Secure Computing SG550 Uživatelský manuál Strana 170
- Strana / 297
- Tabulka s obsahem
- ŘEŠENÍ PROBLÉMŮ
- KNIHY
Hodnocené. / 5. Na základě hodnocení zákazníků
Firewall
166
In addition to enforcing the services aspect of security groups, it is possible to include a
number of NASL (Nessus Attack Scripting Language) scripts in /etc/config on the unit and
to define some or all of these to be run against the target hosts. Typically, one would use
attack scripts from the Nessus suite to scan for specific vulnerabilities and exploits on a
host. If any script detects such a vulnerability, Internet access is again blocked. The list
of available scripts is automatically populated from the files ending with .nasl in
/etc/config.
Security groups may overlap with respect to hosts within them. In this case, a single
allow service overrides any number of denies of that same service. However, NASL
scripts and overlapping groups do not interoperate particularly and should be avoided.
The top level page has a checkbox Block Unscanned Hosts which defines the
behaviour for a host which hasn't been scanned or is not defined to be scanned.
The Minimum Inter Probe Delay specifies a minimum number of seconds between
scans of a single host. It also specifies the maximum time for changes to take effect.
The Simultaneous Probes setting specifies the maximum number of different hosts that
should be scanned together.
Content filtering
Note
Content filtering is only available after your have registered your SG unit and activated
your content filtering licence (sold separately). See the Obtaining a content filtering
licence section below.
- Secure Computing SG 1
- User Manual 1
- Contents 2
- 1. Introduction 5
- Front panel LEDs 6
- Rear panel 7
- Front panel 9
- Specifications 10
- Bridged mode 11
- Secure by default 12
- Document Conventions 14
- 2. Getting Started 15
- Unpack the SG unit 16
- Set up the SG unit’s switch 23
- Set up the PCs on your LAN 33
- SG PCI Appliance Quick Setup 37
- Automatic configuration 40
- Manual configuration 41
- The SG Management Console 44
- 3. Network Setup 45
- Direct Connection 48
- Firewall class 49
- Ethernet configuration 49
- Interface aliases 50
- Manually assign settings 54
- Connection (dial on demand) 55
- Cable Modem 56
- Dialout and ISDN 57
- Port settings 58
- Static addresses 58
- Aliases 58
- Dialin setup 58
- Connecting a dialin client 60
- Internet Failover 65
- Edit connection parameters 66
- Internet Load Balancing 69
- Enabling load balancing 70
- High Availability 72
- Enabling high availability 73
- Advanced configurations 74
- DMZ Network 75
- Guest Network 76
- Wireless 79
- Basic wireless settings 80
- Wireless security 81
- WEP security method 82
- ACL (Access Control List) 83
- Connecting wireless clients 87
- Bridging 90
- Adding a bridge interface 91
- Edit bridge configuration 92
- Adding VLANs 95
- Editing VLANs 95
- Port Based VLANs 96
- Adding port based VLANs 98
- GRE Tunnels 100
- GRE over IPSec 101
- GRE troubleshooting 104
- Static routes 104
- Route management 105
- Hostname 112
- Workgroup/domain 113
- Administrative contact 113
- Device location 113
- DNS proxy 113
- Dynamic DNS 114
- DHCP Server 115
- DHCP addresses 116
- Address list 116
- Reserving IP addresses 118
- DHCP status 118
- Web Cache 119
- Enabling the web cache 120
- Selecting a cache size 120
- Storage 120
- Local storage 121
- Network storage share 121
- ICAP client 124
- Advanced 125
- QoS Traffic Shaping 127
- ToS traffic shaping 128
- Configuring the SIP proxy 130
- 4. Firewall 131
- Administration services 132
- Web Server 133
- SSL/HTTPS (Secure HTTP) 134
- Customizing the Firewall 135
- Definitions 136
- Addresses 137
- Interfaces 138
- Packet Filtering 139
- Rate limiting 142
- Custom firewall rules 143
- Port forwarding 144
- Source NAT 149
- 1-to-1 NAT 151
- Masquerading 152
- Configuring the UPnP gateway 153
- Connection Tracking 155
- Intrusion Detection 156
- The benefits of using an IDS 157
- IDB Configuration 158
- Dummy services 159
- Snort and IPS configuration 160
- Enabling access control 164
- User authentication 165
- Browser setup 167
- Web lists 169
- Content filtering 170
- Content or Webwasher? 171
- Content 172
- Webwasher 173
- ZoneAlarm 174
- Antivirus 175
- Enable antivirus 176
- Network storage 177
- POP email 180
- Scan all POP email 180
- SMTP email 182
- PPTP and L2TP 187
- PPTP VPN Server 187
- Add a PPTP user account 189
- Setup the remote PPTP client 189
- Windows XP PPTP client setup 192
- L2TP VPN Server 195
- Add an IPSec tunnel 197
- Add an L2TP user account 199
- PPTP and L2TP VPN Client 202
- SG unit to SG unit 204
- Set Up the Branch Office 205
- Tunnel settings page 206
- Local endpoint settings 209
- Other options 210
- Phase 1 settings 214
- Phase 2 settings page 216
- Enable IPSec 217
- Local endpoint settings page 218
- Phase 1 settings page 219
- Tunnel List 220
- NAT Traversal Support 223
- Dynamic DNS Support 223
- Certificate Management 223
- The OpenSSL application 224
- Extracting certificates 224
- Create a CA certificate 225
- Creating certificates 225
- Add certificates 227
- IPSec Failover 228
- IPSec Troubleshooting 238
- Port Tunnels 241
- Tunnel client 242
- 6. USB 244
- Share the storage device 245
- Set access permissions 245
- Join a Windows workgroup 247
- USB Printers 251
- Set up the print spool 252
- Printer Troubleshooting 257
- 7. System 259
- Backup/Restore Configuration 260
- Local backup/restore 261
- Text save/restore 262
- Administrative users 263
- Local Users 265
- TACACS+ 266
- Management 267
- Diagnostics 270
- System log 271
- Local syslog 271
- Remote syslog 271
- Email delivery 272
- Reboot and Reset 273
- Reboot device 274
- Erase configuration 274
- Reset button 274
- Flash upgrade 275
- Netflash 276
- Flash upgrade via HTTP 276
- Flash upgrade via TFTP 276
- Configuration Files 277
- Support 278
- Appendix A – Terminology 279
- Appendix B – System Log 285
- Creating Custom Log Rules 287
- Rate Limiting 290
- Boot Log Messages 291
- Practices and Precautions 292
- Failed Upgrade 294
© 2020, manymanuals.cz. Všechna práva vyhrazena. | 0.068 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Komentáře k této Příručce