Ironport S660 User manual

IRONPORT S660 and S360

QUICKSTART GUIDE

Deployment Options

❏ Web Proxy

❏ Transparent with L4 Switch

❏ Transparent with WCCP Router

❏ Explicit Forward Proxy

❏ L4 Trafﬁc Monitor

❏ Simplex tap

❏ Duplex tap

Network Context

Is there another proxy on the network? ❏ No Yes ❏ in Transparent Mode ❏ In Forward Mode

Other Proxy in Forward Mode: IP address and Port:

Network Settings

Default System Hostname:

DNS Servers ❏ Use the Internet’s root DNS ser vers

❏ Use these DNS servers (maximum 3):

Network Time Protocol (NTP) server: IP address and host name:

Time Zone Region: Region: Country: GMT Offset:

Interface Settings

Management Interface M1 Ethernet por t only IP address:

Network mask:

Host name:

NOTE: The Web Proxy can share the Management interface. If conﬁgured separately, the Data interface IP address and the Management

interface IP address cannot share the same subnet.

Data Interface IP address:

Network mask:

Host name:

Routes

Internal Routes for Management Default Gateway:

Static Route Name:

Static Route Destination Network:

Static Route Gateway:

Internal Routes for Data Default Gateway:

Static Route Name:

Static Route Destination Network:

Static Route Gateway:

Transparent Routing Device

Device type: ❏ Layer-4 switch ❏ WCCP router

NOTE: When you connect the appliance to a WCCP router, you must conﬁgure the Web Security appliance to create WCCP services after

you run the System Setup Wizard.

Administrative Settings

Administrative Password: ❏ AutoSupport

Send Email System Alerts to:

Security Services

❏ IP Spooﬁng

L4 Trafﬁc Monitor: ❏ Monitor Only ❏ Block

❏ IronPort URL Filtering

❏ Web Reputation Filters

Malware and Spyware Scanning: ❏ Enable Webroot

❏ Enable McAfee

Action for Detected Malware: ❏ Monitor Only ❏ Block

Action for Unscannable Transactions: ❏ Monitor Only ❏ Block

❏ SenderBase Network Participation

Participation Level: ❏ Limited ❏ Standard

Networking Worksheet

IronPort S-Series Web Security Appliance

P/N 421-0097

UNPACK

PLAN THE

INSTALLATION

IronPort S660 and S360

Web Security Appliance

The IronPort S-Series Web Security Appliance (WSA) integrates integrates seamlessly into any

corporate network to defend against a wide variety of web-based malware threats such as malware,

spyware, malicious system monitors, Trojans, phishing, and pharming. Additionally, the S-Series

appliance provides a next generation platform to control and monitor web trafﬁc that originates from

within the network.

Use this Quick Start Guide to get the IronPor t S-Series appliance installed and running on your

network, and refer to the Deployment chapter in the Web Security Appliance User Guide for

information about how to conﬁgure appliance settings.

Before you start, make sure you have the following equipment:

• Rack cabinet enclosure

• RapidRailsTM and adaptor kits

• 10/100/Gigabit BaseT TCP/IP local area network (LAN)

Note: The Networking Work-

sheet that is located toward

the back of this guide is a

useful prerequisite to running

the System Setup Wizard.

Ironport strongly recommends

using the Networking Work-

sheet to plan your deployment

and record the information

that you need to complete

the initial conﬁguration.

Note: To monitor true client IP addresses,

the L4 Trafﬁc Monitor should always be

conﬁgured inside the ﬁrewall and before

NAT (Network Address Translation).

• Documentation CD

• Safety and Compliance Guide

• Terms and Conditions of Use

• Release Notes

Verify that the system box contains the following items:

Dual-Head

Power

Cables

(2)

Straight

Power

Cables

(2)

Ethernet

Cable

Null Modem

Cable

• IronPort S-Series appliance

• Dual-head power cables (1)

• Straight power cables (2)

• EthernetTM cable

• Null Modem cable

Decide how you are going to conﬁgure the appliance within your network.

The S-Series appliance is typically installed as an additional layer in the network between clients

and the Internet. Depending on how you deploy the appliance, you may or may not need a Layer 4

(L4) switch or a WCCP router to direct client trafﬁc to the appliance. Deployment options include:

• Transparent Proxy – Web proxy with an L4 switch

• Transparent Proxy – Web proxy with a WCCP router

• Explicit Forward Proxy – Connected to a network switch

• L4 Trafﬁc Monitor – Ethernet tap (simplex or duplex)

– Simplex Mode: Por t T1 receives all outgoing trafﬁc and por t T2 receives all incoming trafﬁc.

– Duplex Mode: Por t T1 receives all incoming and outgoing trafﬁc.

P1 P2

T1 T2

Clients

Ethernet tap

Simplex/Duplex Firewall

Management PC

Internet

L4 switch

WCCP router

RUN THE SYSTEM

SETUP WIZARD

CONFIGURE

INSTALL

IN RACK

CONNECT

CABLE

POWER UP

Install the IronPort S-Series appliance

into your rack cabinet.

Ensure the ambient temperature around

the system is within the speciﬁed limits,

and ensure there is sufﬁcient airﬂow

around the unit.

Conﬁgure your laptop’s network connection to use an IP address on the same subnet as the

S-Series appliance (192.168.42.xx).

Note: The laptop can only connect to the S-Series appliance if the laptop IP address and the appliance

IP address are on the same subnet.

Connect your laptop to the M1 Management Port using the Ethernet cable included in the system box.

The S-Series appliance uses the M1 Management Port only.

M1 P ORT

P1 P2

T1 T2

Connect the power cables and power up the system.

• Plug the female end of the straight power cable, or the female ends of the dual-headed power

cable into the redundant power supplies on the back panel of the appliance.

• Plug the male end(s) into an electrical outlet.

• Turn on the system power by pressing the On/Off switch on the front panel of the appliance.

You must wait ﬁve minutes for the system to initialize each time you power up the system.

IN OUT

P1 P2

T1 T2

ETHERNET TAP

SIMPLEX/DUPLEX

MANAGEMENT PC L4 SWITCH/

WCCP ROUTER/

NETWORK SWITCH

STRAIGHT

POWER CABLE

DUAL-HEAD

POWER CABLE

P1 P2

T1 T2

Access the IronPort S-Series appliance and run the System Setup Wizard to conﬁgure basic settings

and enable a set of system defaults.

• To access the S-Series appliance, open a web browser and connect to the Management interface:

http://192.168.42.42:8080

where 192.168.42.42 is the default IP address, and 8080 is the default Admin Por t setting.

The host name parameter is assigned during system setup. Before you can connect to the

Management interface using a host name (http://hostname:8080), you must add the appliance

host name and IP address to your DNS server database.

• Login using the default user name admin, and the default password ironpor t.

• Run the System Setup Wizard.

Use the web interface to set up web access policies, schedule reports, enable features, create

WCCP services, and modify settings as necessary to maintain your conﬁguration.

Set Web Access Policies: Use the Web Security Manager > Web Access Policies page to control

user access to the Internet by conﬁguring which objects and applications to allow or block, which

URL categories to monitor or block, and web reputation and anti-malware settings.

Schedule Reports: Use the Monitor > Repor ts page to schedule interactive reports, and setup

archive repor ting to track trends and activity over time.

Enable Features: Use the System Administration > Feature Keys page to enter valid keys for

features that you enabled during setup.

Create WCCP Services: If you connect the appliance to a WCCP v2 router, use the Network >

Transparent Redirection page to create at least one WCCP service.

Send Conﬁguration File: Send a copy of the current conﬁguration ﬁle to the system administrator.

This ﬁle can be used to restore your initial System Setup Wizard defaults if necessar y.

For information about managing the IronPor t S-Series appliance, refer to the Web Security

Appliance User Guide.

MORE>>

Cable the IronPort S-Series appliance.

Plug the Ethernet cables into the appropriate por ts on the back

panel of the appliance.

• The proxy ports are labeled P1 and P2.

– P1 only enabled: When only P1 is enabled, connect it to

the network for both incoming and outgoing trafﬁc.

– P1 and P2 enabled: When both P1 and P2 are enabled, you

must connect P1 to the internal network and P2 to the Internet.

• The Trafﬁc Monitor ports are labeled T1 and T2.

– Simplex tap: Por ts T1 and T2; one cable for all packets destined

for the internet (T1), and one cable for all packets coming from the Internet (T2).

– Duplex tap: Por t T1; one cable for all incoming and outgoing trafﬁc.

This manual suits for next models

Popular Firewall manuals by other brands

Fortinet

Fortinet FSM-500F Configuration guide

Cisco

Cisco Meraki MX100 installation guide

Cisco

Cisco S190 quick start guide

Fortinet

Fortinet FortiGate Voice Series install guide

SecureLogix

SecureLogix ETM System installation guide

Huawei

Huawei USG6000 Series Upgrade guide

NETGEAR

NETGEAR ProSafe FVX538 Reference manual

Lanner

Lanner FW-8877 user manual

Nexcom

Nexcom DNA 1150 user manual

Cisco

Cisco 3110 Hardware installation guide

Fortinet

Fortinet FortiGate-60 series install guide

ADTRAN

ADTRAN NetVanta 2300 Specifications

Swisscom

Swisscom Internet Backup manual

SonicWALL

SonicWALL NSa 5700 quick start guide

DPtech

DPtech FW1000 SERIES Maintenance manual

FEITIAN

FEITIAN MultiPass FIDO product manual

Trend Micro

Trend Micro Deep Edge quick start guide

Smoothwall

Smoothwall S10 Appliance Getting started guide

IronPort S660 User manual

Popular Firewall manuals by other brands