Secure Computing SG570 Uživatelský manuál Strana 306
- Strana / 341
- Tabulka s obsahem
- ŘEŠENÍ PROBLÉMŮ
- KNIHY
Hodnocené. / 5. Na základě hodnocení zákazníků
Commonly used interfaces are:
eth0 the LAN port
eth1 the WAN/Internet port
pppX e.g. ppp0 or ppp1, a PPP session
IPSecX e.g. IPSec0, an IPSec interface
The firewall rules deny all packets arriving from the WAN port by default. There are a few
ports open to deal with traffic such as DHCP, VPN services and similar. Any traffic that
does not match the exceptions however is dropped.
There are also some specific rules to detect various attacks (smurf, teardrop, etc.).
When outbound traffic (from LAN to WAN) is blocked by custom rules configured in the
GUI, the resultant dropped packets are also logged.
The <prefix> for all these rules is varied according to their type.
Currently used prefixes for traffic arriving:
Default Deny Packet didn't match any rule, drop it
Invalid Invalid packet format detected
Smurf Smurf attack detected
Spoof Invalid IP address detected
SynFlood SynFlood attack detected
Custom Custom rule dropped outbound packet
300
Appendix B – System Log
- Secure Computing SnapGear™ 1
- User Manual 1
- Contents 3
- Document Conventions 6
- 1. Introduction 7
- Front panel LEDs 11
- Front panel 11
- Rear panel 12
- Specifications 12
- Bridged mode 13
- Secure by default 14
- Introduction 16
- 2. Getting Started 17
- Unpack the SnapGear unit 18
- Set up the PCs on your LAN 35
- SG PCI Appliance Quick Setup 40
- Automatic configuration 43
- Manual configuration 45
- Backup/restore configuration 48
- 3. Network Setup 49
- Direct Connection 52
- Firewall class 53
- Ethernet configuration 53
- Interface aliases 54
- Manually assign settings 58
- Connection (dial on demand) 59
- Cable Modem 60
- Dialout and ISDN 61
- Dial-in 62
- Connecting a dial-in client 65
- Internet Failover 69
- Edit connection parameters 70
- Internet Load Balancing 74
- Enabling load balancing 75
- High Availability 76
- Enabling high availability 78
- DMZ Network 79
- Configuring a DMZ connection 80
- Services on the DMZ network 80
- Guest Network 81
- Wireless 83
- Basic wireless settings 84
- Security 85
- Wireless security 86
- WEP security method 86
- WEP with 802.1X 87
- WPA-Enterprise 88
- ACL (Access Control List) 88
- Connecting wireless clients 93
- Bridging 97
- Adding a bridge interface 98
- Edit bridge configuration 99
- Adding VLANs 101
- Editing VLANs 102
- Removing VLANs 102
- Port Based VLANs 103
- Adding port based VLANs 105
- GRE Tunnels 107
- GRE over IPSec 108
- Adding a GRE interface 108
- GRE troubleshooting 111
- Static routes 112
- Policy routes 112
- Route management 113
- Hostname 121
- Workgroup/domain 121
- Administrative contact 121
- Device location 121
- DNS proxy 122
- Dynamic DNS 123
- Static hosts 123
- DHCP Server 124
- DHCP addresses 125
- Address list 125
- Reserving IP addresses 127
- DHCP status 127
- DHCP Proxy 128
- Web Cache 129
- Storage 130
- Local storage 130
- Network storage share 131
- ICAP client 134
- Advanced 135
- QoS Traffic Shaping 136
- QoS autoshaper 137
- QoS traffic shaping 137
- Configuring the SIP proxy 140
- 4. Firewall 141
- Administration services 142
- Web Management 143
- SSL/HTTPS (Secure HTTP) 144
- Upload SSL certificates 145
- Create SSL certificates 145
- Customizing the Firewall 146
- Definitions 146
- Service groups 147
- Addresses 148
- Interfaces 149
- Packet Filtering 150
- Rate limiting 152
- Custom firewall rules 154
- Port forwarding 155
- Source NAT 160
- 1-to-1 NAT 163
- Masquerading 164
- Configuring the UPnP Gateway 165
- Connection Tracking 167
- Intrusion Detection 169
- IDB Configuration 170
- Dummy services 171
- Snort and IPS configuration 173
- Enabling access control 177
- User authentication 179
- Browser setup 180
- Web lists 182
- Content filtering 185
- Content or Webwasher? 185
- Webwasher 186
- Content 187
- Antivirus 188
- Enable antivirus 189
- Network share 190
- POP email 193
- Scan all POP email 193
- SMTP email 196
- PPTP and L2TP 200
- PPTP VPN Server 200
- Add a PPTP user account 202
- Windows XP PPTP client setup 205
- L2TP VPN Server 208
- Add an IPSec tunnel 210
- Add an L2TP user account 212
- PPTP and L2TP VPN Client 215
- Quick Setup 218
- Set Up the Branch Office 221
- Tunnel settings page 222
- Local endpoint settings 225
- Other options 226
- Phase 1 settings 230
- Phase 2 settings page 232
- Enable IPSec 233
- Local endpoint settings page 234
- Phase 1 settings page 235
- Tunnel List 236
- NAT Traversal Support 239
- Dynamic DNS Support 239
- Certificate Management 239
- The OpenSSL application 240
- Extracting certificates 240
- Creating certificates 241
- Create a CA certificate 241
- Add certificates 243
- IPSec Failover 244
- IPSec Troubleshooting 253
- Port Tunnels 256
- Tunnel server 257
- Tunnel client 258
- USB Mass Storage Devices 260
- Share the storage device 261
- Set access permissions 261
- Join a Windows workgroup 263
- USB Printers 267
- Set up the print spool 268
- Printer Troubleshooting 273
- 7. System 275
- Network time 276
- Adding an NTP peer 276
- Backup/Restore Configuration 277
- Remote backup/restore 278
- Local backup/restore 278
- Text save/restore 279
- Administrative users 280
- Local Users 282
- TACACS+ 284
- Management 285
- Diagnostics 288
- Local syslog 289
- Remote syslog 289
- Email delivery 290
- Network tests 291
- Packet Capture 291
- Reboot and Reset 292
- Flash upgrade 293
- Netflash 294
- Flash upgrade via HTTP 294
- Flash upgrade via TFTP 294
- Configuration Files 295
- Support 296
- Technical support report 297
- Appendix A – Terminology 298
- Appendix B – System Log 305
- Creating Custom Log Rules 307
- Rate Limiting 310
- Boot Log Messages 311
- Practices and Precautions 312
- Failed Upgrade 314
- Appendix E – System Clock 318
- Appendix F – Null Modem 319
- Administration 319
- Troubleshooting 320
- Appendix G – Command Line 321
- Interface (CLI) 321
© 2020, manymanuals.cz. Všechna práva vyhrazena. | 0.059 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentáře k této Příručce