma nual 4.3.8 VPN The CS-500 adopt s VPN to set up safe and private networ k service, and combine t he remote Authentication system in order to integrate the remo te network and PC of the enterprise. It also provides the remote users a safe encryption way to have best ef ficiency and encrypti on when delivering da[...]

  • Página 100

    Content Security Gateway User ’s Ma nual The fields in the IPSec Autokey window are:  Name: The VPN name to identify the VPN tunnel definiti on. Th e name must be dif ferent for the two sites creating the tunnel.  Gateway IP: The othe r side W AN interface IP address of VPN Gateway .  IPSec Algorithm: The display the Algorithm way .  [...]

  • Página 101

    Content Security Gateway User ’s Ma nual  Remote Gateway or Client – Dynamic IP: Select Remote Gateway or Client if there is only one user or device and dials up to Internet with PPPoE or cable modem. Preshared Key: The IKE VPN must be defined with a Preshared Key. The Key may be up to 128 bytes long. Encapsulation ISAKMP Algorithm  ENC A[...]

  • Página 102

    Content Security Gateway User ’s Ma nual  My I D / Peer ID: My ID and Peer ID are optional parameters. If we choo se to enter My ID/ Peer ID, they couldn’t be the same. For instance, My ID is 11.11.11 .11 and Peer ID is 22.22.22. 22. If you want to use number or text, add @ in the front, for instance, @123A and @abcd123.  GRE / IPSec: Sel[...]

  • Página 103

    Content Security Gateway User ’s Ma nual  Disable PPTP: Check to disable PPTP Server .  Enable PPTP: Check to enable PPTP Server . Encryption: the default is set to disable d. Client IP Range: Enter the IP range allocated for PPTP Client s when they connect to the PPTP server .  Allow remote client to connect to Internet : Check t o allo[...]

  • Página 104

    Content Security Gateway User ’s Ma nual Step 3. Click OK to save modifications or c lick Cancel to cancel modifications. Modifying PPTP Server Step 1. Select VPN → PPTP Server . Step 2. In the PPTP Serv er window , find the PPTP server that you want to modify . Click Configure a nd click Modify . Step 3. Enter appropriate settings. Step 4. Cli[...]

  • Página 105

    Content Security Gateway User ’s Ma nual 4.3.8.3 PPTP Client This function allows the Content Security Gateway di al-up to remote PPTP server and acce sses the network resources on remote ne twork. Entering the PPTP Client window Step 1. Select VPN → PPTP Client . ÍÍ  User Name : Displays the PPTP Client user ’ s name for authenticatio[...]

  • Página 106

    Content Security Gateway User ’s Ma nual Adding a PPTP Client Step 1. Select VPN → PPTP Client . Step 2. Configure the para meters.  User name: S pecify the PPTP client. This should be unique.  Password: S pecify the PPTP client p assword.  Server IP or Domain Name: Enter the PPTP Server ’s IP address.  Encryption: Enable or Disab[...]

  • Página 107

    Content Security Gateway User ’s Ma nual Step 4. Click OK to save modifications or c lick Cancel to cancel modifications Removing PPTP Client Step 1. Select VPN → PPTP Client . Step 2. In the PPTP Client window , find the PPTP client that you want to modify and cli ck Remove . Step 3. Click OK to remove the PPTP client or click Cancel to exit w[...]

  • Página 108

    Content Security Gateway User ’s Ma nual Step 2. Configure the para meters  Name: S pecify the T unnel name. This should be unique and can not be the sam e as the name of IPSec Autokey rule.  Source Subnet: S pecify the source LAN network subnet.  Destination Subnet: S pecify the destination LAN network subnet.  IPSec/PPTP: Indicate t[...]

  • Página 109

    Content Security Gateway User ’s Ma nual Modifying a T unnel Step 1. Select VPN → T unnel . Step 2. In the T unnel windo w , find the T unnel that you want to modify and click Modify . Step 3. Enter appropriate settings. Removing T unnel Step 1. Select VPN → T unnel . Step 2. In the T unnel windo w , find the T unnel that you want to modify a[...]

  • Página 110

    Content Security Gateway User ’s Ma nual Step 3. When here are 5 examples of VPN setting. een two Content Security Gateway s. d Windows XP Professional Example 3. connection between two Content Security Gateways u sing Aggressive mode Example 4. 11 VPN xample 1. Create a VPN connectio n bet w een two Content Security Gate ways. reparation T ask: [...]

  • Página 111

    Content Security Gateway User ’s Ma nual Step 3. In T o Destination table, choose Remote G ateway-Fixed IP or Dom ain Name, enter the IP address desired to be connected. Step 4. In Authentication Method T able enters the Preshared Key . Step 5. In Encapsulation or Authentication table, choo se ISAKMP Algorithm. For communi cation via VPN, we hoos[...]

  • Página 112

    Content Security Gateway User ’s Ma nual Step 10. Cli ck T unnel and press New Entry to config ure the further setting. Ste p 1 1. Enter Site_A as the new tunnel name, and select LAN interface a s the VPN source. Fill LAN IP subnet 192.168.10.0 with sub net mask IP 255.255.255.0. Step 12. In T o Destination table, fill comp any B’ s subnet IP a[...]

  • Página 113

    Content Security Gateway User ’s Ma nual and Incoming Policy . Outgoing Policy: Incoming Policy: The Gateway of Comp any B is 192.168.20.1. The settings of company B are as the following. Step 1. Enter the default IP of Compan y B’s Content Securi ty Gateway , 192.168.20.1. Click VPN in the menu okey . Click Add. Step 2. Enter the VPN name, VPN[...]

  • Página 114

    Content Security Gateway User ’s Ma nual Step 4. In Authentication Method T able enters the Preshared Key . Step 5. In Encapsulation or Authentication table, choo se ISAKMP Algorithm. For communi cation via VPN, we choose 3DES for ENC Algorithm and M D5 for AUTH Algorithm. And select Group 1 to connect. Step 6. In IPSec Algorit hm T able, choose [...]

  • Página 115

    Content Security Gateway User ’s Ma nual Step 10. Cli ck T unnel and press New Entry to config ure the further setting. Ste p 1 1. Enter Site_B as the new tunnel name, and select LAN inte rface as the VPN source. Fill LAN IP subnet 192.168.20.0 with sub net mask IP 255.255.255.0. Step 12. In T o Destination table, fill comp any B’ s subnet IP a[...]

  • Página 116

    Content Security Gateway User ’s Ma nual and Incoming Policy . Outgoing Policy: Incoming Policy: Example 2. Create a VPN connection bet w een the Content Security Gateway and Windows XP lient. ternal IP is 192.168.10.X emote User External IP is 210.66.155.91 te a VPN connection with company A and connect to 92.168.10.100 for downloading the shari[...]

  • Página 117

    Content Security Gateway User ’s Ma nual Step 5. In Encapsulation or Authentication table, choo se ISAKMP Algorithm. For communi cation via VPN, we choose 3DES for ENC Algorithm and M D5 for AUTH Algorithm. And select Group 2 to connect. Step 6. In IPSec Algorit hm T able, choose Data Encryp tion + Authentication. We choose 3DES for ENC Algorithm[...]

  • Página 118

    Content Security Gateway User ’s Ma nual subnet 192.168.10.0 with sub net mask IP 255.255.255.0. Step 12. In T o Destination table, select Remote Client. Step 13. In IPSec / PPTP Setting, select VPN_A as the available tunnel. Step 14. Cli ck OK to finish the T unnel setting of Company A. Step 15. Enable Tunnel setting in Incom ing Policy . Step 1[...]

  • Página 119

    Content Security Gateway User ’s Ma nual Configuration of WinXP The IP of remote use r is 210.66.155.91. The setting s of remote user are as the following. Step 1. Enter Windows XP, click Start and click Execute function. Step 2. In the Execute window, enter the command, mmc in Open . - 1 14 -[...]

  • Página 120

    Content Security Gateway User ’s Ma nual Step 3. Enter the Console wind ow , click Console(C) option and click Add/Remove Embedded Manag ement Option. Step 4. Enter Add/Remove Embedded Manage ment Option window and click Add. In Add/ Remove Embedded Management Option win dow, click Add to add Create IP Security Policy. - 1 15 -[...]

  • Página 121

    Content Security Gateway User ’s Ma nual Step 5. Choose Local Machine (L ) for finishing the setting of Add. Step 6. Finish the setting of Add. - 1 16 -[...]

  • Página 122

    Content Security Gateway User ’s Ma nual Step 7. Cli ck the right button of mouse in IP Security Policies on Local Machine an d choose Create IP Security Policy(C) option. Step 8. Click Next. - 1 17 -[...]

  • Página 123

    Content Security Gateway User ’s Ma nual Step 9. Enter the Name of this VPN and opti onally give it a brief description. Step 10. Disable Activ ate the default response rule . And click Next. - 1 18 -[...]

  • Página 124

    Content Security Gateway User ’s Ma nual Ste p 1 1. Completing the IP Security Policy setting and click Fini sh. Enable Edit properties. Step 12. In window , click Add and click Use Add Wizard. - 1 19 -[...]

  • Página 125

    Content Security Gateway User ’s Ma nual Step 13. Click next. Step 14. Enter the W AN IP of Remote user , 210.66.155.91. - 120 -[...]

  • Página 126

    Content Security Gateway User ’s Ma nual Step 15. click all network connection s. Step 16. Ch oose Use this string to prote ct the key e xchange (Preshared Key). And enter the key , 123456789. - 121 -[...]

  • Página 127

    Content Security Gateway User ’s Ma nual Step 17. Cli ck Add. Step 18. Enter the nam e of IP filter and click “Add..”. - 122 -[...]

  • Página 128

    Content Security Gateway User ’s Ma nual Step 19. Cli ck next. Step 20. In Source ad dress, click down the arrow t o sele ct the specific IP Subnet and fill Comp any A ’s IP Address, 192.168.10.0 and Subnet mask 255.255.2 55.0. - 123 -[...]

  • Página 129

    Content Security Gateway User ’s Ma nual Step 21. In Destination ad dress, click down t he arrow to select the My IP Address. Step 22. Click next. - 124 -[...]

  • Página 130

    Content Security Gateway User ’s Ma nual Step 23. Please en able edit properties, a nd click finish. Step 24. Please do n’t enable Mirrored, and cli ck OK. - 125 -[...]

  • Página 131

    Content Security Gateway User ’s Ma nual Step 25. Click OK. Step 26. Sele ct T raffi c-in and click nex t. - 126 -[...]

  • Página 132

    Content Security Gateway User ’s Ma nual Step 27. Enable User Add Wizard and cl ick add. Step 28. Click next. - 127 -[...]

  • Página 133

    Content Security Gateway User ’s Ma nual Step 29. Enter the name of filter action and click next. Step 30. Select Neg otiate security and click next. - 128 -[...]

  • Página 134

    Content Security Gateway User ’s Ma nual Step 31. Click next. Step 32. Sele ct Custom and clic k settings. - 129 -[...]

  • Página 135

    Content Security Gateway User ’s Ma nual Step 33. Click Data Integri ty and Encapsulation an d choose MD5 and 3 DES. Click Generate a Ne w key aft er every 28800 seconds. And click 3 times OK to return. Step 34. Click finish. - 130 -[...]

  • Página 136

    Content Security Gateway User ’s Ma nual Step 35. Select se curity and click next. Step 36. Click finish. - 131 -[...]

  • Página 137

    Content Security Gateway User ’s Ma nual Step 37. Cli ck Add. Step 38. Click next. - 132 -[...]

  • Página 138

    Content Security Gateway User ’s Ma nual Step 39. Enter the W AN IP of comp any A, 210.66.155.90. Step 40. Select All network connections and click next. - 133 -[...]

  • Página 139

    Content Security Gateway User ’s Ma nual Step 41. Ch oose Use this string to prote ct the key e xchange (Preshared Key). And enter the key , 123456789. Step 42. Cli ck Add. - 134 -[...]

  • Página 140

    Content Security Gateway User ’s Ma nual Step 43. Enter the name of IP filter and click “Add…”. Step 44. Click next - 135 -[...]

  • Página 141

    Content Security Gateway User ’s Ma nual Step 45. In Source address, click do wn the ar row to select the My IP Address. Step 46. In Destination address, click d own the arrow to se le ct the specific IP Subnet and fill Comp any A ’s IP Address, 192.168.10.0 and Subnet mask 255.255.2 55.0. - 136 -[...]

  • Página 142

    Content Security Gateway User ’s Ma nual Step 47. Click next. Step 48. Please en able Edit properties a nd click finish. - 137 -[...]

  • Página 143

    Content Security Gateway User ’s Ma nual Step 49. Please do n’t enable Mirrored a nd click ok. Step 50. Click ok. - 138 -[...]

  • Página 144

    Content Security Gateway User ’s Ma nual Step 51. Select Traf fic-out and click next. Step 52. Select Secu rity and click edit. - 139 -[...]

  • Página 145

    Content Security Gateway User ’s Ma nual Step 53. Enable Session key perfect forward secrecy (PFS) and click o k. Step 54. Select Secu rity and click next. - 140 -[...]

  • Página 146

    Content Security Gateway User ’s Ma nual Step 55. Please do n’t enable Edit properties and click finish. Step 56. Cli ck apply first and then click ok. - 141 -[...]

  • Página 147

    Content Security Gateway User ’s Ma nual Step 57 Click the right button of mouse in IPSec cho ose Assign option. Step 58. Ping the remote g ateway of Company A, the VPN tunnel is created successfully . Example 3. Create a VPN connec tion between two Co ntent Security Gate ways using Aggressive mode Algorithm (3 DES and MD5), and dat a encr yption[...]

  • Página 148

    Content Security Gateway User ’s Ma nual Company B External IP is 21 1.22.22.22 Internal IP is 192.168.20.X T o Allow Company A, 192.168.10.100 create a VPN connection with comp any B, 192.168.20.100 for downloading the sharing file. The Gateway of Comp any A is 192.168.10.1. The se ttings of company A are as the following. Step 1. Enter the defa[...]

  • Página 149

    Content Security Gateway User ’s Ma nual Step 6. In IPSec Algorit hm T able, choose Data Encryp tion + Authentication. We choose 3DES for ENC Algorithm and MD5 for AUTH Algorithm. Step 7. Choo se GROUP 1 as the Perfect Forward Secr ecy setting, and leave the default setting with 28800 seconds in IPSec Lifetime and 36 00 seconds for ISAKMP Lifetim[...]

  • Página 150

    Content Security Gateway User ’s Ma nual Step 13. Cli ck OK to finish the T unnel setting of Company A. Step 14. If you want to configure bi -direction VPN connecti on, you should enable T unnel setting in Outgoing and Incoming Policy . Outgoing Policy: Incoming Policy: The Gateway of Comp any B is 192.168.20.1. The settings of company B are as t[...]

  • Página 151

    Content Security Gateway User ’s Ma nual Step 1. Enter the default IP of Company B’s Content Securi ty Gateway , 192.168.20.1. Click VPN in the menu bar on the left hand si de, and then select the sub-select IPSec Autokey . Click Add. Step 2. Enter the VPN name, VPN_B in IPSec Autokey window. Step 3. In T o Destination table, choose Remote G at[...]

  • Página 152

    Content Security Gateway User ’s Ma nual Step 7. Choo se GROUP 1 as the Perfect Forward Secr ecy setting, and leave the default setting with 28800 seconds in IPSec Lifetime and 36 00 seconds for ISAKMP Lifetime. Step 8 . Click OK to finish the setting of Company B. Step 9. Click Tunnel and p ress New Entry to configure the further setting. Step 1[...]

  • Página 153

    Content Security Gateway User ’s Ma nual Step 14. If you want to configure bi -direction VPN connecti on, you should enable T unnel setting in Outgoing and Incoming Policy . Outgoing Policy: Incoming Policy: Example 4. Create a VPN connectio n bet w een Content Security Gate way and PLANET VRT -31 1 VPN Router . Preparation T ask: Company A Exter[...]

  • Página 154

    Content Security Gateway User ’s Ma nual Step 3. In T o Destination table, choose Remote G ateway-Fixed IP or Dom ain Name, enter the IP address desired to be connected. Step 4. In Authentication Method T able enters the Preshared Key . Step 5. In Encapsulation or Authentication table, choo se ISAKMP Algorithm. For communi cation via VPN, we choo[...]

  • Página 155

    Content Security Gateway User ’s Ma nual Step 10. Cli ck T unnel and press New Entry to config ure the further setting. Ste p 1 1. Enter Site_A as the new tunnel name, and select LAN interface a s the VPN source. Fill LAN IP subnet 192.168.10.0 with sub net mask IP 255.255.255.0. Step 12. In T o Destination table, fill comp any B’ s subnet IP a[...]

  • Página 156

    Content Security Gateway User ’s Ma nual Incoming Policy: - 151 -[...]

  • Página 157

    Content Security Gateway User ’s Ma nual S tep 2: Configure VR T -31 1 VPN policy as the following: - 152 -[...]

  • Página 158

    Content Security Gateway User ’s Ma nual 4.4 Policy This section provides the Administrato r with facilities to sent control polic ies for packets with dif ferent source IP addresse s, source port s, destination IP addresses, and destination ports. Cont rol policies decide wheth er packet s from dif ferent network objects, network serv ices, a nd[...]

  • Página 159

    Content Security Gateway User ’s Ma nual The fields in the Outgoing wind ow are:  Source: Source network addre sses that ar e specifie d in the LAN section of Address menu, or all the LAN network addresses.  Destination: Destination network addresses that are specified in the WAN section of the Address menu, or all of the WAN network addres[...]

  • Página 160

    Content Security Gateway User ’s Ma nual Step 2: Confi gure all the p arameters. Source Address: Select the name of t he LAN network from the drop down li st. The drop down list contains the names of all LAN network s defined in the LAN section of the Address menu. To create a new source address, plea se go to the LAN section under the Address me[...]

  • Página 161

    Content Security Gateway User ’s Ma nual Removing the Outgoing Policy Step 1. In the Outgoing policy section, locate the name of the policy desired to be removed and click its corresponding Remov e option in the Configure field. Step 2. In the Remove confirmation dialogue box, click OK to remove the policy or click Cancel to cancel removing. 4.4.[...]

  • Página 162

    Content Security Gateway User ’s Ma nual Step 1: Click Incoming under the Policy menu to enter the Incoming window. The Incoming table will display current defined policies from the WAN network to assigned Mapped IP or Virtual Serv er. Step 2: The fields of the Incoming window are:  Source: Source networks whi ch are specified in the WAN secti[...]

  • Página 163

    Content Security Gateway User ’s Ma nual Source Address: Select names of the WAN net works fr om the drop down list. The drop down list contains the names of all WAN networks defin ed in the WAN section of the Address menu. To create a new source address, please go to the LAN section unde r the Address menu. Destina tion Add ress: Select names of[...]

  • Página 164

    Content Security Gateway User ’s Ma nual Removing an Incoming Policy Step 1: In the Incoming window, locate the name of p olicy desired to be removed and cli ck its corresponding [ Remove ] in the Configure field. Step 2: In the Remove confirmation window, click Ok to remove the policy or cli ck Cancel to cancel removing. 4.4.3 WAN To DMZ & L[...]

  • Página 165

    Content Security Gateway User ’s Ma nual The fields in W AN T o DMZ window: Source: Source networ ks, which are addresse s specified in the WA N section of the Address menu, or all the WAN network add resses. Destination: Destination networks, which are addres ses specified in DMZ section of the Address menu and Mapped IP addresse s of the Virtua[...]

  • Página 166

    Content Security Gateway User ’s Ma nual Step 2: Configure the parameters. Source Address: Select names of the WAN net works fr om the drop down list. The drop down list contains the names of a ll WAN networks defined in the WAN section of the Address menu. To create a new source address, please go to the LAN section under the Ad dress menu. Dest[...]

  • Página 167

    Content Security Gateway User ’s Ma nual Step 2: In the Modify Policy window, fill in new settings. Step 3: C l i c k OK to do save modifications. Removing a W AN T o DMZ Policy: Step 1: In the WAN To DMZ windo w, locate the name of policy desi red to be removed and click i ts corresponding Remov e option in the Configure field. Step 2: In the Re[...]

  • Página 168

    Content Security Gateway User ’s Ma nual Entering the DMZ T o W AN window: Click DMZ To WAN under Polic y menu and the DMZ To WAN table appears displaying currently defined DMZ To WAN policies. The fields in the DMZ To WAN window are: Source: Source network addresses which are specified in the DMZ section of the Address window. Destination: Desti[...]

  • Página 169

    Content Security Gateway User ’s Ma nual Step 2: Configure the parameters. Source Address: Select the name of th e DMZ network fr om the drop down list. The drop do wn list will contain names of DMZ networks defined in DMZ section of the Address menu. To add a new source address, plea se go to the DMZ section under the Address menu. Destina tion [...]

  • Página 170

    Content Security Gateway User ’s Ma nual Content Blocking: Sele ct Enable to enable Content Blocki ng. Max. Concurrent Sessions: The maximum co ncurrent sessions that allows to pass through CS-500. 0 means it is unlimited. QoS: Select the item listed in the QoS to enable the policy to automatically execute the function in a certain time and range[...]

  • Página 171

    Content Security Gateway User ’s Ma nual 4.5 Mail Security This section provides the Administrator to configure Ma il Security rule for protecting client PC from virus and spam mail att acking. Meanwhile, CS-500 provides the ability to update virus p attern by schedule or manually , and it also provides auto-learning system to raise the rate of s[...]

  • Página 172

    Content Security Gateway User ’s Ma nual When receive unscanned mail, it will add t he tag in front of the e-mail subject. Mail Relay: After scannin g the mails that sent to Internal Mail Server by Anti-Sp am and Anti-Virus function of CS-500, then to setup the relevant setting in Mail Relay function. For the example s below you can underst and m[...]

  • Página 173

    Content Security Gateway User ’s Ma nual Mail Relay setting is complete. The external mails send to planet.com.tw that will be received by CS-500 and redirect to the mail server af ter filtering. Example 2: T o setup CS-500 between the original Gate way and Mail Server (Mail Serv er in DMZ, T ransp arent Mode) Prep aration: The Original Gateway?[...]

  • Página 174

    Content Security Gateway User ’s Ma nual STEP 2 ﹒ Add the second setting in Mail Relay function of Configure :  Select Allowed External IP of Mail Relay  IP Addres s: Enter the IP Address of external sender  Enter the Netmask  Complete Mail Relay setting Example 3: The Headquarter s setup CS-500 as Gate way (Mail Serv er in DMZ, T r[...]

  • Página 175

    Content Security Gateway User ’s Ma nual STEP 1 ﹒ Add the first setting in Mail Relay function of Configure :  Select Domain Name of Internal Mail Server  Domain Name of Mail Server: Enter the Domain Name  IP Address of Mail Server: Enter the IP address that Mail Server ’s domain name mapped to. STEP 2 ﹒ Add the second setting in M[...]

  • Página 176

    Content Security Gateway User ’s Ma nual efficien cy of the employees and will not lose the important informati on of enterprise. In this chapter , we will have the detaile d illustration about Anti-S p am: 4.5.2.1 Setting The Administrator ca n choose the inspection way of the mails, where the mail server is placed in Intern al (LAN or DMZ) or E[...]

  • Página 177

    Content Security Gateway User ’s Ma nual Check sender accoun t : Select to allow CS-500 checking sender’s account when it receives the mail, if the sender ’s account is faked, CS-500 will treat the mail as the spam . Check sender IP address in RBL (Realtime Blackhole List) : Select this function to allow CS-500 checking mail with RBL list. Ad[...]

  • Página 178

    Content Security Gateway User ’s Ma nual Below is the information needed for setting up the Rul e : • Rule Name: The nam e of the custom spam mail determination rul e. • Comments: T o explain the meaning of the custom rule. • Combination: And: It must be fit in with all of the custom mail rules that would be considered as sp am mail or ham [...]

  • Página 179

    Content Security Gateway User ’s Ma nual Adding a new Rule Step 1: Click on the Ne w Entry button and the Rule window will appear . Step 2: Fill in the appropriate setti ngs for the related information.. Step 3: Click OK to save the policy or Cancel to cancel. Modifying a Rule Step 1: In the Rule window , find the policy to be modified and click [...]

  • Página 180

    Content Security Gateway User ’s Ma nual 4.5.2.3 Whitelist T o determine the mail comes from specific mail address t hat can se nd to the recipient without being restri cted. Below is the information needed for setting up the Whitelist • Whitelist: S pecify the key word or with wildcard for the Whitelist field.. • Direction: From: T o judge t[...]

  • Página 181

    Content Security Gateway User ’s Ma nual Removing a Whitelist Step 1: In the Rule window , find the policy to be removed and clic k the corresponding Remov e option in the Configure field. Step 2: A confirmation pop-up box will appear , click OK to remove the Host T able or click Cancel . 4.5.2.4 Blacklist T o determine the mail comes from specif[...]

  • Página 182

    Content Security Gateway User ’s Ma nual Adding a new Blacklist Step 1: Click on the Ne w Entry button and the Blacklist window will appear . Step 2: Fill in the appropriate setti ngs for the related information.. Step 3: Click OK to save the policy or Cancel to cancel. Modifying a Blacklist Step 1: In the Blacklist window , find the policy to be[...]

  • Página 183

    Content Security Gateway User ’s Ma nual Step 2: A confirmation pop-up box will appear , click OK to remove the Host T able or click Cancel . 4.5.2.5 Training CS-500 provides a training system to improve the identify rate of sp am, the database can be updated by manually or from the rule setting. Below is the information need ed for setting up th[...]

  • Página 184

    Content Security Gateway User ’s Ma nual Example: How to train mail into CS-500 STEP 1 ﹒ Create a new folder S pamMail in Outlook Express :  Press the right key of the mouse and select Ne w Folder .  In Create Fol der W ebUI and enter the Folder ’s Nam e as S pamMail, and then click on OK. - 179 -[...]

  • Página 185

    Content Security Gateway User ’s Ma nual STEP 2 ﹒ In Inbox-Outlook Express , move spam mail to Sp amMail Folder:  In Inbox, select all of the spam m ails that do not judge correctly and pre ss the right key of the mouse and move to the folder .  In Move W ebUI, select Spa mM a il Folder and click OK. - 180 -[...]

  • Página 186

    Content Security Gateway User ’s Ma nual STEP 3 ﹒ Compress the S pamMail Folder in Outlook Express to shorte n the dat a and upload to CS-500 for training:  Select SpamM a il Folder  Select Comp act function in selection of the folder - 181 -[...]

  • Página 187

    Content Security Gateway User ’s Ma nual STEP 4 ﹒ T o copy the route of S pa mMail File in Outlook Express to co nvenient to upload the traini ng to CS-500:  Press the right key of the mouse in S pamMail file an d select Properties function.  Copy the file address in Sp amMail Properties WebUI. - 182 -[...]

  • Página 188

    Content Security Gateway User ’s Ma nual STEP 5 ﹒ Paste the route of copied from S pamMail file to the S pam Mail for T raining field in T raining function of Anti-S p am . And press OK to deliver this file to CS-500 inst antly and to learn the uploaded mail file as sp am mail in the appointed time. - 183 -[...]

  • Página 189

    Content Security Gateway User ’s Ma nual Note: 1. The training file that uploads to CS-500 can be an y dat a file and not restricted in it s sub-name, but the file must be ACSII form. 2. When the tr aining file of CS-500 is Microsof t Of fice Outlook exporting file [.p st], it has to close Microsof t Office Outlook first t o st art Importing. STE[...]

  • Página 190

    Content Security Gateway User ’s Ma nual 4.5.2.6 Spam Mail This item will show the top chart that represent s t he received and sent spam mail from recipient. In T op T otal Spam report, you can choose to display the scan ned mails that sent to Internal Mail Server or received from External Mail Server . It also can sort the mail according to Rec[...]

  • Página 191

    Content Security Gateway User ’s Ma nual Definition: Virus Scan Engine : Select Clam to enable Anti-virus function or Select Disable to disable it.. The Mail Server is placed in Internal (LAN or DMZ) or External (W AN) : Select to choose the location of the mail server . Add the message to the subject line : If the mail has been filtered to the v[...]

  • Página 192

    Content Security Gateway User ’s Ma nual 4.5.3.2 Virus Mail This item will show the top chart that represent s t he received and sent virus mail from recipient. In T op T ot al Vir u s report, you can choose to display the scanned mails that sent to Internal Mail Server or received from External Mail Server . It also can sort the mail according t[...]

  • Página 193

    Content Security Gateway User ’s Ma nual 2. Click OK . 3. High Risk : Select drop and log function. 4. Medium Risk : Select drop and log function. 5. Low Risk : Select pass and log function . 6. Click OK . 7. Enable IDP func tion in policy .  When the attack beh avior matches the signature, CS -500 will produce log as foll ows in Log function [...]

  • Página 194

    Content Security Gateway User ’s Ma nual Max. Threshold □ Pkt s / Sec: Configure the value to define the Syn Flood signature. Blocking Ti me: Set up the timing to block the att acked connec tion. The function is available when the Action sets to Drop . Action: When the pa ckets match the signature, sele ct Pass to pass t he pa cket s, or select[...]

  • Página 195

    Content Security Gateway User ’s Ma nual Name: The Sy stem Manager can nam e the signature. Protocol: Select the protocol which want s to be detect ed and prevented, it can be divided: TCP , UDP , ICMP and IP . Source Port: Configure the port numbe r that is used to attack the PC. (The range can be from 0 to 65535). Destination Port: Configure th[...]

  • Página 196

    Content Security Gateway User ’s Ma nual  Destination Port : Enter 80:80.  Risk : Select High.  Action : Select Drop and enable Log fun ction.  Content : Enter cracks. Click OK to finish the IDP setting. STEP 3. Enter the following settings in Outgoing Policy to enable the IDP function: - 191 -[...]

  • Página 197

    Content Security Gateway User ’s Ma nual 4.6.3 IDP Report CS-500 can make intrusio n detection and prevention reco rd to a Log report, and allow admin istrator to know the network security st atus for the overall network. STEP 1. In Log of IDP Report function, it will display the situation abo ut intrusion detection and prevention of CS-500 . Ico[...]

  • Página 198

    Content Security Gateway User ’s Ma nual  Enable Anomaly Flo w IP Blocking : Select this option to enable the Anomaly Flow IP blocking function. Once the Anomaly Flow IP attacked is detected, it will block the connection for user-drefined blocking time.  Enable E-mail Alert Notification : When Anomaly Flow IP attacked is detected, send aler[...]

  • Página 199

    Content Security Gateway User ’s Ma nual ÍÍ T raffic Log T able The table in the Traffic Log window di splays current System statuses: Definition :  Time : The start time of the connection.  Source: IP address of the source network of the spe cific connection.  Destination: IP address of the destinati on netwo rk of the specific connec[...]

  • Página 200

    Content Security Gateway User ’s Ma nual 4.8.1.2 Event When the Content Security Gateway W AN detects event s, the Administrato r can get the det ails, such as time and description of the event s from the Event Logs. Entering the Event Log window Step 1. Click the Event Log option under the Log menu and the Event Log window will appear. ÍÍ Step[...]

  • Página 201

    Content Security Gateway User ’s Ma nual Step 2. Follow the File Download pop-up window to save the event logs into a specific dire ctory on the hard drive. Clearing the Event Logs The Administrator may clear on-line event logs to keep just the most updated logs on the screen. Step 1. In the Event Log window, click the Clea r Logs button at the b[...]

  • Página 202

    Content Security Gateway User ’s Ma nual Download Logs Step 1. Click Log in the menu bar on the left hand side and t hen select the sub-selection Connec tion Log . Step 2. In Connection Log window, click the Download Logs button. Step 3. In the Download Logs window, save the l ogs to the specified location. Clear Logs Step 1. Click Log in the men[...]

  • Página 203

    Content Security Gateway User ’s Ma nual Log Mail Configuration : When the Log Mail files accumulat ed up to 300Kbytes, router will notify administrator by email with the traf fic log and event log. NOTE : Before enabling this function, you have to configure E-mail Settings in System -> Settings. Syslog Settings : If you enabl e this function,[...]

  • Página 204

    Content Security Gateway User ’s Ma nual 4.8.2.1 Setting Select Setting to configure what type of Accounting Report w ill be logged at CS-500. There are three types of report can be select: Source IP , Destination IP and Service . Outbound Accounting Report : the st atistics of the downstream and up stream for the LAN, W AN and all kinds of commu[...]

  • Página 205

    Content Security Gateway User ’s Ma nual ÍÍ Outbound Source IP Accounting Report Pull down the menu and select Source I P to show the outbound source IP accounting report. When LAN users connect to W AN service server through CS -500, all of the Downstream / Up stream / First Packet / Last Packet / Duration log of the source IP wil l be recorde[...]

  • Página 206

    Content Security Gateway User ’s Ma nual Outbound Destination IP Accounting Report Pull down the menu and select Destination IP to show the outbo und destination IP accounting report. When LAN user connect to W AN service server through CS-500, all of the Downstream / Upstream / First Packet / Last Packet / Duration log of the Destination IP will[...]

  • Página 207

    Content Security Gateway User ’s Ma nual When LAN users connect to W AN Service Server through CS-500, all of the Down stream / Upstream / First Packet / Last Packet / Duration log of the Communication Service will be recorded. Definitions : T op: Select the dat a type you want to chec k. It present s 10 result s in one page. Service: The repo rt[...]

  • Página 208

    Content Security Gateway User ’s Ma nual ÍÍ Inbound Source IP Accounting Report Pull down the menu and select Source I P to show the inbound source IP accounting report. When W AN users connect to LAN service server through CS -500, all of the Downstream / Up stream / First Packet / Last Packet / Duration log of the source IP wil l be recorded.[...]

  • Página 209

    Content Security Gateway User ’s Ma nual Pull down the menu and select Destination IP to show the inbo und destination IP accounting report. When W AN host connect to LAN through CS-500, a ll of the Downstream/ Upstrea m/First Packet/Last Packet/Duration log of the De stination I P will be re corded. Definitions : T op: Select the dat a type you [...]

  • Página 210

    Content Security Gateway User ’s Ma nual When W AN host connect to LAN host through CS-500 , all of the Downstream/Up stream/First Packet/Last Packet/Duration log of the Communicati on Service will be recorded. Definitions : T op: Select the dat a type you want to chec k. It present s 10 result s in one page. Service: The report of Communication [...]

  • Página 211

    Content Security Gateway User ’s Ma nual setup by the Administrator . How to use St atistics The Administrator ca n get the curre nt network st atus from st atistics, and use t he information provided by statistics a s a basis to mange networks. How to apply W AN S t atistics The Administrator nee ds to go to Policy to set the ne twork IP address[...]

  • Página 212

    Content Security Gateway User ’s Ma nual Entering the S t atistics window The Statistics window displays the statis tics of current network conn ections.  Source: the name of source addres s.  Destination: the name of destination addre ss.  Service: the service requested.  Action: permit or deny  Time: viewable by minutes, hours, o[...]

  • Página 213

    Content Security Gateway User ’s Ma nual 4.8.4 Status In this section, the device displays the status inform ation about the Content Securi ty Gateway. Status will display the network information from the Config uration menu. The Administ rator may also use Status to che ck the DHCP lease time and MAC addresses for computer s connected to the Con[...]

  • Página 214

    Content Security Gateway User ’s Ma nual 4.8.4.2 Authentication Entering the Auth St atus windo w Click on Status in the menu bar, then click Authentication below it. A window will appe ar and provide information from the Auth User menu. Authentication St atus will list the settings f or Auth User login status. IP Addres s: The IP address of the [...]

  • Página 215

    Content Security Gateway User ’s Ma nual IP Addres s: The IP address of the host compute r MAC Address: The MAC address of that host computer Interface: The port that the host computer is connected to (LAN, W AN, DMZ) 4.8.4.4 DHCP Clients Entering the DHCP Client s window Click on Statu s in the menu bar , then click on DHCP Client s below it. A [...]