Securepoint UTM Security Systems Installation Manual · Securepoint UTM Security Systems Installation Manual ... Securepoint Browser GUI and Security Manager ... for firewall rules

en

glis

h

Securepoint UTM Security Systems

Installation Manual

installationenglish 06.10.2009 12:36 Uhr Seite 1

Securepoint Browser GUI and Security Manager

Securepoint Browser GUI

Securepoint UTM security solutions offer high-level, complete and efficient network,

web and mail security by implementing an intuitively usable browser interface, to

protect companies and organizations

against prevailing Internet threats

at all times.

Securepoint Security Manager

The Security Manager can be used for

administrative purposes and configura-

tion as before. With the Securepoint

Security Manager you may remotely

administrate easily up to 65535

Securepoint UTMs from a central point

and manage their configurations.


en

glis

h

Excellent and fast support, free of charge, is available

Please follow this installation guide for Securepoint UTM Security Systems. In case

of problems, please contact our Securepoint support team at no charge.

Phone: 0049 41 31 - 24 01 - 0

(support free of charge for dealers and system retailers)

or send an e-mail specifying the problem to:

e-mail: [email protected]

You may as well use the Securepoint web support forum. In case of problems or any

questions please consult:

Web: http://www.securepoint.de/support/


1 Connecting

The Securepoint UTM appliances come equipped with varying numbers of network

adapters LAN 1, LAN 2 up to LAN n.

Finding a location within the network

An appliance should be positioned in the network directly behind a modem or router.

In case a network is operated behind the appliance, a switch or hub has to be inter-

connected. Connect your modem or router with the appliance's port LAN 1. The switch

or another computer has to be plugged into port LAN 2. Ports LAN 3 up to LAN n are

designated for demilitarized zones (DMZ). Use RJ45 cables for all connections.

Notice:

In case your computer has no Gigbit adapter and is directly connected to

LAN 2, without any intermediate switch or hub, please use a crossover cable.

INTERNET Modemor router

LAN 1

LAN 2

Securepointappliance

Switchor hub

Internalnetwork

!


en

glis

h

2 Factory settings

You may log into the securepoint appliance from your web browser by using the IP

address of the internal interface LAN 2 on port 11115 via https (SSL) protocol. This IP

address is set by default to 192.168.175.1.

Factory settings:

LAN 2, IP address of the internal interface: 192.168.175.1

Browsing the Securepoint appliance GUI:

https://192.168.175.1:11115/

Notice:

The Securepoint appliance's user interface has been optimized for Internet

Explorer 7 and Firefox 3. You should run the browser based interface on a PC

with the following minimal requirements: Pentium 4 processor with at least 1.8

GHz and volatile memory (RAM) of 512 MB or more.

Resetting to factory settings:

The system's web interface allows you to restore factory settings. In menu Configuration

please click Factory Defaults. This will set the configuration back to default values. The

existing configuration will be overwritten! Another way of restoring the appliance's

default settings is by installing the Securepoint ISO image from an USB stick. You can

find the image and a how-to paper on Securepoint's website:

Download Securepoint ISO image (download area) from:

http://www.securepoint.cc

!


3 Connecting and logging in

Start the Securepoint appliance and connect your PC with the LAN 2 interface. In case

your computer has no Gigbit adapter and is directly connected to LAN 2, without any

intermediate switch or hub, please use a crossover cable.

On your PC please set an IP address in the range from 192.168.175.2 to 192.168.175.254

(subnet mask is 255.255.255.0) or acquire an IP address via DHCP from the appliance.

In case your Windows based PC doesn't obtain an address, please open a command

prompt (cmd) and enter the following commands, (see diagram):

ipconfig /release

ipconfig /renew

Notice:

Under certain circumstances you may have to repeat the command.!


en

glis

h

Start your web browser and enter the following address:

Browsing the Securepoint appliance's web interface:

https://192.168.175.1:11115/

Afterwards you will receive a message (see diagram). Acknowledge the appliance's

self-signed certificate. You will then see the administrator login screen.

Log into the appliance by using the standard name and password from the factory

settings:

First login after shipping:

– Standard administrator username: admin

– Standard administrator password: insecure


4 Basic configuration

You may now set up the basic configuration using the installation wizard. The LAN 2

interface settings contain a DHCP address pool which is now adapted to the internal

network. After closing the wizard, you can review and print the configuration: Print

settings. After the wizard is closed, the system will be restarted using the new data.

Step 1: Changing the gateway's LAN 2 IP address (internal network)

Enter the IP address for LAN 2 and subnet mask (e. g. net mask in bitcount format: 24,

same like 255.255.255.0) of the gateway as desired.

Step 2: Choosing the Internet connection type on LAN 1

Please choose the Internet connection type. There are three choices to set up an

Internet connection: DSL, router or cable modem.


en

glis

h

Step 3: Setting DSL (PPPoE), router connection or cable modem usage

As shown in the example: choose an Internet provider and enter your admission data

For router connections: In case you have previously chosen a router connection, please

enter the external IP address, subnet mask and default gateway.

For cable modem usage: In case you have previously chosen a cable modem

connection, nothing else is required.

Step 4: Configuring the gateway's DMZ interface LAN 3 (optional)

Configure the DMZ interface if you like. You may as well skip this step if no DMZ is used

or required.


Step 5: Setting the standard administrator's password

Change the password for the administrator admin. Please choose a fairly safe password.

Final step

Your preliminary configuration is complete now. You have the choice to reevaluate and

print the configuration data. Please click on the button Print Settings.

Finalize the configuration by pressing button Finish. The appliance will be restarted

using your new configuration. Rebooting after the initial configuration may last up to

2 to 4 minutes, depending on the appliance's performance.


en

glis

h

5 Detecting errors

Prior to reinstalling the gateway, please check for possible errors and their solutions as

mentioned below!

Apparently system does not reboot

Rebooting after initial configuration may last 2 to 4 minutes, since the system is

reinitialized and keys are being generated. These processes are very time consuming. In

case your browser shows no reboot after 4 minutes, you have surely changed the IP

address of the internal interface LAN 2.

In this case, you must specify the interface's IP address in your web browser, otherwise

the gateway's web interface will be unreachable. Please enter:

https://“Your new IP address on LAN 2“:11115/

Validating the network address range on your administrator PC

In case you have changed the IP address for LAN 2 (default for internal network:

192.168.175.1, Port 11115) on the appliance, you must set your PC's IP address

within the new network range, else the gateway's web interface is unreachable.


6 Registering and licensing

The UTM systems have to be licensed for proper operation. Without acquiring a

license, the appliance may be outdated and safe operation is impossible.

Registering per phone

You can register your system by phone. Please call us at the telephone number below

and Securepoint will send you a license file.

Phone: 0049 41 31 / 24 01 - 0

Registering and licensing per e-mail

Log into the appliance with your username and password and click on menu Extras.

Choose the entry Registration. Soon afterwards you will receive a mail containing the

admission license file:

http://www.securepoint.cc/registration

Setting the appliance's licence file

Load the file (without any changes) onto the appliance. By doing so your Securepoint

UTM system will become fully functional.


en

glis

h

7 Overview web interface

The Securepoint web cockpit

The cockpit is the web user interface of your Securepoint UTM system. By using the

cockpit, you will get an overview of all functions, system load, services, updates,

attainable downloads, for example documents as well as software and more.

You may set the cockpit for your individual needs. Alternatively, you can manage up to

65535 Securepoint appliances by using the Securepoint Security Manager to

administrate and to operate the appliance. Please refer to the Securepoint manuals.


Menu overview of web cockpit

The following functions are available on the cockpit menus.

Configuration menu

– Configuration Management –> Management of different configurations

– Setup Wizard –> Fast appliance setup

– Reboot System –> Rebooting appliance

– Halt System –> Halting appliance

– Factory Defaults –> Resetting appliance to factory defaults

– Logout –> Logout from cockpit

Network menu

– Server Properties –> System name, DNS server, NTP server,

IP admin area of web cockpit and Security

Manager, external logging/Syslog, SNMP,

clustering/high-availablility

– Network Configuration –> IP interfaces, routing, DSL provider settings,

DynDNS and DHCP settings

– Zone Configuration –> Zone definitions

– Network Tools –> NS lookup, ping, routing table

Firewall menu

– Portfilter –> Management of firewall rules

– Hide NAT –> Network Address Translation/masquerade

– Port Forwarding –> Port forwarding/port translation

– QoS –> Bandwidth limitation/confirmation

– Services –> Definition of services/protocols

– Service Groups –> Grouping of services/protocols

for firewall rules

– Network Objects –> Definition of network objects/networks

– Network Groups –> Grouping of network objects/networks

for firewall rules


en

glis

h

Applications menu

– HTTP Proxy –> Proxy, virus scanner, content filter etc.

– PoP3 Proxy –> Proxy, virus scanner, spam filter etc.

– Mail Relay –> Relaying/routing/greylisting/domain-Map.

– Spamfilter Properties –> Spam filter properties (SMTP, PoP3 etc.)

– VNC Repeater –> Virtual Network Computing Repeater

– VOIP Proxy –> Proxy for Voice over IP

– IDS –> Intrusion Detection System properties

– Service Status –> State of all appliance applications/services

VPN menu

– IPSec Wizard –> IPSec assistent wizard (Site-to-Site,

Roadwarrior/VPN-Client-to-Server)

– IPSec Globals –> NAT Traversal, IKEv2

– IPSec –> Management of IPSec connections

– L2TP –> L2TP VPN properties

– PPTP –> PPTP VPN properties

– SSL VPN –> SSL VPN properties

Authentication menu

– Users –> User management

– External Authentication –> Radius, LDAP/AD, Kerberos/NTLM

– Certificates –> X.509 certificate management

Extras menu

– CLI –> Command Line Interface

– Update Firewall –> Update management

– Registration –> Appliance registration und license file

– Manage Cockpit –> Individual cockpit design

– Advanced Settings –> Internal appliance parameterization

– Refresh All/Refresh Cockpit –> Refreshing data from appliance

Live log menu

– live log -> Appliance real-time logging


Cockpit state and configuration overview

You can customize the cockpit according to your wishes.

License

Appliance registration and version information.

System Status

Appliance system and hardware information.

Applications

State of applications and services.

Appliance

Appliance overview of interfaces: LAN 1, LAN 2 to LAN n.

Interfaces

Graphical overview of interface traffic.

IPSec

Overview of IPSec VPNconnections.

DHCP

Overview of DHCP connections.

Downloads

Downloads of documents and software: Securepoint Security Manager, manuals, tools,

VPN clients etc.

User logged on via SSH

Overview of logged-in SSH user.

Spuva User

Overview of logged-in Securepoint Verification Agent user.

SSL VPN User

Overview of logged-in SSL VPN user.

Web Sessions

Running web sessions of the appliance.


en

glis

h

8 Overview Security Manager

With the Securepoint Security Manager you may safely and easily administrate up to

65535 Securepoint UTM solutions. Please follow the steps below:

– Install and start the Securepoint Security Manager. You will find it in the download

area of your web cockpit or on the Securepoint website under Downloads.

– When starting the Security Manager for the first time, a dialog screen will show up,

to create a key based data container for storing the appliance's configuration locally.

Please enter a key and repeat your choice.

Every time the manager is started, you will be asked for the key.

– Create a new Securepoint appliance by clicking on the marked firewall symbol.

A window will pop up, requesting you to enter settings. In the window folder

firewall, please enter the following data:

– Address: IP address (or resolvable name) of the appliance's interface

– Port on which the appliance can be reached. Default: 22 (SSH Port)

– Login: Your login name on the appliance

– Password: Your password on the appliance

– Password confirmation: Repeat your password

– A new firewall symbol will show under the firewall tree. You can connect the Security

Manager with a Securepoint appliance by clicking this symbol. You may now

configure and manage up to 65535 appliances. For further information, please refer

to the Securepoint Security Manager manual.

Create a new

Securepoint

appliance/firewall


Securepoint GmbHSalzstrasse 121335 LueneburgGermany

phone: ++49 41 31 / 24 01 - 0fax: ++49 41 31 / 24 01 - 50

mail: [email protected]: www.securepoint.cc

Small Business Solution

Small / Medium Business Solutions

Enterprise Business Solutions

Virtual Machine Solutions

Securepoint UTM Security Systems 10


Documents

Securepoint UTM Security Systems Installation Manual · Securepoint UTM Security Systems Installation Manual ... Securepoint Browser GUI and Security Manager ... for firewall rules