Edimax VPN-1 Edge Series User manual
Check Point VPN-1 Edge
Internet Security Appliance
User Guide
Version 6.0
Part No: 700800, November 2005
COPYRIGHT & TRADEMARKS
Copyright © 2005 SofaWare, All Rights Reserved. No part of this
document may be reproduced in any form or by any means without
written permission from SofaWare.
Information in this document is subject to change without notice and
does not represent a commitment on part of SofaWare Technologies
Ltd.
SofaWare, Safe@Home and Safe@Office are trademarks, service
marks, or registered trademarks of SofaWare Technologies Ltd.
Check Point, the Check Point logo, FireWall-1, FireWall-1
SecureServer, FireWall-1 SmallOffice, FloodGate-1, INSPECT, IQ
Engine, Meta IP, MultiGate, Open Security Extension, OPSEC,
Provider-1, SecureKnowledge, SecureUpdate, SiteManager-1, SVN,
UAM, User-to-Address Mapping, UserAuthority, Visual Policy
Editor, VPN-1, VPN-1 Accelerator Card, VPN-1 Gateway, VPN-1
SecureClient, VPN-1 SecuRemote, VPN-1 SecureServer, and VPN-1
Edge are trademarks, service marks, or registered trademarks of Check
Point Software Technologies Ltd. or its affiliates.
All other product names mentioned herein are trademarks or registered
trademarks of their respective owners.
The products described in this document are protected by U.S. Patent
No. 5,606,668 and 5,835,726 and may be protected by other U.S.
Patents, foreign patents, or pending applications.
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright © 1989, 1991 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies of this
license document, but changing it is not allowed.
PREAMBLE
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change
free software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors
commit to using it. (Some other Free Software Foundation software is
covered by the GNU Library General Public License instead.) You
can apply it to your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it if
you want it, that you can change the software or use pieces of it in new
free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid anyone
to deny you these rights or to ask you to surrender the rights. These
restrictions translate to certain responsibilities for you if you distribute
copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that you
have. You must make sure that they, too, receive or can get the source
code. And you must show them these terms so they know their rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on,
we want its recipients to know that what they have is not the original,
so that any problems introduced by others will not reflect on the
original authors' reputations.
Finally, any free program is threatened constantly by software patents.
We wish to avoid the danger that redistributors of a free program will
individually obtain patent licenses, in effect making the program
proprietary. To prevent this, we have made it clear that any patent
must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE TERMS AND CONDITIONS
FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which
contains a notice placed by the copyright holder saying it may be
distributed under the terms of this General Public License. The
"Program", below, refers to any such program or work, and a "work
based on the Program" means either the Program or any derivative
work under copyright law: that is to say, a work containing the
Program or a portion of it, either verbatim or with modifications
and/or translated into another language. (Hereinafter, translation is
included without limitation in the term "modification".) Each licensee
is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of running
the Program is not restricted, and the output from the Program is
covered only if its contents constitute a work based on the Program
(independent of having been made by running the Program). Whether
that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the notices
that refer to this License and to the absence of any warranty; and give
any other recipients of the Program a copy of this License along with
the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a
fee.
2. You may modify your copy or copies of the Program or any
portion of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent
notices stating that you changed the files and the date of
any change.
b) You must cause any work that you distribute or publish,
that in whole or in part contains or is derived from the
Program or any part thereof, to be licensed as a whole at
no charge to all third parties under the terms of this
License.
c) If the modified program normally reads commands
interactively when run, you must cause it, when started
running for such interactive use in the most ordinary way,
to print or display an announcement including an
appropriate copyright notice and a notice that there is no
warranty (or else, saying that you provide a warranty) and
that users may redistribute the program under these
conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work
based on the Program is not required to print an
announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote
it.
Thus, it is not the intent of this section to claim rights or contest your
rights to work written entirely by you; rather, the intent is to exercise
the right to control the distribution of derivative or collective works
based on the Program.
In addition, mere aggregation of another work not based on the
Program with the Program (or with a work based on the Program) on a
volume of a storage or distribution medium does not bring the other
work under the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding
machine-readable source code, which must be distributed
under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least
three years, to give any third party, for a charge no more
than your cost of physically performing source
distribution, a complete machine-readable copy of the
corresponding source code, to be distributed under the
terms of Sections 1 and 2 above on a medium customarily
used for software interchange; or,
c) Accompany it with the information you received as to
the offer to distribute corresponding source code. (This
alternative is allowed only for noncommercial distribution
and only if you received the program in object code or
executable form with such an offer, in accord with
Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to control
compilation and installation of the executable. However, as a special
exception, the source code distributed need not include anything that
is normally distributed (in either source or binary form) with the major
components (compiler, kernel, and so on) of the operating system on
which the executable runs, unless that component itself accompanies
the executable.
If distribution of executable or object code is made by offering access
to copy from a designated place, then offering equivalent access to
copy the source code from the same place counts as distribution of the
source code, even though third parties are not compelled to copy the
source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying the
Program or works based on it.
6. Each time you redistribute the Program (or any work based on
the Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein. You
are not responsible for enforcing compliance by third parties to this
License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence
you may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any such
claims; this section has the sole purpose of protecting the integrity of
the free software distribution system, which is implemented by public
license practices. Many people have made generous contributions to
the wide range of software distributed through that system in reliance
on consistent application of that system; it is up to the author/donor to
decide if he or she is willing to distribute software through any other
system and a licensee cannot impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates the
limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new
versions of the General Public License from time to time. Such new
versions will be similar in spirit to the present version, but may differ
in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and
conditions either of that version or of any later version published by
the Free Software Foundation. If the Program does not specify a
version number of this License, you may choose any version ever
published by the Free Software Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the
author to ask for permission. For software which is copyrighted by the
Free Software Foundation, write to the Free Software Foundation; we
sometimes make exceptions for this. Our decision will be guided by
the two goals of preserving the free status of all derivatives of our free
software and of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF
CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO
THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT
WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE
PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND,
EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND
PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD
THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST
OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE
LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT
HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED
ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING
ANY GENERAL, SPECIAL, INCIDENTAL OR
CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR
INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT
LIMITED TO LOSS OF DATA OR DATA BEING RENDERED
INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE
WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR
OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
To receive the SofaWare GPL licensed code, contact
SAFETY PRECAUTIONS
Carefully read the Safety Instructions the Installation and Operating
Procedures provided in this User's Guide before attempting to install
or operate the appliance. Failure to follow these instructions may
result in damage to equipment and/or personal injuries.
Before cleaning the appliance, unplug the power cord. Use
only a soft cloth dampened with water for cleaning.
When installing the appliance, ensure that the vents are not
blocked.
Do not place this product on an unstable surface or support.
The product may fall, causing serious injury to a child or adult,
as well as serious damage to the product.
Do not use the appliance outdoors.
Do not expose the appliance to liquid or moisture.
Do not expose the appliance to extreme high or low
temperatures.
Do not disassemble or open the appliance. Failure to comply
will void the warranty.
Do not use any accessories other than those approved by
Check Point. Failure to do so may result in loss of
performance, damage to the product, fire, electric shock or
injury, and will void the warranty.
Route power supply cords where they are not likely to be
walked on or pinched by items placed on or against them. Pay
particular attention to cords where they are attached to plugs
and convenience receptacles, and examine the point where
they exit the unit.
Do not connect or disconnect power supply cables and data
transmission lines during thunderstorms.
Do not overload wall outlets or extension cords, as this can
result in a risk of fire or electric shock. Overloaded AC outlets,
extension cords, frayed power cords, damaged or cracked wire
insulation, and broken plugs are dangerous. They may result in
a shock or fire hazard. Periodically examine the cord, and if its
appearance indicates damage or deteriorated insulation, have it
replaced by your service technician.
If the unit or any part of it is damaged, disconnect the power
plug and inform the responsible service personnel. Non-
observance may result in damage to the router.
POWER ADAPTER
Operate this product only from the type of power source
indicated on the product’s marking label. If you are not sure of
the type of power supplied to your home, consult your dealer
or local power company.
Use only the power supply provided with your product. Check
whether the device’s set supply voltage is the same as the local
supply voltage.
To reduce risk of damage to the unit, remove it from the outlet
by holding the power adapter rather than the cord.
SECURITY DISCLAIMER
The appliance provides your office network with the highest level of
security. However, no single security product can provide you with
absolute protection against a determined effort to break into your
system. We recommend using additional security measures to secure
highly valuable or sensitive information.
Contents
Contents i
Contents
About This Guide.................................................................................................................................xi
Chapter 1: Introduction .......................................................................................................................1
About Your Check Point VPN-1 Edge Appliance..............................................................................1
VPN-1 Edge Products.........................................................................................................................2
VPN-1 Edge Features and Compatibility............................................................................................3
Connectivity....................................................................................................................................3
Firewall...........................................................................................................................................4
VPN ................................................................................................................................................5
Management....................................................................................................................................5
Optional Security Services..............................................................................................................6
Package Contents............................................................................................................................6
Network Requirements ...................................................................................................................7
Getting to Know Your VPN-1 Edge X series Appliance....................................................................8
Rear Panel.......................................................................................................................................8
Front Panel......................................................................................................................................9
Getting to Know Your VPN-1 Edge W Series Appliance.................................................................11
Rear Panel.....................................................................................................................................11
Front Panel....................................................................................................................................13
Contacting Technical Support...........................................................................................................15
Chapter 2: Installing and Setting up the VPN-1 Edge Appliance...................................................17
Before You Install the VPN-1 Edge Appliance ................................................................................17
Windows 2000/XP........................................................................................................................18
Windows 98/Millennium ..............................................................................................................23
Mac OS.........................................................................................................................................28
Mac OS-X.....................................................................................................................................30
Wall Mounting the Appliance...........................................................................................................32
Contents
ii Check Point VPN-1 Edge User Guide
Securing the Appliance against Theft ...............................................................................................34
Network Installation..........................................................................................................................37
Setting Up the VPN-1 Edge Appliance.............................................................................................38
Chapter 3: Getting Started.................................................................................................................41
Initial Login to the VPN-1 Edge Portal.............................................................................................41
Logging on to the VPN-1 Edge Portal ..............................................................................................44
Accessing the VPN-1 Edge Portal Remotely Using HTTPS ............................................................46
Using the VPN-1 Edge Portal ...........................................................................................................48
Main Menu....................................................................................................................................49
Main Frame...................................................................................................................................50
Status Bar......................................................................................................................................50
Logging off .......................................................................................................................................53
Chapter 4: Configuring the Internet Connection.............................................................................55
Overview...........................................................................................................................................55
Using the Internet Wizard.................................................................................................................56
Using a Direct LAN Connection...................................................................................................58
Using a Cable Modem Connection ...............................................................................................60
Using a PPTP or PPPoE Dialer Connection..................................................................................61
Using PPPoE.................................................................................................................................62
Using PPTP...................................................................................................................................63
Using Internet Setup..........................................................................................................................65
Using a LAN Connection..............................................................................................................66
Using a Cable Modem Connection ...............................................................................................68
Using a PPPoE Connection...........................................................................................................70
Using a PPTP Connection.............................................................................................................72
Using a Telstra (BPA) Connection ...............................................................................................74
Using a Dialup Connection...........................................................................................................76
Contents
Contents iii
Using No Connection....................................................................................................................78
Setting Up a Dialup Modem .............................................................................................................85
Viewing Internet Connection Information........................................................................................88
Enabling/Disabling the Internet Connection.....................................................................................90
Using Quick Internet Connection/Disconnection..............................................................................92
Configuring a Backup Internet Connection.......................................................................................92
Setting Up a LAN or Broadband Backup Connection ..................................................................92
Setting Up a Dialup Backup Connection ......................................................................................93
Chapter 5: Managing Your Network................................................................................................95
Configuring Network Settings ..........................................................................................................95
Configuring a DHCP Server .........................................................................................................96
Changing IP Addresses...............................................................................................................107
Enabling/Disabling Hide NAT....................................................................................................108
Configuring a DMZ Network......................................................................................................109
Configuring the OfficeMode Network........................................................................................111
Configuring VLANs ...................................................................................................................113
Configuring High Availability........................................................................................................121
Configuring High Availability on a Gateway .............................................................................123
Sample Implementation on Two Gateways.................................................................................127
Adding and Editing Network Objects.........................................................................................131
Viewing and Deleting Network Objects .....................................................................................139
Using Static Routes.........................................................................................................................140
Adding and Editing Static Routes...............................................................................................140
Viewing and Deleting Static Routes ...........................................................................................145
Managing Ports...............................................................................................................................146
Viewing Port Statuses.................................................................................................................147
Modifying Port Assignments ......................................................................................................148
Contents
iv Check Point VPN-1 Edge User Guide
Modifying Link Configurations..................................................................................................150
Resetting Ports to Defaults..........................................................................................................150
Chapter 6: Using Traffic Shaper.....................................................................................................153
Overview.........................................................................................................................................153
Setting Up Traffic Shaper ...............................................................................................................154
Predefined QoS Classes ..................................................................................................................155
Adding and Editing Classes............................................................................................................156
Deleting Classes..............................................................................................................................161
Restoring Traffic Shaper Defaults...................................................................................................162
Chapter 7: Configuring a Wireless Network..................................................................................163
Overview.........................................................................................................................................163
About the Wireless Hardware in Your VPN-1 Edge W series Appliance ......................................164
Wireless Security Protocols ............................................................................................................165
Manually Configuring a WLAN.....................................................................................................167
Using the Wireless Configuration Wizard ......................................................................................178
WPA-PSK...................................................................................................................................180
WEP............................................................................................................................................182
No Security .................................................................................................................................183
Preparing the Wireless Stations.......................................................................................................184
Troubleshooting Wireless Connectivity..........................................................................................185
Chapter 8: Viewing Reports.............................................................................................................189
Viewing the Event Log ...................................................................................................................189
Using the Traffic Monitor...............................................................................................................193
Viewing Traffic Reports .............................................................................................................193
Exporting General Traffic Reports..............................................................................................195
Configuring Traffic Monitor Settings.........................................................................................195
Viewing Computers ........................................................................................................................196
Contents
Contents v
Viewing Connections......................................................................................................................199
Viewing Wireless Statistics.............................................................................................................200
Chapter 9: Setting Your Security Policy.........................................................................................205
Default Security Policy...................................................................................................................206
Setting the Firewall Security Level.................................................................................................207
Configuring Servers........................................................................................................................210
Using Rules.....................................................................................................................................212
Adding and Editing Rules...........................................................................................................216
Enabling/Disabling Rules ...........................................................................................................222
Changing Rules' Priority.............................................................................................................222
Deleting Rules.............................................................................................................................223
Using SmartDefense .......................................................................................................................223
Configuring SmartDefense..........................................................................................................224
SmartDefense Categories............................................................................................................226
Using Secure HotSpot.....................................................................................................................261
Setting Up Secure HotSpot.........................................................................................................262
Enabling/Disabling Secure HotSpot............................................................................................263
Customizing Secure HotSpot......................................................................................................264
Defining an Exposed Host ..............................................................................................................266
Chapter 10: Using VStream Antivirus............................................................................................269
Overview.........................................................................................................................................269
Enabling/Disabling VStream Antivirus...........................................................................................271
Viewing VStream Signature Database Information........................................................................272
Configuring VStream Antivirus......................................................................................................273
Configuring the VStream Antivirus Policy.................................................................................273
Configuring VStream Advanced Settings...................................................................................281
Updating VStream Antivirus...........................................................................................................285
Contents
vi Check Point VPN-1 Edge User Guide
Chapter 11: SMART Management and Subscription Services.....................................................287
Connecting to a Service Center.......................................................................................................288
Viewing Services Information ........................................................................................................293
Refreshing Your Service Center Connection..................................................................................294
Configuring Your Account .............................................................................................................294
Disconnecting from Your Service Center.......................................................................................295
Web Filtering ..................................................................................................................................296
Enabling/Disabling Web Filtering ..............................................................................................296
Selecting Categories for Blocking ..............................................................................................297
Temporarily Disabling Web Filtering.........................................................................................298
Email Filtering ................................................................................................................................300
Enabling/Disabling Email Filtering ............................................................................................301
Selecting Protocols for Scanning................................................................................................302
Temporarily Disabling Email Filtering.......................................................................................302
Automatic and Manual Updates......................................................................................................304
Checking for Software Updates when Locally Managed............................................................304
Checking for Software Updates when Remotely Managed ........................................................305
Chapter 12: Working with VPNs.....................................................................................................307
Overview.........................................................................................................................................308
Site-to-Site VPNs........................................................................................................................310
Remote Access VPNs .................................................................................................................312
Internal VPN Server....................................................................................................................313
Setting Up Your VPN-1 Edge Appliance as a VPN Server............................................................314
Configuring the Remote Access VPN Server .............................................................................316
Configuring the Internal VPN Server..........................................................................................317
Installing SecuRemote ................................................................................................................319
Adding and Editing VPN Sites .......................................................................................................319
Contents
Contents vii
Configuring a Remote Access VPN Site.....................................................................................322
Configuring a Site-to-Site VPN Gateway...................................................................................335
Deleting a VPN Site........................................................................................................................351
Enabling/Disabling a VPN Site.......................................................................................................352
Logging on to a Remote Access VPN Site......................................................................................353
Logging on through the VPN-1 Edge Portal...............................................................................353
Logging on through the my.vpn page.........................................................................................355
Logging off a Remote Access VPN Site.........................................................................................357
Installing a Certificate.....................................................................................................................357
Generating a Self-Signed Certificate...........................................................................................358
Importing a Certificate................................................................................................................362
Uninstalling a Certificate ................................................................................................................364
Viewing VPN Tunnels....................................................................................................................365
Viewing IKE Traces for VPN Connections....................................................................................368
Chapter 13: Managing Users ...........................................................................................................371
Changing Your Password................................................................................................................371
Adding and Editing Users...............................................................................................................373
Adding Quick Guest HotSpot Users ...............................................................................................377
Viewing and Deleting Users ...........................................................................................................379
Setting Up Remote VPN Access for Users.....................................................................................380
Using RADIUS Authentication.......................................................................................................380
Configuring the RADIUS Vendor-Specific Attribute.....................................................................385
Chapter 14: Maintenance.................................................................................................................389
Viewing Firmware Status................................................................................................................389
Updating the Firmware ...................................................................................................................391
Upgrading Your Software Product..................................................................................................393
Registering Your VPN-1 Edge Appliance ......................................................................................397
Contents
viii Check Point VPN-1 Edge User Guide
Configuring Syslog Logging...........................................................................................................398
Controlling the Appliance via the Command Line..........................................................................400
Using the VPN-1 Edge Portal.....................................................................................................400
Using the Serial Console.............................................................................................................402
Configuring HTTPS........................................................................................................................404
Configuring SSH.............................................................................................................................406
Configuring SNMP.........................................................................................................................408
Setting the Time on the Appliance..................................................................................................411
Using Diagnostic Tools...................................................................................................................415
Using IP Tools ............................................................................................................................416
Using Packet Sniffer ...................................................................................................................418
Filter String Syntax.....................................................................................................................421
Backing Up the VPN-1 Edge Appliance Configuration..................................................................429
Exporting the VPN-1 Edge Appliance Configuration.................................................................429
Importing the VPN-1 Edge Appliance Configuration.................................................................430
Resetting the VPN-1 Edge Appliance to Defaults ..........................................................................432
Running Diagnostics.......................................................................................................................435
Rebooting the VPN-1 Edge Appliance ...........................................................................................436
Chapter 15: Using Network Printers...............................................................................................437
Overview.........................................................................................................................................437
Setting Up Network Printers...........................................................................................................438
Configuring Computers to Use Network Printers...........................................................................439
Windows 2000/XP......................................................................................................................439
MAC OS-X.................................................................................................................................445
Viewing Network Printers...............................................................................................................449
Changing Network Printer Ports.....................................................................................................449
Resetting Network Printers.............................................................................................................450
Contents
Contents ix
Chapter 16: Troubleshooting...........................................................................................................451
Connectivity....................................................................................................................................452
Service Center and Upgrades..........................................................................................................456
Other Problems ...............................................................................................................................457
Chapter 17: Specifications................................................................................................................459
Technical Specifications .................................................................................................................459
CE Declaration of Conformity........................................................................................................462
Federal Communications Commission Radio Frequency Interference Statement..........................464
Glossary of Terms.............................................................................................................................465
Index...................................................................................................................................................473
About Your Check Point VPN-1 Edge Appliance
Chapter 1: About This Guide xi
To make finding information in this manual easier, some types of information are
marked with special symbols or formatting.
Boldface type is used for command and button names.
Note: Notes are denoted by indented text and preceded by the Note icon.
Warning: Warnings are denoted by indented text and preceded by the Warning icon.
Each task is marked with a product bar indicating the VPN-1 Edge products
required to perform the task. If you cannot perform the task using a particular
product, that product is crossed out. For example, the product bar below indicates a
task that requires VPN-1 Edge W8, W16, W32, or WU.
About This Guide
About Your Check Point VPN-1 Edge Appliance
Chapter 1: Introduction 1
Chapter 1
This chapter introduces the Check Point VPN-1 Edge appliance and this guide.
This chapter includes the following topics:
About Your Check Point VPN-1 Edge Appliance........................................1
VPN-1 Edge Products...................................................................................2
VPN-1 Edge Features and Compatibility .....................................................3
Getting to Know Your VPN-1 Edge X series Appliance .............................8
Getting to Know Your VPN-1 Edge W Series Appliance..........................11
Contacting Technical Support....................................................................15
About Your Check Point VPN-1 Edge Appliance
The Check Point VPN-1 Edge appliance is an advanced Internet security appliance
that enables secure high-speed Internet access from the office. Developed by
SofaWare Technologies, an affiliate of Check Point Software Technologies, the
worldwide leader in securing the Internet, the VPN-1 Edge appliance incorporates
the X and W product families. The VPN-1 Edge firewall, based on the world-
leading Check Point Embedded NGX Stateful Inspection technology, inspects and
filters all incoming and outgoing traffic, blocking all unauthorized traffic.
The VPN-1 Edge appliance also allows sharing your Internet connection among
several PCs or other network devices, enabling advanced office networking and
saving the cost of purchasing static IP addresses.
All VPN-1 Edge appliances can be integrated into an overall enterprise security
policy for maximum security. Check Point's Security Management Architecture
(SMART) delivers a single enterprise-wide security policy that you can centrally
manage and automatically deploy to an unlimited number of VPN-1 Edge
gateways.
Introduction
VPN-1 Edge Products
2 Check Point VPN-1 Edge User Guide
You can also connect VPN-1 Edge appliances to security services available from
select service providers, including firewall security and software updates, Web
Filtering, reporting, VPN management, and Dynamic DNS. Business users can use
the VPN-1 Edge appliance to securely connect to the corporate network.
VPN-1 Edge Products
The VPN-1 Edge appliance is available with the following hardware:
•VPN-1 Edge X series
This series includes the following models:
•VPN-1 Edge X8
•VPN-1 Edge X16
•VPN-1 Edge X32
•VPN-1 Edge XU
•VPN-1 Edge W series
This series includes the following models:
•VPN-1 Edge W8
•VPN-1 Edge W16
•VPN-1 Edge W32
•VPN-1 Edge WU
You can upgrade your VPN-1 Edge appliance to a more advanced model within its
hardware series, without replacing the hardware. Contact your reseller for more
details.
VPN-1 Edge Features and Compatibility
Chapter 1: Introduction 3
VPN-1 Edge Features and Compatibility
Connectivity
All VPN-1 Edge models have the following features:
•LAN ports: 4-ports 10/100 Mbps Fast Ethernet switch
•WAN port: 10/100 Mbps Fast Ethernet
•DMZ/WAN2 Port: 10/100 Mbps Fast Ethernet
•Serial (RS232) port for console access and dialup modem connection
•Supported Internet connection methods: Static IP, DHCP Client, Cable
Modem, PPTP Client, PPPoE Client, Telstra BPA login, Dialup
•Concurrent firewall connections: 8,000
•DHCP server, client, and relay
•MAC cloning
•Static NAT
•Static routes and source routes
•Ethernet cable type recognition
•Backup Internet connection
•Dead Internet Connection Detection (DCD)
•Traffic Monitoring
•Traffic Shaping
•VLAN Support
•Dynamic Routing
•High Availability
VPN-1 Edge Features and Compatibility
4 Check Point VPN-1 Edge User Guide
The VPN-1 Edge W includes the following additional features:
•Wireless LAN interface with dual diversity antennas supporting up to 108
Mbps (Super G) and Extended Range (XR)
•Wireless QoS (WMM)
•Integrated USB print server
Firewall
All VPN-1 Edge models have the following features:
•Check Point Firewall-1 Embedded NGX firewall with Application
Intelligence
•Intrusion Detection and Prevention using Check Point SmartDefense
•Network Address Translation (NAT)
•Three preset security policies
•Unlimited INSPECT Policy Rules
•Anti-spoofing
•Voice over IP (H.323) support
•Instant messenger blocking/monitoring
•P2P file sharing blocking/monitoring
This manual suits for next models
10
Table of contents
Other Edimax Network Hardware manuals
Popular Network Hardware manuals by other brands
Tripp Lite
Tripp Lite 48-Port Cat6 Patch Panel N252-048 Specification sheet
Watchguard
Watchguard Firebox T20 Hardware guide
Planet
Planet NAS-7450 user manual
Ntron
Ntron 102MC User manual & installation guide
Checkpoint
Checkpoint MHO175 quick start guide
HIK VISION
HIK VISION DS-7100NI-K1/W/M Series user manual