Go to page of
Similar user manuals
-
Network Card
Planet Technology IPX-1900
82 pages 2.89 mb -
Network Card
Planet Technology SKG-300
36 pages 2.21 mb -
Network Card
Planet Technology PL-101E
24 pages 0.69 mb -
Network Card
Planet Technology WGSW-2403
43 pages 0.72 mb -
Network Card
Planet Technology WNAP-1120
12 pages 0.7 mb -
Network Card
Planet Technology UE-9521
13 pages 0.42 mb -
Network Card
Planet Technology NAS-7100
12 pages 0.79 mb -
Network Card
Planet Technology SKD-200
18 pages 0.66 mb
A good user manual
The rules should oblige the seller to give the purchaser an operating instrucion of Planet Technology CS-500, along with an item. The lack of an instruction or false information given to customer shall constitute grounds to apply for a complaint because of nonconformity of goods with the contract. In accordance with the law, a customer can receive an instruction in non-paper form; lately graphic and electronic forms of the manuals, as well as instructional videos have been majorly used. A necessary precondition for this is the unmistakable, legible character of an instruction.
What is an instruction?
The term originates from the Latin word „instructio”, which means organizing. Therefore, in an instruction of Planet Technology CS-500 one could find a process description. An instruction's purpose is to teach, to ease the start-up and an item's use or performance of certain activities. An instruction is a compilation of information about an item/a service, it is a clue.
Unfortunately, only a few customers devote their time to read an instruction of Planet Technology CS-500. A good user manual introduces us to a number of additional functionalities of the purchased item, and also helps us to avoid the formation of most of the defects.
What should a perfect user manual contain?
First and foremost, an user manual of Planet Technology CS-500 should contain:
- informations concerning technical data of Planet Technology CS-500
- name of the manufacturer and a year of construction of the Planet Technology CS-500 item
- rules of operation, control and maintenance of the Planet Technology CS-500 item
- safety signs and mark certificates which confirm compatibility with appropriate standards
Why don't we read the manuals?
Usually it results from the lack of time and certainty about functionalities of purchased items. Unfortunately, networking and start-up of Planet Technology CS-500 alone are not enough. An instruction contains a number of clues concerning respective functionalities, safety rules, maintenance methods (what means should be used), eventual defects of Planet Technology CS-500, and methods of problem resolution. Eventually, when one still can't find the answer to his problems, he will be directed to the Planet Technology service. Lately animated manuals and instructional videos are quite popular among customers. These kinds of user manuals are effective; they assure that a customer will familiarize himself with the whole material, and won't skip complicated, technical information of Planet Technology CS-500.
Why one should read the manuals?
It is mostly in the manuals where we will find the details concerning construction and possibility of the Planet Technology CS-500 item, and its use of respective accessory, as well as information concerning all the functions and facilities.
After a successful purchase of an item one should find a moment and get to know with every part of an instruction. Currently the manuals are carefully prearranged and translated, so they could be fully understood by its users. The manuals will serve as an informational aid.
Table of contents for the manual
-
Page 1
Content Security Gateway User ’s Ma nual Content Security Gateway CS-500 User ’ s Manual[...]
-
Page 2
Content Security Gateway User ’s Ma nual Copyright Copyright (C) 2005 PLANET T echnolog y Corp. All right s reserved. The products and programs described in this User ’s Manual are licensed products of PLANET T echnology , This User ’s Manual contains proprietary information protected by copyright, and this Us er ’s Manual and all accompany[...]
-
Page 3
Content Security Gateway User ’s Ma nual T able of Content s CHAPTER 1: IN TRODUCTION ........................................................................................................ ................ 1 1.1 F EA TURES ...........................................................................................................................[...]
-
Page 4
Content Security Gateway User ’s Ma nual 4.3 P OLICY O BJECT ............................................................................................................................... ................. 43 4.3.1 Address ............................................................................................................................[...]
-
Page 5
Content Security Gateway User ’s Ma nual 4.4.4 DMZ T o WAN & DMZ T o LAN ............................................................................................................ 162 4.5 M AIL S ECURITY ............................................................................................................................... ..........[...]
-
Page 6
Content Security Gateway User ’s Ma nual Chapter 1: Introduction The innovation of the Internet has created a tremendous worldwide venue for e-business an d information sharing, but it also creates network security problem s, so the secu rity request will be the primary concerned for the enterprise. Planet’ s Content Security Gatewa y CS-500, a[...]
-
Page 7
Content Security Gateway User ’s Ma nual 1.2 Package Contents The following items should be included: CS-500 Content Security Gateway User ’s Manual CD-ROM This Quick Inst allation Guide Power Adapter If any of the contents are missi ng or damaged, please cont act your dealer or distributor immedi ately . 1.3 Content Security Ga[...]
-
Page 8
Content Security Gateway User ’s Ma nual settings. WAN Connect to your xDSL/Cable modem or other Internet connection devices LAN Connect to your local PC, switch o r other local network device DMZ Connect to your server or oth er network device 1.5 Specification Product Content Security Gateway Model CS-500 Hardware LAN 1 x 10/100Mbps RJ-45 W AN [...]
-
Page 9
Content Security Gateway User ’s Ma nual IDP Anomaly: Syn Flood, UDP Flood, ICMP Flood and mo re. Pre-defined : Backdoor , DDoS, DoS, Exploit, NetBIOS and S pyware. Custom: User defined based on TCP , UDP , ICMP or IP protocol. QoS Policy rules with Inbound/Outbound traf fic manageme nt Guaranteed and maximum bandwi dth Scheduled in unit of 30 mi[...]
-
Page 10
Content Security Gateway User ’s Ma nual Chapter 2: Hardware Inst allation 2.1 Inst allation Requirement s Before installing the Content Security Gateway, make sure your network meets the following requirements. - Mechanical Requiremen ts The Content Security Gateway is to be i nstalled bet ween your Internet connection and local area network. Th[...]
-
Page 11
Content Security Gateway User ’s Ma nual The WAN and DMZ side IP addre sses are on the same su bnet. This application is suitable if you have a subnet of IP addresses and you do not want to chan ge any IP configuration on the subnet. 2.2.2 NAT Mode Connecting Example In te rn et ADSL Mode m CS-5 00 W AN: 61.11. 11.11 LAN PC 1: 192.168. 1.2 LAN PC[...]
-
Page 12
Content Security Gateway User ’s Ma nual Chapter 3: Getting S t arted 3.1 Web Configuration STEP 1: Connect both the Administrator ’s PC an d the LAN port of the Content Security Gateway to a hub or switch. Make sure there is a link light on the hub/swit ch for both connections. The Cont ent Security Gateway has an embedded web server used for [...]
-
Page 13
Content Security Gateway User ’s Ma nual 3.2 Configure WAN interface After entering the username and p assword, the Content Se curity Gateway WEB UI screen will display . Select the Interface tab on the lef t menu then click on W AN below it. Click on Modify button of W AN, the following page is shown. PPPoE (ADSL User): This option is for PPPoE [...]
-
Page 14
Content Security Gateway User ’s Ma nual Default Gateway : This will be the Gateway IP address. Domain Name Server (DNS): Thi s is the IP Address of the DNS server . For PPTP (European User Only): This i s mainly used in Europe. Y ou need to know the PPTP Server address as well as your name and p assword. User Name: The user name is provided by I[...]
-
Page 15
Content Security Gateway User ’s Ma nual Destination Address – select “Out side_Any” Service - select “ANY ” Action - select “Permit” Click on OK to apply the changes. STEP 4: The configuration is succe ssful when the screen belo w is displayed. Please make sure that all the comp uters that are conne cted to the LAN port have their [...]
-
Page 16
Content Security Gateway User ’s Ma nual Chapter 4: W eb Configuration 4.1 System The Content Security Gateway Administration and monitoring configuration is set by t he System Administrator . The System Administrator can add or modify System se ttings and monitoring mode. The sub Administrators can only read System settings but not modify them. [...]
-
Page 17
Content Security Gateway User ’s Ma nual DHCP: Administrator can config ure DHCP (Dynami c Host Configuration Protocol) settings for the LAN (LAN) network. Dy nam ic D NS: The Dynamic DNS (require Dynamic DNS S ervice) allows you to alias a dyn amic IP a ddress to a static hostname, allowi ng your device to be more easily a ccessed by specific na[...]
-
Page 18
Content Security Gateway User ’s Ma nual Settings of the Administration table Admin Name: The username of Administrators fo r the Content Security Gateway . The user admin cannot be removed. Privilege: The privilege s of Administrators (Admin or Sub Admin) The username of the main Administrator is Admin with read / write privilege. Sub Admin may [...]
-
Page 19
Content Security Gateway User ’s Ma nual Removing a Sub Admin Step 1. In the Administration table, locate th e Admin name you want to edit, and click on the Rem ove option in the Configure field. Step 2. The Remove confirmation pop-up box will appear. Click OK to remove that Sub Admin or click Cancel to cancel. 4.1.2 Permitted IPs Only the author[...]
-
Page 20
Content Security Gateway User ’s Ma nual Add Permitted IPs Address Step 1. Click New Entr y button. Step 2. In IP Address field, enter the LAN IP address or W AN IP address. Name : Enter the host name for the auth orized IP address. IP Addres s : Enter the LAN IP addres s or W AN IP address. Netmask : Enter the netmask of LA N/W AN. ?[...]
-
Page 21
Content Security Gateway User ’s Ma nual 4.1.3 Software Update Under Sof tware Update , the admin m ay update the device’ s softwa re with a newer software. Y ou may acquire the current version number of software in V ersion Number . Administrators may visit di stributor ’s web site to download the latest version and save it in server’s har[...]
-
Page 22
Content Security Gateway User ’s Ma nual ÍÍ Exporting Content Security Gate w ay settings Step 1. Under Backup/Res tore Configuration , click on the Do wnload button next to Export System Settings to Client . Step 2. When the File Download pop-up window appears, choose the destination place to save the exported file. The Administrator may choos[...]
-
Page 23
Content Security Gateway User ’s Ma nual Importing Content Security Gate way settings Under Backup/Restore Configuration , click on the Bro wse button next to Import System Settings from Client . When the Choose File pop-up window appears, select the file which cont ains the saved Content Security Gateway Settings, then click OK . Click OK to imp[...]
-
Page 24
Content Security Gateway User ’s Ma nual System Name Setting Input the name you want into Devi ce Nam e column to be the device name. Email Setting Step 1. Select Enable E-mail Alert Notificatio n under E-Mail Setting . This function will enable the Content Security Gateway to send e-mail alerts to the System Administrator when the network is bei[...]
-
Page 25
Content Security Gateway User ’s Ma nual Web Manage ment (W AN Interface) The administrator can change the port n umber used by HTTP port1 anytime. (Remote UI Management) Step 1. Set Web Ma nagement (W AN Interface). The administrator can change the p ort number used by HTTP port anytime. MTU (set networking p acket length) The administrator can [...]
-
Page 26
Content Security Gateway User ’s Ma nual to the network. Y ou can choo se to enable LAN, W AN or DMZ interface to allow send out the RIP protocol in a period of time to update the 0 will cut of f the routi ng automatically until it receives RIP protocol again. Th e default timer is 80 seconds. Dynamic Routing (RIPv2) Enable Dynamic Routing (RIPv2[...]
-
Page 27
Content Security Gateway User ’s Ma nual T o-Appliance Packe t Lo gging Whe sou n the function is selected, the CS-500 will record the packets that contain t he IP address of CS-500 in rce or destination, the records will display in Traffic Log for adm inistrator to inquire about. Cont ent Security Gateway will be rebooted . A confirmation pop-up[...]
-
Page 28
Content Security Gateway User ’s Ma nual Step 4. Update system clock ev ery □ minutes You can set the interval time to synchronize with utside servers. If you set it to 0, it means the device will not synchronize automatically. mputer ’ s clock. Click OK to apply the setting or click Cancel to discard changes. o Follow this step to sync to yo[...]
-
Page 29
Content Security Gateway User ’s Ma nual Multiple Subnet settings Click Sy stem on the left side menu bar, select Configure then click Multiple Subnet to enter Multiple Subnet window . s and Forwarding Mode. ultiple Subnet. Click Modi fy to modify the p arameters of Multiple Subnet r click Delete to delete se ttings. Step the new win dow . IP add[...]
-
Page 30
Content Security Gateway User ’s Ma nual Step 1: Find the IP address you want to modify and click Modify . Step 2: Enter the new IP address in Modify Multiple Subnet window . Step 3: Click the OK button below to change the setti ng or click Ca ncel to discard changes. Removing a Multiple Subnet Step 1: Find the IP address you want to delete and c[...]
-
Page 31
Content Security Gateway User ’s Ma nual Sales: Alias IP of LAN interface - 168.85.88.65, Netm ask: 255.255.255.192 Procurement: Alias IP of LAN interface - 168.85.88.129, Netmask: 255.25 5.255.192 Accounting: Alias IP of LAN interface - 168.85.88.193, Netm ask: 255.255.25 5.192 Click System on th e left side menu bar , then click Mult iple Subne[...]
-
Page 32
Content Security Gateway User ’s Ma nual Step 4: Adding a new W AN to LAN Policy . In the Incoming window , click the New Entry button. Modify a Multiple Subnet Routing Mode Step 1: Find the IP address you want to modify in Multiple Subnet menu, then click M odify button, on the right Step 3: Click the OK button below to change the setti ng or cl[...]
-
Page 33
Content Security Gateway User ’s Ma nual 4.1.7 Route Table In this section, the Administrator c an add static routes for the networks. Entering the Route T able screen Step 1. Click System on the lef t hand sid e menu bar , then click Route T able below the Configure menu. The Route T able window appears, in which curre nt route settings are show[...]
-
Page 34
Content Security Gateway User ’s Ma nual Step 4. Click OK to add the new static route or click Cancel to cancel. Modifying a St atic Route: Step 1. In the Route T able menu, find the route to edi t and click the corresponding Modify option in the Configure field. Step 2. In the Modify St atic Route window , modify the necessary routing addresses.[...]
-
Page 35
Content Security Gateway User ’s Ma nual 4.1.8 DHCP In the section, the Administrator can configure DHCP (Dynamic Host Configuration Protocol) setting s for the LAN (LAN) network. Entering the DHCP w indow Click System on the lef t hand side menu bar , then cli ck DHCP below the Configure menu. The DHCP window appears in whi ch current D HCP sett[...]
-
Page 36
Content Security Gateway User ’s Ma nual Dynamic IP Address functions Subnet: LAN network’s su bnet Netmask: LA N network’ s netmask Gateway: LAN network’s gateway IP address Broadcast: L AN network’ s broadcast IP address Enabling DHCP Support Step 1. In the Dynamic IP Address window , click Enable DHCP Support . Domain N[...]
-
Page 37
Content Security Gateway User ’s Ma nual ÍÍ Click Dynam ic DNS in the System menu to enter Dy namic DNS window . The icons in Dynamic DNS window: !: Up date S t atus, Connecting; Update succeed; Update fail; Unidentified error . Domain name: Enter the p assword provided by ISP . W AN IP Address: IP addre ss of the W AN port. Configure: Modify d[...]
-
Page 38
Content Security Gateway User ’s Ma nual Service providers : Select service providers. Sign up : to the service providers’ website. W AN IP Address : IP Address of the W AN port. Automatically : Check to automatically fill in the W AN IP . 。 User Name : Enter the registered user name. Password : Enter the password provided by ISP (Inte rn[...]
-
Page 39
Content Security Gateway User ’s Ma nual 4.1.10 Host Table The Content Security Gateway’ s Administrator may use the Host T able function to make the Content Security Gateway act as a DNS Server for the LAN and DMZ network. All DNS request s to a specific Domain Name will be routed to the Content Security Gateway’ s IP address. For ex ample, [...]
-
Page 40
Content Security Gateway User ’s Ma nual ÍÍ Below is the information needed for setting up the Ho st T able : • Host Name: The domain name of the server • Virtual IP Address: The vi rtual IP addre ss respective to Host T able • Configure: modify or remove each Host T able policy Adding a new Host T able Step 1: Click on the Ne w Entry but[...]
-
Page 41
Content Security Gateway User ’s Ma nual Removing a Host T able Step 1: In the Host T able window , find the policy to be removed and click the corresponding Re move option in the Configure field. Step 2: A confirmation pop-up box will appear , click OK to remove the Host T able or click Cancel . 4.1.11 Language Administrator can configure the Co[...]
-
Page 42
Content Security Gateway User ’s Ma nual Step 2. Click Logout the Content Security Gateway . Step 3. Click OK to logout or click Cancel to discard the change. ÍÍ 4.2 Interface In this section, the Administrator can set up the IP addresses for the of fice network. The Administrator m ay configure the IP addresses of the LAN network, t he W AN ne[...]
-
Page 43
Content Security Gateway User ’s Ma nual IP Address: The private IP address of the C ontent Security Gateway’ s LAN network is the IP address of the LAN port of the device. The default IP address is 192. 168.1.1. If the new LAN IP Address is not 192.168.1.1, the Administrator needs to set the IP Address on th e computer to be on the same subnet[...]
-
Page 44
Content Security Gateway User ’s Ma nual Username: Enter the PPPoE username provided by the ISP . Password: Enter the PPPoE password provided by the ISP . IP Address provided by ISP: Dy nam ic: Select this if the IP address is automatically assigned by the ISP . Fixed: Select this if you were given a static IP addre ss. Enter the IP address t hat[...]
-
Page 45
Content Security Gateway User ’s Ma nual IP Addre ss: The dynamic IP address obtained by the Cont ent Security Gatewa y from the ISP will be displayed here. This is the IP addre ss of the W AN port of the device. MAC Address: This is the MAC Address of the device. Hostname: This will be t he name assign to the device. Some cable modem ISP assign [...]
-
Page 46
Content Security Gateway User ’s Ma nual Ping: Select this to allow the W AN network to ping th e IP Address of the Content Security Gateway . This will allow people from the Internet to be able to ping the Content Security Gateway . If set to enable, the device will respond to echo request p ackets from the W AN network. HTTP: Select this to all[...]
-
Page 47
Content Security Gateway User ’s Ma nual H T T P : Select this to allow the device WEBUI to be accessed from the W AN network. This will allow the WebUI to be configure d from a user on the Interne t. Keep in mind that the device always requires a username and p assword to enter the W ebUI. 4.2.3 DMZ The Administrator uses the DMZ Interface to se[...]
-
Page 48
Content Security Gateway User ’s Ma nual DMZ Interface : Display DMZ NA T Mode /DMZ TRANSP ARENT Mode functions of DMZ to show if they are enabled or disabled. IP Address : The private IP address of the Content Secu rity Gateway’ s DMZ interface. This will be the IP address of the DMZ port. If it is in NA T mode, the IP address the Administrato[...]
-
Page 49
Content Security Gateway User ’s Ma nual How to use Address Table With easily recognized names of IP addresses and names of add ress group s shown in the address t able, the Administrator can use these names as the source addres s or d estination address of co ntrol policies. The address table should be bu ilt before creating control policie s, s[...]
-
Page 50
Content Security Gateway User ’s Ma nual If you want to enable Get S tatic IP add ress from DHCP Server function, enter the MAC Address then check the Get St atic IP address from DHCP Server . Modifying an LAN Address Step 1. In the LAN window, locate the name of t he network to be modified. Click the Modify option in its corresponding Configure [...]
-
Page 51
Content Security Gateway User ’s Ma nual 4.3.1.2 LAN Group Entering the LAN Group windo w The LAN Addresses may be combined t ogether to become a group . Step 1. Click LAN Group under the Addre ss menu to enter the LAN Group window . Th e current setting information for the LAN network group a ppears on the screen. ÍÍ Definitions Name: Name of [...]
-
Page 52
Content Security Gateway User ’s Ma nual Group. Ad Step 1. N Group window, clic k the New Entry button to enter th e Add New Address Group Step 2 In work. w group. Step 3. d in Available address list, and click the Add>> button to add them to the Selected address list. Step 4. ss list, and click the s list. Step 5. Click OK to add the new g[...]
-
Page 53
Content Security Gateway User ’s Ma nual Step 2. w Step 3. vailable address list, and cli ck the Add>> button to add Step 4. list, and click the <<Remove button ress list. Click OK to save change s or click Can cel to discard changes. A indow displaying the information of the selected g roup appears: Available address: list names [...]
-
Page 54
Content Security Gateway User ’s Ma nual 4.3.1.3 WAN Entering the W AN window Step 1. Click WA N under the Address menu to enter t he WAN window. The curre nt setting information, such as the name of the WAN netwo rk, IP and Netmask addresse s will show on the screen. ÍÍ Definitions Name : Name of W AN network address. IP/Netmask : IP addre ss/[...]
-
Page 55
Content Security Gateway User ’s Ma nual Step 2. In the Add New Address window, enter the settings for a new WAN network addre ss. Step 3. Click OK to add the specified WAN network or cli ck Cancel to discard changes. Modifying an W AN Address Step 1. In the WAN table, locate t he name of the net work to be modified and click the Modify option in[...]
-
Page 56
Content Security Gateway User ’s Ma nual 4.3.1.4 WAN Group Entering the W AN Group windo w Step 1. Click the W AN Group under the Address menu bar to enter the W AN window . The current settings for the W AN network group(s) will appea r on the screen. ÍÍ Definitions : Name : Name of the W AN group. Member : Members of the group. Configure : Co[...]
-
Page 57
Content Security Gateway User ’s Ma nual window will appear . Step 2. In the Add New Address Group wi ndow the following fields will appea r: Name: enter the name of the new group. Available address: List the name s of all the members of the WAN network. Selected address: List the names to assign to the new group. Add members: Sel[...]
-
Page 58
Content Security Gateway User ’s Ma nual Removing a W AN Group Step 1. In the WAN Group window, locate the group to be removed and click its corresp onding Modify option in the Configure field. Step 2. In the Remove confirmation pop-up box, click OK to remove the group or click Cancel to discard changes. 4.3.1.5 DMZ Entering the DMZ windo w: Clic[...]
-
Page 59
Content Security Gateway User ’s Ma nual Adding a new DMZ Address: Step 1. In the DMZ window, click the New Entry button. Step 2. In the Add New Address window, enter the settings for a new DMZ address. Step 3. Click OK to add the specified DMZ or click Can cel to discard changes. Modifying a DMZ Address: Step 1. In the DMZ window, locate the nam[...]
-
Page 60
Content Security Gateway User ’s Ma nual Removing a DMZ Address: Step 1. In the DMZ window, locate the name of the network to be removed and click the Remove option in its correspon ding Configure field. Step 2. In the Remove confirmation pop-up box, click OK to remove the address or click Cancel to discard changes. 4.3.1.6 DMZ Group Entering the[...]
-
Page 61
Content Security Gateway User ’s Ma nual Adding a DMZ Group: Step 1. In the DMZ Group window, click the Ne w En try butto n. Step 2. In the Add New Address Group window: Available address: list names of all members of the DMZ. Selected address: list names to assign to a new group. Step 3. Name: enter a name for the new group. Step 4. Add [...]
-
Page 62
Content Security Gateway User ’s Ma nual Modifying a DMZ Group: Step 1. In the DMZ Group window, locate the DMZ group to be modified and click its corresponding Modify button in the Configure field. Step 2. A window displaying information about the selected grou p appears: Available address: list the names of all the members of the DMZ. S[...]
-
Page 63
Content Security Gateway User ’s Ma nual Removing a DMZ Group: Ste p 1. In the DMZ Group window , locate the group to be removed and click it s corresponding Remove option in the Configure field. Ste p 2. In the Remove confirmation pop-up box, click OK to remove the group. 4.3.2 Service In this section, network services are defined and n ew netw [...]
-
Page 64
Content Security Gateway User ’s Ma nual and the server port ranges from 0 to 1023. How do I use Service? The Administrator can ad d new service group names in the Group option under Se rvice menu, and assign desire d services into that ne w group. Using service gro up the Ad ministrator ca n simplify the processes of s etting up control policies[...]
-
Page 65
Content Security Gateway User ’s Ma nual Step 1. Click Cu stom under it. A window will appea r with a tabl e showing all services currently defined by the Administrator . ÍÍ Definitions : Service name : The defined servi ce name. Protocol : Network protocol used in the basi c setting. Such as TCP 、 UDP or others. Client port : The range of Cl[...]
-
Page 66
Content Security Gateway User ’s Ma nual Modifying Custom Services Step 1. A table showing the current settings of t he selecte d service appears on the screen Step 2. Enter the new values. Step 3. Click OK to accept editing; or click Cancel . Removing Custom Serv ices Step 1. Click its correspondin g Remove option in the Con figure field. Step 2[...]
-
Page 67
Content Security Gateway User ’s Ma nual 4.3.2.3 Group Accessing the Group windo w Step 1. Click Group under it. A wi ndow will appear with a t able displaying current service group settings set by the Administrator . ÍÍ Definitions : Group name : The Grou p name of the defined Service. Service : The Service item of the Grou p. Configure : Conf[...]
-
Page 68
Content Security Gateway User ’s Ma nual Step 3. Enter the ne w group name in the grou p Name field. This will be the name referencing the created group. Step 4. To add new servi ces: Select the services d esired to be ad ded in the Av ailable serv ice list and then click the Add>> button to add them to the group. Step 5. To remove services[...]
-
Page 69
Content Security Gateway User ’s Ma nual Removing Service Group s In the Remov e confirmation pop-up box, click OK to remove the selected service group or click Cancel to cancel removing. 4.3.3 Schedule The Content Security Gateway allows the Administ rator to configur e a schedule for policies to take affect. By creating a schedule, the Administ[...]
-
Page 70
Content Security Gateway User ’s Ma nual The following items are displayed in this window: Name: the name assigned to the schedule Configure: modify or remove Adding a new Schedule Step 1. Click on the New Entry button and the Add New Schedule window will appear. Schedule Name: Fill in a name for the new schedule. Period: Configure the st[...]
-
Page 71
Content Security Gateway User ’s Ma nual Step 1. In the Schedule window, find the policy to be modified and click the corresponding Modify option in the Configure field. Make needed changes. Step 2. Click OK to save changes. Removing a Schedule Step 1. In the Schedule window, find the policy to be removed and click the corre sponding Remove optio[...]
-
Page 72
Content Security Gateway User ’s Ma nual Configuration of QoS Click QoS in the menu bar on the lef t hand side. ÍÍ Definitions : Name : The n ame of the QoS you want to configure. WA N : Display W AN interface. Downstream Band w idt h : T o configure the Guaranteed Bandwid th and Maximum Bandwi dth. Up stream Band width : T o configure the Guar[...]
-
Page 73
Content Security Gateway User ’s Ma nual Modify QoS Step 1. Click QoS in the menu bar on the lef t hand side. Click the Modify button to modify QoS. Definition: Name : The n ame of the QoS you want to configure. Downstream Band w idth: To configure the Guarateed Bandwidth and Maximum Bandwidth. Upstream Bandwidth: To configure the Guarateed Bandw[...]
-
Page 74
Content Security Gateway User ’s Ma nual Step 2. Configure the LAN host o r W AN host IP address that need to filter with QoS feature. Be aware that the Netmask must set to 255.255.255.255 if y ou only want to configure a sing le IP address. Step 3. Set up the QoS rule. - 69 -[...]
-
Page 75
Content Security Gateway User ’s Ma nual Step 4. Enable the QoS rule in Outgoing or Incoming Policy . 4.3.5 Authentication By configuring the Authentication, you can control the user ’ s access right time of LAN to W AN. The administrator can configure the aut hentication according to the auth entication account and password. CS-500 configures [...]
-
Page 76
Content Security Gateway User ’s Ma nual Authentication Port: The port num ber used for user login pa ge. Generally, when user want to acce ss WAN network and t he a uthentication (Policy -> Outgoing) is enabled, the user only need to open a web page a nd the User Login page will pop up. But if user does not need to open the web page and also [...]
-
Page 77
Content Security Gateway User ’s Ma nual Definitions : Name : The name of the Authenticatio n you want to configure. Configure: modify settings or remove users. Adding a new Auth User Step 1. In the Authentication window, click the New User button to create a new Auth User. Step 2. In the Auth-U ser window: Auth-User Name: enter the usernam[...]
-
Page 78
Content Security Gateway User ’s Ma nual NOTE : When the LAN user access to W AN network and do not use for a whil e, the connection will be time-out. User has to re-login again. The default time is 30 minutes and you can config ure this time by “Authentication”-> “Auth Setting” pag e. In the form of controlling the [Outgoing] Policy ,[...]
-
Page 79
Content Security Gateway User ’s Ma nual Modifying the Authentication User Step 1. In the Authentication wi ndow, locate the Auth -User name you want to edit, and click on Modify in the Configure field. Step 2. The Modify Auth-User Pass w ord window will appear. Enter in th e required information: Auth-User: show original authentication user [...]
-
Page 80
Content Security Gateway User ’s Ma nual 4.3.5.3 Auth Group Accessing the Auth Group window Click Authentication in the menu bar on the lef t hand side of the window . Click Auth Gr oup under it. A window will appear with a t able displaying curre nt Auth Group settings by the Administrator . Adding Auth Group Step 1. In the Auth Group window, c [...]
-
Page 81
Content Security Gateway User ’s Ma nual Modifying Auth Group Step 1. In the Auth Group window, locate the Auth Group to be edited. Click its corresponding Modify option in the Configure field. Step 2. In the Modify Auth group window the fo llowing fields are displayed :: Name: Enter the new Auth Group name . Available auth user: List all[...]
-
Page 82
Content Security Gateway User ’s Ma nual Removing Auth Group Step 1. In the Auth Group window, locate the Auth Group to be removed and click its corresponding Remove option in the Configure field. Step 2. In the Remove confirmation pop-up box, click OK to remove the selected service group or click Cancel to cancel removing. 4.3.5.4 Radius Serve C[...]
-
Page 83
Content Security Gateway User ’s Ma nual Definition ♦ Enable RADIUS Serv er : Enable RADIUS Server Authentication. ♦ RADIUS Server IP : Enter RADIUS Se rver IP address. ♦ RADIUS Server Port : Enter RA DIUS Server Port. The default port is 1812. ♦ Shared Secret : The Pa ssword for CS-500 to access RADIUS Se rver . ♦ Enable 802.1x RADIUS [...]
-
Page 84
Content Security Gateway User ’s Ma nual 4.3.6 Content Blocking Content Blocking includes “ URL ”, “ Scripts ”, “ P2P ”, “ IM ”, “ Download ” and “ Upload ”. URL: The administrator ca n use a complete domain name or key word to ma ke rules for specific web sites. Script s : T o let Popup 、 Act iveX 、 Java 、 Cookie in[...]
-
Page 85
Content Security Gateway User ’s Ma nual Configure : T o change the settings of URL Blocking, click Modify to change th e parameters; click Delete to delete the settings. Adding a URL policy Step 1. After clicking New Entry , the Add New URL S t ring wind ow will appear . Step 2. Enter the URL of the website to be blocked. Step 3. Click OK to add[...]
-
Page 86
Content Security Gateway User ’s Ma nual Step 1. In the URL window, find the policy to be remove d and click the corre sponding Remove option in the Configure field. Step 2. A confirmation pop-up box will appear, click on OK to remove the policy or click on Cancel to discard changes. 4.3.6.2 Scripts To let Popup , ActiveX , Java , or Cookies in o[...]
-
Page 87
Content Security Gateway User ’s Ma nual Í Í When the system detects the setting, the Content Security Gateway will spontan eously work . 4.3.6.3 P2P Step 1: C l i c k P2P below Content Blocking menu. Step 2: S e l e c t P2P detective functions: eDonkey Blocking: Prevent eDonkey co nnection built up. Bit Torrent Blocking: Prevent Bit Torrent co[...]
-
Page 88
Content Security Gateway User ’s Ma nual will display at the top side. 4.3.6.4 IM Step 1: C l i c k IM below Content Blocking menu. Step 2: S e l e c t IM detective functions: MSN Messenger B locking: To sele ct to block MSN Me ssenger login , File Transfer , Voice or Camer a transferring. Yahoo Messenger Blocking: To sele ct to block Yahoo Messe[...]
-
Page 89
Content Security Gateway User ’s Ma nual ÍÍ 4.3.6.6 Upload Step 1: C l i c k Upload below Content Blocking menu. Step 2: S e l e c t Upload detective functions: All Types Block: To block all types of the files uploading from web page. Audio and Video Types block: To block audio an d video uploading from web page.. Extensions Block: To block spe[...]
-
Page 90
Content Security Gateway User ’s Ma nual assigns each computer a private IP address, and convert s it into a real IP address through Content Security Gateway’s NA T (Network Addre ss T ranslation) function. If a server providing service to the W AN networks is located in the LAN networks, out side users can’t directly conn ect to the server b[...]
-
Page 91
Content Security Gateway User ’s Ma nual address of the W AN network, and the real IP is transla ted to a private IP of the LAN network. Mapped IP and Virtual Server are the two method s to translate the r eal IP into private IP . Mapped IP map s IP in one-to-one fashion; that means, all services of one real W A N IP address is m apped to one pri[...]
-
Page 92
Content Security Gateway User ’s Ma nual Modifying a Mapped IP Step 1. In the Mapped IP table, locate the Mapped IP you w ant it to be modified and click its corresponding Modify option in the Configure field. Step 2. Enter settings in the Modify Mapped IP window. Step 3. Click OK to save change or click Cancel to cancel. NOTE: A Mapped IP cannot[...]
-
Page 93
Content Security Gateway User ’s Ma nual 4.3.7.2 Virtual Server Virtual serve r is a one-to-many mapping tech nique, whic h map s a real IP address from the W AN interface to private IP addre sses of the LAN network. This function provid es services or applications defined in the Service menu to enter into the LAN n etwork. Unlike a mapp ed IP wh[...]
-
Page 94
Content Security Gateway User ’s Ma nual Configure : T o change the service configuration, click Configure to change the para meters; click Delete to delete the configuration. This virtual server provides four real IP addre sses, which means you can setup four virtual servers at most. The administrator can select V irtual Server1/2/3/4 under V ir[...]
-
Page 95
Content Security Gateway User ’s Ma nual Removing a V irtual Server Step 1. Click the virtual serve r to be removed in t he correspondin g Virtual Server option under the Virtual Server menu bar. A new window displayin g the virtual server’s IP address and service appears on the screen. Step 2. Click the Virtual Server’s IP Address button at [...]
-
Page 96
Content Security Gateway User ’s Ma nual Server (Load Balance Server). External Service Port: Input the port number that the vi rtual server will u se. Changing the Service will change the port number to match the service. Load Balance Server: The internal server IP addre ss mapped by the virtual server. Four computer IP addresses can be [...]
-
Page 97
Content Security Gateway User ’s Ma nual Virtual Server Real IP: displays the WAN IP address assigned to the Virtual Server Service (Port): select the service from the pull down list that will be provided by the Real Server (Load Balance Server). External Service Port: Input the port number that the vi rtual server will u se. Changing[...]
-
Page 98
Content Security Gateway User ’s Ma nual Click OK to execute the change of t he virtual server , or click Cancel to discard changes. NOTE: If the destination Network in Policy has set a virtual server , it will not be able to change or configure this virtual server , you have to remo ve this configuration of Policy , and then you can execute the [...]
-
Page 99
Content Security Gateway User ’s Ma nual 4.3.8 VPN The CS-500 adopt s VPN to set up safe and private networ k service, and combine t he remote Authentication system in order to integrate the remo te network and PC of the enterprise. It also provides the remote users a safe encryption way to have best ef ficiency and encrypti on when delivering da[...]
-
Page 100
Content Security Gateway User ’s Ma nual The fields in the IPSec Autokey window are: Name: The VPN name to identify the VPN tunnel definiti on. Th e name must be dif ferent for the two sites creating the tunnel. Gateway IP: The othe r side W AN interface IP address of VPN Gateway . IPSec Algorithm: The display the Algorithm way . [...]
-
Page 101
Content Security Gateway User ’s Ma nual Remote Gateway or Client – Dynamic IP: Select Remote Gateway or Client if there is only one user or device and dials up to Internet with PPPoE or cable modem. Preshared Key: The IKE VPN must be defined with a Preshared Key. The Key may be up to 128 bytes long. Encapsulation ISAKMP Algorithm ENC A[...]
-
Page 102
Content Security Gateway User ’s Ma nual My I D / Peer ID: My ID and Peer ID are optional parameters. If we choo se to enter My ID/ Peer ID, they couldn’t be the same. For instance, My ID is 11.11.11 .11 and Peer ID is 22.22.22. 22. If you want to use number or text, add @ in the front, for instance, @123A and @abcd123. GRE / IPSec: Sel[...]
-
Page 103
Content Security Gateway User ’s Ma nual Disable PPTP: Check to disable PPTP Server . Enable PPTP: Check to enable PPTP Server . Encryption: the default is set to disable d. Client IP Range: Enter the IP range allocated for PPTP Client s when they connect to the PPTP server . Allow remote client to connect to Internet : Check t o allo[...]
-
Page 104
Content Security Gateway User ’s Ma nual Step 3. Click OK to save modifications or c lick Cancel to cancel modifications. Modifying PPTP Server Step 1. Select VPN → PPTP Server . Step 2. In the PPTP Serv er window , find the PPTP server that you want to modify . Click Configure a nd click Modify . Step 3. Enter appropriate settings. Step 4. Cli[...]
-
Page 105
Content Security Gateway User ’s Ma nual 4.3.8.3 PPTP Client This function allows the Content Security Gateway di al-up to remote PPTP server and acce sses the network resources on remote ne twork. Entering the PPTP Client window Step 1. Select VPN → PPTP Client . ÍÍ User Name : Displays the PPTP Client user ’ s name for authenticatio[...]
-
Page 106
Content Security Gateway User ’s Ma nual Adding a PPTP Client Step 1. Select VPN → PPTP Client . Step 2. Configure the para meters. User name: S pecify the PPTP client. This should be unique. Password: S pecify the PPTP client p assword. Server IP or Domain Name: Enter the PPTP Server ’s IP address. Encryption: Enable or Disab[...]
-
Page 107
Content Security Gateway User ’s Ma nual Step 4. Click OK to save modifications or c lick Cancel to cancel modifications Removing PPTP Client Step 1. Select VPN → PPTP Client . Step 2. In the PPTP Client window , find the PPTP client that you want to modify and cli ck Remove . Step 3. Click OK to remove the PPTP client or click Cancel to exit w[...]
-
Page 108
Content Security Gateway User ’s Ma nual Step 2. Configure the para meters Name: S pecify the T unnel name. This should be unique and can not be the sam e as the name of IPSec Autokey rule. Source Subnet: S pecify the source LAN network subnet. Destination Subnet: S pecify the destination LAN network subnet. IPSec/PPTP: Indicate t[...]
-
Page 109
Content Security Gateway User ’s Ma nual Modifying a T unnel Step 1. Select VPN → T unnel . Step 2. In the T unnel windo w , find the T unnel that you want to modify and click Modify . Step 3. Enter appropriate settings. Removing T unnel Step 1. Select VPN → T unnel . Step 2. In the T unnel windo w , find the T unnel that you want to modify a[...]
-
Page 110
Content Security Gateway User ’s Ma nual Step 3. When here are 5 examples of VPN setting. een two Content Security Gateway s. d Windows XP Professional Example 3. connection between two Content Security Gateways u sing Aggressive mode Example 4. 11 VPN xample 1. Create a VPN connectio n bet w een two Content Security Gate ways. reparation T ask: [...]
-
Page 111
Content Security Gateway User ’s Ma nual Step 3. In T o Destination table, choose Remote G ateway-Fixed IP or Dom ain Name, enter the IP address desired to be connected. Step 4. In Authentication Method T able enters the Preshared Key . Step 5. In Encapsulation or Authentication table, choo se ISAKMP Algorithm. For communi cation via VPN, we hoos[...]
-
Page 112
Content Security Gateway User ’s Ma nual Step 10. Cli ck T unnel and press New Entry to config ure the further setting. Ste p 1 1. Enter Site_A as the new tunnel name, and select LAN interface a s the VPN source. Fill LAN IP subnet 192.168.10.0 with sub net mask IP 255.255.255.0. Step 12. In T o Destination table, fill comp any B’ s subnet IP a[...]
-
Page 113
Content Security Gateway User ’s Ma nual and Incoming Policy . Outgoing Policy: Incoming Policy: The Gateway of Comp any B is 192.168.20.1. The settings of company B are as the following. Step 1. Enter the default IP of Compan y B’s Content Securi ty Gateway , 192.168.20.1. Click VPN in the menu okey . Click Add. Step 2. Enter the VPN name, VPN[...]
-
Page 114
Content Security Gateway User ’s Ma nual Step 4. In Authentication Method T able enters the Preshared Key . Step 5. In Encapsulation or Authentication table, choo se ISAKMP Algorithm. For communi cation via VPN, we choose 3DES for ENC Algorithm and M D5 for AUTH Algorithm. And select Group 1 to connect. Step 6. In IPSec Algorit hm T able, choose [...]
-
Page 115
Content Security Gateway User ’s Ma nual Step 10. Cli ck T unnel and press New Entry to config ure the further setting. Ste p 1 1. Enter Site_B as the new tunnel name, and select LAN inte rface as the VPN source. Fill LAN IP subnet 192.168.20.0 with sub net mask IP 255.255.255.0. Step 12. In T o Destination table, fill comp any B’ s subnet IP a[...]
-
Page 116
Content Security Gateway User ’s Ma nual and Incoming Policy . Outgoing Policy: Incoming Policy: Example 2. Create a VPN connection bet w een the Content Security Gateway and Windows XP lient. ternal IP is 192.168.10.X emote User External IP is 210.66.155.91 te a VPN connection with company A and connect to 92.168.10.100 for downloading the shari[...]
-
Page 117
Content Security Gateway User ’s Ma nual Step 5. In Encapsulation or Authentication table, choo se ISAKMP Algorithm. For communi cation via VPN, we choose 3DES for ENC Algorithm and M D5 for AUTH Algorithm. And select Group 2 to connect. Step 6. In IPSec Algorit hm T able, choose Data Encryp tion + Authentication. We choose 3DES for ENC Algorithm[...]
-
Page 118
Content Security Gateway User ’s Ma nual subnet 192.168.10.0 with sub net mask IP 255.255.255.0. Step 12. In T o Destination table, select Remote Client. Step 13. In IPSec / PPTP Setting, select VPN_A as the available tunnel. Step 14. Cli ck OK to finish the T unnel setting of Company A. Step 15. Enable Tunnel setting in Incom ing Policy . Step 1[...]
-
Page 119
Content Security Gateway User ’s Ma nual Configuration of WinXP The IP of remote use r is 210.66.155.91. The setting s of remote user are as the following. Step 1. Enter Windows XP, click Start and click Execute function. Step 2. In the Execute window, enter the command, mmc in Open . - 1 14 -[...]
-
Page 120
Content Security Gateway User ’s Ma nual Step 3. Enter the Console wind ow , click Console(C) option and click Add/Remove Embedded Manag ement Option. Step 4. Enter Add/Remove Embedded Manage ment Option window and click Add. In Add/ Remove Embedded Management Option win dow, click Add to add Create IP Security Policy. - 1 15 -[...]
-
Page 121
Content Security Gateway User ’s Ma nual Step 5. Choose Local Machine (L ) for finishing the setting of Add. Step 6. Finish the setting of Add. - 1 16 -[...]
-
Page 122
Content Security Gateway User ’s Ma nual Step 7. Cli ck the right button of mouse in IP Security Policies on Local Machine an d choose Create IP Security Policy(C) option. Step 8. Click Next. - 1 17 -[...]
-
Page 123
Content Security Gateway User ’s Ma nual Step 9. Enter the Name of this VPN and opti onally give it a brief description. Step 10. Disable Activ ate the default response rule . And click Next. - 1 18 -[...]
-
Page 124
Content Security Gateway User ’s Ma nual Ste p 1 1. Completing the IP Security Policy setting and click Fini sh. Enable Edit properties. Step 12. In window , click Add and click Use Add Wizard. - 1 19 -[...]
-
Page 125
Content Security Gateway User ’s Ma nual Step 13. Click next. Step 14. Enter the W AN IP of Remote user , 210.66.155.91. - 120 -[...]
-
Page 126
Content Security Gateway User ’s Ma nual Step 15. click all network connection s. Step 16. Ch oose Use this string to prote ct the key e xchange (Preshared Key). And enter the key , 123456789. - 121 -[...]
-
Page 127
Content Security Gateway User ’s Ma nual Step 17. Cli ck Add. Step 18. Enter the nam e of IP filter and click “Add..”. - 122 -[...]
-
Page 128
Content Security Gateway User ’s Ma nual Step 19. Cli ck next. Step 20. In Source ad dress, click down the arrow t o sele ct the specific IP Subnet and fill Comp any A ’s IP Address, 192.168.10.0 and Subnet mask 255.255.2 55.0. - 123 -[...]
-
Page 129
Content Security Gateway User ’s Ma nual Step 21. In Destination ad dress, click down t he arrow to select the My IP Address. Step 22. Click next. - 124 -[...]
-
Page 130
Content Security Gateway User ’s Ma nual Step 23. Please en able edit properties, a nd click finish. Step 24. Please do n’t enable Mirrored, and cli ck OK. - 125 -[...]
-
Page 131
Content Security Gateway User ’s Ma nual Step 25. Click OK. Step 26. Sele ct T raffi c-in and click nex t. - 126 -[...]
-
Page 132
Content Security Gateway User ’s Ma nual Step 27. Enable User Add Wizard and cl ick add. Step 28. Click next. - 127 -[...]
-
Page 133
Content Security Gateway User ’s Ma nual Step 29. Enter the name of filter action and click next. Step 30. Select Neg otiate security and click next. - 128 -[...]
-
Page 134
Content Security Gateway User ’s Ma nual Step 31. Click next. Step 32. Sele ct Custom and clic k settings. - 129 -[...]
-
Page 135
Content Security Gateway User ’s Ma nual Step 33. Click Data Integri ty and Encapsulation an d choose MD5 and 3 DES. Click Generate a Ne w key aft er every 28800 seconds. And click 3 times OK to return. Step 34. Click finish. - 130 -[...]
-
Page 136
Content Security Gateway User ’s Ma nual Step 35. Select se curity and click next. Step 36. Click finish. - 131 -[...]
-
Page 137
Content Security Gateway User ’s Ma nual Step 37. Cli ck Add. Step 38. Click next. - 132 -[...]
-
Page 138
Content Security Gateway User ’s Ma nual Step 39. Enter the W AN IP of comp any A, 210.66.155.90. Step 40. Select All network connections and click next. - 133 -[...]
-
Page 139
Content Security Gateway User ’s Ma nual Step 41. Ch oose Use this string to prote ct the key e xchange (Preshared Key). And enter the key , 123456789. Step 42. Cli ck Add. - 134 -[...]
-
Page 140
Content Security Gateway User ’s Ma nual Step 43. Enter the name of IP filter and click “Add…”. Step 44. Click next - 135 -[...]
-
Page 141
Content Security Gateway User ’s Ma nual Step 45. In Source address, click do wn the ar row to select the My IP Address. Step 46. In Destination address, click d own the arrow to se le ct the specific IP Subnet and fill Comp any A ’s IP Address, 192.168.10.0 and Subnet mask 255.255.2 55.0. - 136 -[...]
-
Page 142
Content Security Gateway User ’s Ma nual Step 47. Click next. Step 48. Please en able Edit properties a nd click finish. - 137 -[...]
-
Page 143
Content Security Gateway User ’s Ma nual Step 49. Please do n’t enable Mirrored a nd click ok. Step 50. Click ok. - 138 -[...]
-
Page 144
Content Security Gateway User ’s Ma nual Step 51. Select Traf fic-out and click next. Step 52. Select Secu rity and click edit. - 139 -[...]
-
Page 145
Content Security Gateway User ’s Ma nual Step 53. Enable Session key perfect forward secrecy (PFS) and click o k. Step 54. Select Secu rity and click next. - 140 -[...]
-
Page 146
Content Security Gateway User ’s Ma nual Step 55. Please do n’t enable Edit properties and click finish. Step 56. Cli ck apply first and then click ok. - 141 -[...]
-
Page 147
Content Security Gateway User ’s Ma nual Step 57 Click the right button of mouse in IPSec cho ose Assign option. Step 58. Ping the remote g ateway of Company A, the VPN tunnel is created successfully . Example 3. Create a VPN connec tion between two Co ntent Security Gate ways using Aggressive mode Algorithm (3 DES and MD5), and dat a encr yption[...]
-
Page 148
Content Security Gateway User ’s Ma nual Company B External IP is 21 1.22.22.22 Internal IP is 192.168.20.X T o Allow Company A, 192.168.10.100 create a VPN connection with comp any B, 192.168.20.100 for downloading the sharing file. The Gateway of Comp any A is 192.168.10.1. The se ttings of company A are as the following. Step 1. Enter the defa[...]
-
Page 149
Content Security Gateway User ’s Ma nual Step 6. In IPSec Algorit hm T able, choose Data Encryp tion + Authentication. We choose 3DES for ENC Algorithm and MD5 for AUTH Algorithm. Step 7. Choo se GROUP 1 as the Perfect Forward Secr ecy setting, and leave the default setting with 28800 seconds in IPSec Lifetime and 36 00 seconds for ISAKMP Lifetim[...]
-
Page 150
Content Security Gateway User ’s Ma nual Step 13. Cli ck OK to finish the T unnel setting of Company A. Step 14. If you want to configure bi -direction VPN connecti on, you should enable T unnel setting in Outgoing and Incoming Policy . Outgoing Policy: Incoming Policy: The Gateway of Comp any B is 192.168.20.1. The settings of company B are as t[...]
-
Page 151
Content Security Gateway User ’s Ma nual Step 1. Enter the default IP of Company B’s Content Securi ty Gateway , 192.168.20.1. Click VPN in the menu bar on the left hand si de, and then select the sub-select IPSec Autokey . Click Add. Step 2. Enter the VPN name, VPN_B in IPSec Autokey window. Step 3. In T o Destination table, choose Remote G at[...]
-
Page 152
Content Security Gateway User ’s Ma nual Step 7. Choo se GROUP 1 as the Perfect Forward Secr ecy setting, and leave the default setting with 28800 seconds in IPSec Lifetime and 36 00 seconds for ISAKMP Lifetime. Step 8 . Click OK to finish the setting of Company B. Step 9. Click Tunnel and p ress New Entry to configure the further setting. Step 1[...]
-
Page 153
Content Security Gateway User ’s Ma nual Step 14. If you want to configure bi -direction VPN connecti on, you should enable T unnel setting in Outgoing and Incoming Policy . Outgoing Policy: Incoming Policy: Example 4. Create a VPN connectio n bet w een Content Security Gate way and PLANET VRT -31 1 VPN Router . Preparation T ask: Company A Exter[...]
-
Page 154
Content Security Gateway User ’s Ma nual Step 3. In T o Destination table, choose Remote G ateway-Fixed IP or Dom ain Name, enter the IP address desired to be connected. Step 4. In Authentication Method T able enters the Preshared Key . Step 5. In Encapsulation or Authentication table, choo se ISAKMP Algorithm. For communi cation via VPN, we choo[...]
-
Page 155
Content Security Gateway User ’s Ma nual Step 10. Cli ck T unnel and press New Entry to config ure the further setting. Ste p 1 1. Enter Site_A as the new tunnel name, and select LAN interface a s the VPN source. Fill LAN IP subnet 192.168.10.0 with sub net mask IP 255.255.255.0. Step 12. In T o Destination table, fill comp any B’ s subnet IP a[...]
-
Page 156
Content Security Gateway User ’s Ma nual Incoming Policy: - 151 -[...]
-
Page 157
Content Security Gateway User ’s Ma nual S tep 2: Configure VR T -31 1 VPN policy as the following: - 152 -[...]
-
Page 158
Content Security Gateway User ’s Ma nual 4.4 Policy This section provides the Administrato r with facilities to sent control polic ies for packets with dif ferent source IP addresse s, source port s, destination IP addresses, and destination ports. Cont rol policies decide wheth er packet s from dif ferent network objects, network serv ices, a nd[...]
-
Page 159
Content Security Gateway User ’s Ma nual The fields in the Outgoing wind ow are: Source: Source network addre sses that ar e specifie d in the LAN section of Address menu, or all the LAN network addresses. Destination: Destination network addresses that are specified in the WAN section of the Address menu, or all of the WAN network addres[...]
-
Page 160
Content Security Gateway User ’s Ma nual Step 2: Confi gure all the p arameters. Source Address: Select the name of t he LAN network from the drop down li st. The drop down list contains the names of all LAN network s defined in the LAN section of the Address menu. To create a new source address, plea se go to the LAN section under the Address me[...]
-
Page 161
Content Security Gateway User ’s Ma nual Removing the Outgoing Policy Step 1. In the Outgoing policy section, locate the name of the policy desired to be removed and click its corresponding Remov e option in the Configure field. Step 2. In the Remove confirmation dialogue box, click OK to remove the policy or click Cancel to cancel removing. 4.4.[...]
-
Page 162
Content Security Gateway User ’s Ma nual Step 1: Click Incoming under the Policy menu to enter the Incoming window. The Incoming table will display current defined policies from the WAN network to assigned Mapped IP or Virtual Serv er. Step 2: The fields of the Incoming window are: Source: Source networks whi ch are specified in the WAN secti[...]
-
Page 163
Content Security Gateway User ’s Ma nual Source Address: Select names of the WAN net works fr om the drop down list. The drop down list contains the names of all WAN networks defin ed in the WAN section of the Address menu. To create a new source address, please go to the LAN section unde r the Address menu. Destina tion Add ress: Select names of[...]
-
Page 164
Content Security Gateway User ’s Ma nual Removing an Incoming Policy Step 1: In the Incoming window, locate the name of p olicy desired to be removed and cli ck its corresponding [ Remove ] in the Configure field. Step 2: In the Remove confirmation window, click Ok to remove the policy or cli ck Cancel to cancel removing. 4.4.3 WAN To DMZ & L[...]
-
Page 165
Content Security Gateway User ’s Ma nual The fields in W AN T o DMZ window: Source: Source networ ks, which are addresse s specified in the WA N section of the Address menu, or all the WAN network add resses. Destination: Destination networks, which are addres ses specified in DMZ section of the Address menu and Mapped IP addresse s of the Virtua[...]
-
Page 166
Content Security Gateway User ’s Ma nual Step 2: Configure the parameters. Source Address: Select names of the WAN net works fr om the drop down list. The drop down list contains the names of a ll WAN networks defined in the WAN section of the Address menu. To create a new source address, please go to the LAN section under the Ad dress menu. Dest[...]
-
Page 167
Content Security Gateway User ’s Ma nual Step 2: In the Modify Policy window, fill in new settings. Step 3: C l i c k OK to do save modifications. Removing a W AN T o DMZ Policy: Step 1: In the WAN To DMZ windo w, locate the name of policy desi red to be removed and click i ts corresponding Remov e option in the Configure field. Step 2: In the Re[...]
-
Page 168
Content Security Gateway User ’s Ma nual Entering the DMZ T o W AN window: Click DMZ To WAN under Polic y menu and the DMZ To WAN table appears displaying currently defined DMZ To WAN policies. The fields in the DMZ To WAN window are: Source: Source network addresses which are specified in the DMZ section of the Address window. Destination: Desti[...]
-
Page 169
Content Security Gateway User ’s Ma nual Step 2: Configure the parameters. Source Address: Select the name of th e DMZ network fr om the drop down list. The drop do wn list will contain names of DMZ networks defined in DMZ section of the Address menu. To add a new source address, plea se go to the DMZ section under the Address menu. Destina tion [...]
-
Page 170
Content Security Gateway User ’s Ma nual Content Blocking: Sele ct Enable to enable Content Blocki ng. Max. Concurrent Sessions: The maximum co ncurrent sessions that allows to pass through CS-500. 0 means it is unlimited. QoS: Select the item listed in the QoS to enable the policy to automatically execute the function in a certain time and range[...]
-
Page 171
Content Security Gateway User ’s Ma nual 4.5 Mail Security This section provides the Administrator to configure Ma il Security rule for protecting client PC from virus and spam mail att acking. Meanwhile, CS-500 provides the ability to update virus p attern by schedule or manually , and it also provides auto-learning system to raise the rate of s[...]
-
Page 172
Content Security Gateway User ’s Ma nual When receive unscanned mail, it will add t he tag in front of the e-mail subject. Mail Relay: After scannin g the mails that sent to Internal Mail Server by Anti-Sp am and Anti-Virus function of CS-500, then to setup the relevant setting in Mail Relay function. For the example s below you can underst and m[...]
-
Page 173
Content Security Gateway User ’s Ma nual Mail Relay setting is complete. The external mails send to planet.com.tw that will be received by CS-500 and redirect to the mail server af ter filtering. Example 2: T o setup CS-500 between the original Gate way and Mail Server (Mail Serv er in DMZ, T ransp arent Mode) Prep aration: The Original Gateway?[...]
-
Page 174
Content Security Gateway User ’s Ma nual STEP 2 ﹒ Add the second setting in Mail Relay function of Configure : Select Allowed External IP of Mail Relay IP Addres s: Enter the IP Address of external sender Enter the Netmask Complete Mail Relay setting Example 3: The Headquarter s setup CS-500 as Gate way (Mail Serv er in DMZ, T r[...]
-
Page 175
Content Security Gateway User ’s Ma nual STEP 1 ﹒ Add the first setting in Mail Relay function of Configure : Select Domain Name of Internal Mail Server Domain Name of Mail Server: Enter the Domain Name IP Address of Mail Server: Enter the IP address that Mail Server ’s domain name mapped to. STEP 2 ﹒ Add the second setting in M[...]
-
Page 176
Content Security Gateway User ’s Ma nual efficien cy of the employees and will not lose the important informati on of enterprise. In this chapter , we will have the detaile d illustration about Anti-S p am: 4.5.2.1 Setting The Administrator ca n choose the inspection way of the mails, where the mail server is placed in Intern al (LAN or DMZ) or E[...]
-
Page 177
Content Security Gateway User ’s Ma nual Check sender accoun t : Select to allow CS-500 checking sender’s account when it receives the mail, if the sender ’s account is faked, CS-500 will treat the mail as the spam . Check sender IP address in RBL (Realtime Blackhole List) : Select this function to allow CS-500 checking mail with RBL list. Ad[...]
-
Page 178
Content Security Gateway User ’s Ma nual Below is the information needed for setting up the Rul e : • Rule Name: The nam e of the custom spam mail determination rul e. • Comments: T o explain the meaning of the custom rule. • Combination: And: It must be fit in with all of the custom mail rules that would be considered as sp am mail or ham [...]
-
Page 179
Content Security Gateway User ’s Ma nual Adding a new Rule Step 1: Click on the Ne w Entry button and the Rule window will appear . Step 2: Fill in the appropriate setti ngs for the related information.. Step 3: Click OK to save the policy or Cancel to cancel. Modifying a Rule Step 1: In the Rule window , find the policy to be modified and click [...]
-
Page 180
Content Security Gateway User ’s Ma nual 4.5.2.3 Whitelist T o determine the mail comes from specific mail address t hat can se nd to the recipient without being restri cted. Below is the information needed for setting up the Whitelist • Whitelist: S pecify the key word or with wildcard for the Whitelist field.. • Direction: From: T o judge t[...]
-
Page 181
Content Security Gateway User ’s Ma nual Removing a Whitelist Step 1: In the Rule window , find the policy to be removed and clic k the corresponding Remov e option in the Configure field. Step 2: A confirmation pop-up box will appear , click OK to remove the Host T able or click Cancel . 4.5.2.4 Blacklist T o determine the mail comes from specif[...]
-
Page 182
Content Security Gateway User ’s Ma nual Adding a new Blacklist Step 1: Click on the Ne w Entry button and the Blacklist window will appear . Step 2: Fill in the appropriate setti ngs for the related information.. Step 3: Click OK to save the policy or Cancel to cancel. Modifying a Blacklist Step 1: In the Blacklist window , find the policy to be[...]
-
Page 183
Content Security Gateway User ’s Ma nual Step 2: A confirmation pop-up box will appear , click OK to remove the Host T able or click Cancel . 4.5.2.5 Training CS-500 provides a training system to improve the identify rate of sp am, the database can be updated by manually or from the rule setting. Below is the information need ed for setting up th[...]
-
Page 184
Content Security Gateway User ’s Ma nual Example: How to train mail into CS-500 STEP 1 ﹒ Create a new folder S pamMail in Outlook Express : Press the right key of the mouse and select Ne w Folder . In Create Fol der W ebUI and enter the Folder ’s Nam e as S pamMail, and then click on OK. - 179 -[...]
-
Page 185
Content Security Gateway User ’s Ma nual STEP 2 ﹒ In Inbox-Outlook Express , move spam mail to Sp amMail Folder: In Inbox, select all of the spam m ails that do not judge correctly and pre ss the right key of the mouse and move to the folder . In Move W ebUI, select Spa mM a il Folder and click OK. - 180 -[...]
-
Page 186
Content Security Gateway User ’s Ma nual STEP 3 ﹒ Compress the S pamMail Folder in Outlook Express to shorte n the dat a and upload to CS-500 for training: Select SpamM a il Folder Select Comp act function in selection of the folder - 181 -[...]
-
Page 187
Content Security Gateway User ’s Ma nual STEP 4 ﹒ T o copy the route of S pa mMail File in Outlook Express to co nvenient to upload the traini ng to CS-500: Press the right key of the mouse in S pamMail file an d select Properties function. Copy the file address in Sp amMail Properties WebUI. - 182 -[...]
-
Page 188
Content Security Gateway User ’s Ma nual STEP 5 ﹒ Paste the route of copied from S pamMail file to the S pam Mail for T raining field in T raining function of Anti-S p am . And press OK to deliver this file to CS-500 inst antly and to learn the uploaded mail file as sp am mail in the appointed time. - 183 -[...]
-
Page 189
Content Security Gateway User ’s Ma nual Note: 1. The training file that uploads to CS-500 can be an y dat a file and not restricted in it s sub-name, but the file must be ACSII form. 2. When the tr aining file of CS-500 is Microsof t Of fice Outlook exporting file [.p st], it has to close Microsof t Office Outlook first t o st art Importing. STE[...]
-
Page 190
Content Security Gateway User ’s Ma nual 4.5.2.6 Spam Mail This item will show the top chart that represent s t he received and sent spam mail from recipient. In T op T otal Spam report, you can choose to display the scan ned mails that sent to Internal Mail Server or received from External Mail Server . It also can sort the mail according to Rec[...]
-
Page 191
Content Security Gateway User ’s Ma nual Definition: Virus Scan Engine : Select Clam to enable Anti-virus function or Select Disable to disable it.. The Mail Server is placed in Internal (LAN or DMZ) or External (W AN) : Select to choose the location of the mail server . Add the message to the subject line : If the mail has been filtered to the v[...]
-
Page 192
Content Security Gateway User ’s Ma nual 4.5.3.2 Virus Mail This item will show the top chart that represent s t he received and sent virus mail from recipient. In T op T ot al Vir u s report, you can choose to display the scanned mails that sent to Internal Mail Server or received from External Mail Server . It also can sort the mail according t[...]
-
Page 193
Content Security Gateway User ’s Ma nual 2. Click OK . 3. High Risk : Select drop and log function. 4. Medium Risk : Select drop and log function. 5. Low Risk : Select pass and log function . 6. Click OK . 7. Enable IDP func tion in policy . When the attack beh avior matches the signature, CS -500 will produce log as foll ows in Log function [...]
-
Page 194
Content Security Gateway User ’s Ma nual Max. Threshold □ Pkt s / Sec: Configure the value to define the Syn Flood signature. Blocking Ti me: Set up the timing to block the att acked connec tion. The function is available when the Action sets to Drop . Action: When the pa ckets match the signature, sele ct Pass to pass t he pa cket s, or select[...]
-
Page 195
Content Security Gateway User ’s Ma nual Name: The Sy stem Manager can nam e the signature. Protocol: Select the protocol which want s to be detect ed and prevented, it can be divided: TCP , UDP , ICMP and IP . Source Port: Configure the port numbe r that is used to attack the PC. (The range can be from 0 to 65535). Destination Port: Configure th[...]
-
Page 196
Content Security Gateway User ’s Ma nual Destination Port : Enter 80:80. Risk : Select High. Action : Select Drop and enable Log fun ction. Content : Enter cracks. Click OK to finish the IDP setting. STEP 3. Enter the following settings in Outgoing Policy to enable the IDP function: - 191 -[...]
-
Page 197
Content Security Gateway User ’s Ma nual 4.6.3 IDP Report CS-500 can make intrusio n detection and prevention reco rd to a Log report, and allow admin istrator to know the network security st atus for the overall network. STEP 1. In Log of IDP Report function, it will display the situation abo ut intrusion detection and prevention of CS-500 . Ico[...]
-
Page 198
Content Security Gateway User ’s Ma nual Enable Anomaly Flo w IP Blocking : Select this option to enable the Anomaly Flow IP blocking function. Once the Anomaly Flow IP attacked is detected, it will block the connection for user-drefined blocking time. Enable E-mail Alert Notification : When Anomaly Flow IP attacked is detected, send aler[...]
-
Page 199
Content Security Gateway User ’s Ma nual ÍÍ T raffic Log T able The table in the Traffic Log window di splays current System statuses: Definition : Time : The start time of the connection. Source: IP address of the source network of the spe cific connection. Destination: IP address of the destinati on netwo rk of the specific connec[...]
-
Page 200
Content Security Gateway User ’s Ma nual 4.8.1.2 Event When the Content Security Gateway W AN detects event s, the Administrato r can get the det ails, such as time and description of the event s from the Event Logs. Entering the Event Log window Step 1. Click the Event Log option under the Log menu and the Event Log window will appear. ÍÍ Step[...]
-
Page 201
Content Security Gateway User ’s Ma nual Step 2. Follow the File Download pop-up window to save the event logs into a specific dire ctory on the hard drive. Clearing the Event Logs The Administrator may clear on-line event logs to keep just the most updated logs on the screen. Step 1. In the Event Log window, click the Clea r Logs button at the b[...]
-
Page 202
Content Security Gateway User ’s Ma nual Download Logs Step 1. Click Log in the menu bar on the left hand side and t hen select the sub-selection Connec tion Log . Step 2. In Connection Log window, click the Download Logs button. Step 3. In the Download Logs window, save the l ogs to the specified location. Clear Logs Step 1. Click Log in the men[...]
-
Page 203
Content Security Gateway User ’s Ma nual Log Mail Configuration : When the Log Mail files accumulat ed up to 300Kbytes, router will notify administrator by email with the traf fic log and event log. NOTE : Before enabling this function, you have to configure E-mail Settings in System -> Settings. Syslog Settings : If you enabl e this function,[...]
-
Page 204
Content Security Gateway User ’s Ma nual 4.8.2.1 Setting Select Setting to configure what type of Accounting Report w ill be logged at CS-500. There are three types of report can be select: Source IP , Destination IP and Service . Outbound Accounting Report : the st atistics of the downstream and up stream for the LAN, W AN and all kinds of commu[...]
-
Page 205
Content Security Gateway User ’s Ma nual ÍÍ Outbound Source IP Accounting Report Pull down the menu and select Source I P to show the outbound source IP accounting report. When LAN users connect to W AN service server through CS -500, all of the Downstream / Up stream / First Packet / Last Packet / Duration log of the source IP wil l be recorde[...]
-
Page 206
Content Security Gateway User ’s Ma nual Outbound Destination IP Accounting Report Pull down the menu and select Destination IP to show the outbo und destination IP accounting report. When LAN user connect to W AN service server through CS-500, all of the Downstream / Upstream / First Packet / Last Packet / Duration log of the Destination IP will[...]
-
Page 207
Content Security Gateway User ’s Ma nual When LAN users connect to W AN Service Server through CS-500, all of the Down stream / Upstream / First Packet / Last Packet / Duration log of the Communication Service will be recorded. Definitions : T op: Select the dat a type you want to chec k. It present s 10 result s in one page. Service: The repo rt[...]
-
Page 208
Content Security Gateway User ’s Ma nual ÍÍ Inbound Source IP Accounting Report Pull down the menu and select Source I P to show the inbound source IP accounting report. When W AN users connect to LAN service server through CS -500, all of the Downstream / Up stream / First Packet / Last Packet / Duration log of the source IP wil l be recorded.[...]
-
Page 209
Content Security Gateway User ’s Ma nual Pull down the menu and select Destination IP to show the inbo und destination IP accounting report. When W AN host connect to LAN through CS-500, a ll of the Downstream/ Upstrea m/First Packet/Last Packet/Duration log of the De stination I P will be re corded. Definitions : T op: Select the dat a type you [...]
-
Page 210
Content Security Gateway User ’s Ma nual When W AN host connect to LAN host through CS-500 , all of the Downstream/Up stream/First Packet/Last Packet/Duration log of the Communicati on Service will be recorded. Definitions : T op: Select the dat a type you want to chec k. It present s 10 result s in one page. Service: The report of Communication [...]
-
Page 211
Content Security Gateway User ’s Ma nual setup by the Administrator . How to use St atistics The Administrator ca n get the curre nt network st atus from st atistics, and use t he information provided by statistics a s a basis to mange networks. How to apply W AN S t atistics The Administrator nee ds to go to Policy to set the ne twork IP address[...]
-
Page 212
Content Security Gateway User ’s Ma nual Entering the S t atistics window The Statistics window displays the statis tics of current network conn ections. Source: the name of source addres s. Destination: the name of destination addre ss. Service: the service requested. Action: permit or deny Time: viewable by minutes, hours, o[...]
-
Page 213
Content Security Gateway User ’s Ma nual 4.8.4 Status In this section, the device displays the status inform ation about the Content Securi ty Gateway. Status will display the network information from the Config uration menu. The Administ rator may also use Status to che ck the DHCP lease time and MAC addresses for computer s connected to the Con[...]
-
Page 214
Content Security Gateway User ’s Ma nual 4.8.4.2 Authentication Entering the Auth St atus windo w Click on Status in the menu bar, then click Authentication below it. A window will appe ar and provide information from the Auth User menu. Authentication St atus will list the settings f or Auth User login status. IP Addres s: The IP address of the [...]
-
Page 215
Content Security Gateway User ’s Ma nual IP Addres s: The IP address of the host compute r MAC Address: The MAC address of that host computer Interface: The port that the host computer is connected to (LAN, W AN, DMZ) 4.8.4.4 DHCP Clients Entering the DHCP Client s window Click on Statu s in the menu bar , then click on DHCP Client s below it. A [...]