Internet Security Systems M10 User manual
®
M10 Appliance
Quick Start Guide
Version 2.1
Internet Security Systems, Inc.
6303 Barfield Road
Atlanta, Georgia 30328-4233
United States
(404) 236-2600
http://www.iss.net
© Internet Security Systems, Inc. 2003-2005. All rights reserved worldwide. Customers may make reasonable numbers of
copies of this publication for internal use only. This publication may not otherwise be copied or reproduced, in whole or in
part, by any other person or entity without the express prior written consent of Internet Security Systems, Inc.
Patent pending.
Internet Security Systems, System Scanner, Wireless Scanner, SiteProtector, Proventia, ADDME, AlertCon, ActiveAlert,
FireCell, FlexCheck, Secure Steps, SecurePartner, SecureU, and X-Press Update are trademarks and service marks, and the
Internet Security Systems logo, X-Force, SAFEsuite, Internet Scanner, Database Scanner, Online Scanner, and RealSecure
registered trademarks, of Internet Security Systems, Inc. Network ICE, the Network ICE logo, and ICEpac are trademarks,
BlackICE a licensed trademark, and ICEcap a registered trademark, of Network ICE Corporation, a wholly owned
subsidiary of Internet Security Systems, Inc. SilentRunner is a registered trademark of Raytheon Company. Acrobat and
Adobe are registered trademarks of Adobe Systems Incorporated. Certicom is a trademark and Security Builder is a
registered trademark of Certicom Corp. Check Point, FireWall-1, OPSEC, Provider-1, and VPN-1 are registered trademarks
of Check Point Software Technologies Ltd. or its affiliates. Cisco and Cisco IOS are registered trademarks of Cisco Systems,
Inc. HP-UX and OpenView are registered trademarks of Hewlett-Packard Company. IBM and AIX are registered
trademarks of IBM Corporation. InstallShield is a registered trademark and service mark of InstallShield Software
Corporation in the United States and/or other countries. Intel and Pentium are registered trademarks of Intel. Lucent is a
trademark of Lucent Technologies, Inc. ActiveX, Microsoft, Windows, and Windows NT are either registered trademarks
or trademarks of Microsoft Corporation. Net8, Oracle, Oracle8, SQL*Loader, and SQL*Plus are trademarks or registered
trademarks of Oracle Corporation. Seagate Crystal Reports, Seagate Info, Seagate, Seagate Software, and the Seagate logo
are trademarks or registered trademarks of Seagate Software Holdings, Inc. and/or Seagate Technology, Inc. Secure Shell
and SSH are trademarks or registered trademarks of SSH Communications Security. iplanet, Sun, Sun Microsystems, the
Sun Logo, Netra, SHIELD, Solaris, SPARC, and UltraSPARC are trademarks or registered trademarks of Sun
Microsystems, Inc. in the United States and other countries. All SPARC trademarks are used under license and are
trademarks or registered trademarks of SPARC International, Inc. in the United States and other countries. Adaptive
Server, SQL, SQL Server, and Sybase are trademarks of Sybase, Inc., its affiliates and licensers. Tivoli is a registered
trademark of Tivoli Systems Inc. UNIX is a registered trademark in the United States and other countries, licensed
exclusively through X/Open Company, Ltd. All other trademarks are the property of their respective owners and are used
here in an editorial context without intent of infringement. Specifications are subject to change without notice.
© Intel Corporation, 2002.
Disclaimer: The information contained in this document may change without notice, and may have been altered or
changed if you have received it from a source other than ISS or the X-Force. Use of this information constitutes acceptance
for use in an “AS IS” condition, without warranties of any kind, and any use of this information is at the user’s own risk.
ISS and the X-Force disclaim all warranties, either expressed or implied, including the warranties of merchantability and
fitness for a particular purpose. In no event shall ISS or the X-Force be liable for any damages whatsoever, including direct,
indirect, incidental, consequential or special damages, arising from the use or dissemination hereof, even if ISS or the
X-Force has been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of
liability for consequential or incidental damages, so the foregoing limitation may not apply.
Reference herein to any specific commercial products, process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by Internet Security
Systems, Inc. The views and opinions of authors expressed herein do not necessarily state or reflect those of Internet
Security Systems, Inc., and shall not be used for advertising or product endorsement purposes.
Links and addresses to Internet resources are inspected thoroughly prior to release, but the ever-changing nature of the
Internet prevents Internet Security Systems from guaranteeing the content or existence of the resource. When possible, the
reference contains alternate sites or keywords that could be used to acquire the information by other methods. If you find a
broken or inappropriate link, please send an email with the topic name, link, and its behavior to
.
Document part number: DOC-QSG-PROVISAM10-002-B
November 17, 2004
iii
Proventia M10 Appliance Quick Start Guide Version 2.1
Contents
Preface
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
About the Proventia M Integrated Security Appliance . . . . . . . . . . . . . . . . . . . . . . . . vii
Proventia M Integrated Security Appliance Documentation . . . . . . . . . . . . . . . . . . . . . viii
Chapter 1: Connecting the Appliance
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
The M10 Front and Back Panels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Connecting the Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Typical Deployment Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Chapter 2: Configuring the Appliance
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Before You Begin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Configuration Tasks Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Logging On To and Configuring the Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Configuring PPPoE Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Starting Proventia Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
SiteProtector Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Chapter 3: Reinstalling the Appliance
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Reinstallation Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Reinstalling the Appliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Getting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Contents
iv
v
Proventia M10 Appliance Quick Start Guide Version 2.1
Preface
Overview
Introduction This quick start guide contains procedures for connecting, configuring
and starting the Proventia M10 Integrated Security Appliance. The M10
appliance provides multifunction gateway security for small office
environments, and can be used as an endpoint for larger VPN networks.
Scope The Proventia M10 Appliance Quick Start Guide includes basic information
about starting and running the appliance on your network. Detailed
configuration information about using and managing the appliance is
provided in the Proventia M Series Applaince User Guide.
Audience This guide is intended for new users of the Proventia M10 (4-port)
appliance. A fundamental knowledge of network security policies and IP
network configuration is helpful.
What’s new in this
release This guide supports the 2.1 release of the Proventia M10 appliance. New
features in this firmware update include:
●a new Proventia Manager interface and navigational features
●a new interface port
●firewall rules for inbound/outbound access, including self rules, are
now managed in Access Policies
●Security Gateways for simplified VPN connections, including L2TP
over IPSec
●Network Objects now include Address Groups, Dynamic Address
Names, Port Groups, and Port Names
●NAT Policies include expanded global NAT rules and inbound port
translation
●VPN Wizards to simplify VPN connections
vi
●a new System Tools page used perform diagnostic and
troubleshooting tasks
●enhanced search and filter functionality for the Alert Log Viewer
●ability to automatically install firmware updates
●ability to automatically perform system backups before installing a
firmware update
About the Proventia M Integrated Security Appliance
vii
Proventia M10 Appliance Quick Start Guide Version 2.1
About the Proventia M Integrated Security Appliance
Introduction The Proventia M Series Integrated Security Appliance is a gateway
protection appliance that offers the following protection technologies:
●stateful packet inspection firewall
●VPN server (client-to-server and site-to-site implementations)
●intrusion prevention
●gateway antivirus
●gateway antispam
●Web filters
Proventia Manager Proventia Manager is the Web-based user interface for the Proventia M
Integrated Security Appliance. Use Proventia Manager to do the
following:
●monitor the status of the appliance
●automatically download and install updates
●configure appliance settings
●configure system settings
●configure firewall settings
●configure virtual private network settings
●configure antivirus software settings
●manage appliance activities
●configure advanced parameters
Proventia Setup
utility The Proventia Setup utility is your command line interface for the
appliance operating system. You must use the Proventia Setup utility to
set the initial network settings before you can log on to the Proventia
Manager. See “Proventia Setup utility” on page 14.
viii
Proventia M Integrated Security Appliance
Documentation
Introduction Documentation for the Proventia M Integrated Security Appliance is
available on the ISS Web site at
http://www.iss.net/support/
documentation/
.
Latest information For the latest appliance documentation, refer to the Help found in
Proventia Manager, and in the Readme files associated with each
firmware release.
Related publications For more information about using the appliance, see the following:
Document Contents
ISS Proventia M Series
Appliance User Guide
(Proventia Integrated Security
Appliance)
Information about how to use and manage
the appliance
http://documents.iss.net/
literature/proventia/
Proventia_MSeries_User.pdf
ISS Proventia M Series
Appliance Help
Online help located in Proventia Manager
Proventia Integrated Security
Appliance Data Sheet
General information about appliance
features
(
http://www.iss.net/
products_services/
enterprise_protection/proventia/
ProventiaMSeries_Datasheet.pdf
)
Proventia Integrated Security
Appliance Frequently Asked
Questions
Frequently asked questions about the
appliance and its functions
(
http://www.iss.net/
products_services/
enterprise_protection/proventia/
ProventiaMSeries_FAQ.pdf
)
Table 1: Reference documentation
Proventia M Integrated Security Appliance Documentation
ix
Proventia M10 Appliance Quick Start Guide Version 2.1
VPN configuration For information on how to configure a virtual private network (VPN)
tunnel from a Proventia M appliance to another system, see the following:
●Configuring VPN from Proventia M Series Appliance to Cisco PIX 515E
(
http://documents.iss.net/literature/proventia/
vpn_ex_cisco.pdf
)
●Configuring VPN from Proventia M Series Appliance to Check Point
Systems (
http://documents.iss.net/literature/proventia/
vpn_ex_ckpt.pdf
)
●Configuring VPN from Proventia M Series Appliance to Proventia M Series
Appliance (
http://documents.iss.net/literature/proventia/
vpn_ex_mseries.pdf
)
●Configuring VPN from Proventia M Series Appliance to NetScreen
Systems (
http://documents.iss.net/literature/proventia/
vpn_ex_netscreen.pdf
)
●Configuring VPN from Proventia M Series Appliance to SoftRemote
Systems (
http://documents.iss.net/literature/proventia/
vpn_ex_softremote.pdf
)
●Configuring VPN from Proventia M Series Appliance to Symantec Systems
(
http://documents.iss.net/literature/proventia/
vpn_ex_symantec.pdf
)
●Configuring VPN from Proventia M Series Appliance to Windows XP
Systems (
http://documents.iss.net/literature/proventia/
vpn_ex_winxp.pdf
)
Readme file The most current information about product
issues and updates, and how to contact
Technical Support (
http://
www.iss.net/download/
)
Document Contents
Table 1: Reference documentation (Continued)
x
1
Proventia M10 Appliance Quick Start Guide Version 2.1
Chapter 1
Connecting the Appliance
Overview
Introduction This chapter contains the instructions for connecting the cables and
starting the appliance for the first time. It provides diagrams and
descriptions of the front and back panels of the Proventia M10 (4-port)
Integrated Security Appliance.
Important: Previous models of the M10 appliance can upgrade to the 2.1
release, however, note that port assignments and interface changes occur
with the 2.1 version. The former DMZ interface is now eth2. Refer to the
Proventia M Series Appliance User Guide for more information.
Confirm contents Verify that the appliance packaging includes the following:
●a Proventia M10 Integrated Security Appliance
●an AC power cord
●a serial null modem cable
●a CAT5 crossover ethernet cable
In this chapter This chapter contains the following topics:
Topic Page
The M10 Front and Back Panels 2
Connecting the Appliance 4
Typical Deployment Scenario 6
2
The M10 Front and Back Panels
Introduction This topic describes the front and back panels of the Proventia M10
Integrated Security Appliance.
Front panel diagram The Proventia M10 4-port appliance front panel includes the following as
shown in Figure 1:
●a power LED (light-emitting diode) (green)
●an interface activity LED (amber) corresponding to each interface
●an interface connection LED (green) corresponding to each interface
Figure 1: Proventia M10 Integrated Security Appliance front panel
Back panel diagram The Proventia M10 4-port appliance back panel includes the following as
shown in Figure 2 on page 3:
●an AC power connection
●a power switch
●four interface ports
■INT 0
■EXT 1
■2 (eth2)
■3 (eth3)
●CONSOLE (serial port)
The M10 Front and Back Panels
3
Proventia M10 Appliance Quick Start Guide Version 2.1
Figure 2: Proventia M10 Integrated Security Appliance back panel
Note: If you have a 3-port M10 appliance, your DMZ interface is now
eth2.
4
Connecting the Appliance
Introduction This topic provides instructions for connecting the cables and starting the
Proventia M10 appliance for the first time.
Connecting the
cables To connect the serial cable, do the following:
1. Plug one end of the serial null modem cable into the serial port
labeled CONSOLE on the back panel of the appliance, as shown in
Figure 2 on page 3.
Important: ISS recommends that you use the serial null modem cable
provided. ISS does not support the use of other cables.
2. Plug the other end of the serial null modem cable into the serial port
on your computer or laptop.
3. Plug the AC Power connector into the back of the appliance where
indicated in Figure 2 on page 3, and then plug the other end into a
standard AC receptacle.
4. Turn on the appliance and start your computer.
Terminal emulation Use a VT100-compatible terminal emulation program, such as
Hyperterminal, to perform the configuration setup for the Proventia M10
appliance. You must establish a connection to the appliance to access the
Proventia Setup utility (command line interface). See “Setting up terminal
emulation” on page 4.
Reference: Refer to your Microsoft documentation for instructions on
using Hyperterminal. If you are not using the Hyperterminal program,
then your settings may be different. Refer to the documentation for your
program.
Setting up terminal
emulation To set up terminal emulation:
1. On your computer, start Hyperterminal.
2. In Hyperterminal, select FileÆPropertiesÆSettings.
3. Select Emulation = VT100.
4. Click OK.
Connecting the Appliance
5
Proventia M10 Appliance Quick Start Guide Version 2.1
5. Create a connection to the appliance with the following settings:
Connecting the
network cables To connect the network cables:
1. Connect the internal interface (INT 0) on the rear panel to your
internal network (see Figure 2 on page 3).
2. Connect the external interface (EXT 1) on the rear panel to your
external network (see Figure 2 on page 3).
3. Connect any additional interfaces (2, 3) as desired. Use the Proventia
Manager Network Configuration page to configure the additional
interfaces. See “Logging on to Proventia Manager” on page 23.
Note: M10 3-port users should note that the DMZ interface is now
eth2.
4. Complete the configuration procedures in “Logging On To and
Configuring the Appliance” on page 14.
Connection status The lights on the front panel of the M10 appliance, as shown in Figure 1
on page 2, indicate the status of the connections as follows:
●solid green LEDs indicate connectivity to each interface
●flickering amber LEDs confirm activity on the interface
Setting Value
Bits per second 9600
Data bits 8
Parity None
Stop bits 1
Flow control None
Communications Port Typically COM1, but this depends on the
computer you are using
6
Typical Deployment Scenario
Introduction You can manage all your security technologies from the Proventia M
Integrated Security Appliance management console or from the
SiteProtector console. See “SiteProtector Management” on page 24.
Deployment
diagram A typical deployment scenario for the Proventia M is shown in Figure 3:
Figure 3: Proventia M deployment scenario
The connections shown in Figure 3 are as follows:
●corporate network connects to internal interface (INT 0)
●WAN router connects to external interface (EXT 1)
●DMZ network connects to ethernet interface (eth2)
7
Proventia M10 Appliance Quick Start Guide Version 2.1
Chapter 2
Configuring the Appliance
Overview
Introduction This chapter describes how to configure the Proventia M10 appliance for
the first time, and access Proventia Manager. SiteProtector management
information is also provided.
In this chapter This chapter contains the following topics:
Topic Page
Before You Begin 8
Configuration Tasks Overview 10
Logging On To and Configuring the Appliance 14
Configuring PPPoE Authentication 19
Starting Proventia Manager 21
SiteProtector Management 24
8
Before You Begin
Introduction Before you can use your Proventia M10 appliance, you must gather
certain network information to configure the appliance interfaces.
Required
information
checklist
Use the following checklist and worksheet to gather and document the
information you need to configure your Proventia M10 appliance.
9Setting Description
Appliance hostname (Gateway
Protection Hostname)
The unique computer name for your
appliance (no spaces).
Format:
gateway1.example.com
Your setting:
Internal interface IP Address The IP address of the internal
network adapter.
Your setting:
Internal interface subnet mask: The subnet mask value for the
network that will connect to your
internal interface.
Your setting:
External interface IP Address The IP address of the external
network adapter.
NOTE: This address must be on a
different network than the internal
interface IP.
Your setting:
External interface subnet mask The subnet mask value for the
network that will connect to your
external interface.
Your setting:
Table 2: Checklist and worksheet for configuration information
Before You Begin
9
Proventia M10 Appliance Quick Start Guide Version 2.1
External interface default gateway The IP address of the external
gateway.
Your setting:
Appliance domain name servers The IP addresses of the servers you
are using to perform domain name
lookups.
Your setting:
Appliance domain name The domain suffix for the network
(DNS search path).
Your setting:
9Setting Description
Table 2: Checklist and worksheet for configuration information
10
Configuration Tasks Overview
Introduction The Proventia M10 (4-port) appliance comes with default settings that
protect your system with a minimum of additional configuration. This
topic identifies the required configuration tasks, and recommends
additional tasks to support your security needs and maintain the
appliance.
Configuration tasks This topic describes the following tasks:
●required tasks
●recommended tasks
●routine maintenance tasks
Note: These tasks assume that you are deploying the Proventia M Series
appliance in a new network. If you are replacing an existing firewall or
router with the M10 appliance, then you may have to perform additional
tasks that are outside the scope of this guide. For more information about
configuring a Proventia M Series appliance, see the Proventia M Series
Appliance User Guide.
Required tasks You must perform the following tasks before your appliance is fully
functional:
Task Description
1 Configure the appliance
Reference: “Logging On To and Configuring the Appliance” on
page 14.
2 Log on to Proventia Manager
Reference: “Logging on to Proventia Manager” on page 23.
3 Install the license key file
References:
• See “Prerequisites” on page 21.
• Help topic, “Installing the License Key File”
• Proventia M Series Appliance User Guide
Table 3: Required tasks
Other manuals for M10
1
Table of contents
Popular Firewall manuals by other brands
ZyXEL Communications
ZyXEL Communications ZYWALL 2 WG brochure
Dojo
Dojo Pebble user guide
websense
websense V10000 G2 Getting started
ZyXEL Communications
ZyXEL Communications ZyWALL 110 Series Handbook & instructions
NETGEAR
NETGEAR ProSafe VPN Firewall 200 FVX538 Reference manual
Cisco
Cisco Small Business RV215W quick start guide
McAfee
McAfee 1650 Hardware guide
Hillstone
Hillstone SG-6000 E Series Hardware reference guide
IBM
IBM SP3001 Replacement instructions
Fortinet
Fortinet FortiScan-1000C install guide
Skybox Securoty
Skybox Securoty Appliance 5500 quick start guide
NETGEAR
NETGEAR FVG318 - ProSafe 802.11g Wireless VPN Firewall 8... Reference manual
