Ironport S160 User manual

IRONPORT S160

QUICKSTART GUIDE

Deployment Options

❏ Web Proxy

❏ Transparent with L4 Switch

❏ Transparent with WCCP Router

❏ Explicit Forward Proxy

❏ L4 Trafﬁc Monitor

❏ Simplex tap

❏ Duplex tap

Network Context

Is there another proxy on the network? ❏ No Yes ❏ in Transparent Mode ❏ In Forward Mode

Other Proxy in Forward Mode: IP address and Port:

Network Settings

Default System Hostname:

DNS Servers ❏ Use the Internet’s root DNS ser vers

❏ Use these DNS servers (maximum 3):

Network Time Protocol (NTP) server: IP address and host name:

Time Zone Region: Region: Country: GMT Offset:

Interface Settings

Management Interface M1 Ethernet por t only IP address:

Network mask:

Host name:

NOTE: The Web Proxy can share the Management interface. If conﬁgured separately, the Data interface IP address and the Management

interface IP address cannot share the same subnet.

Data Interface IP address:

Network mask:

Host name:

Routes

Internal Routes for Management Default Gateway:

Static Route Name:

Static Route Destination Network:

Static Route Gateway:

Internal Routes for Data Default Gateway:

Static Route Name:

Static Route Destination Network:

Static Route Gateway:

Transparent Routing Device

Device type: ❏ Layer-4 switch ❏ WCCP router

NOTE: When you connect the appliance to a WCCP router, you must conﬁgure the Web Security appliance to create WCCP services after

you run the System Setup Wizard.

Administrative Settings

Administrative Password: ❏ AutoSupport

Send Email System Alerts to:

Security Services

❏ IP Spooﬁng

L4 Trafﬁc Monitor: ❏ Monitor Only ❏ Block

❏ IronPort URL Filtering

❏ Web Reputation Filters

Malware and Spyware Scanning: ❏ Enable Webroot

❏ Enable McAfee

Action for Detected Malware: ❏ Monitor Only ❏ Block

Action for Unscannable Transactions: ❏ Monitor Only ❏ Block

❏ SenderBase Network Participation

Participation Level: ❏ Limited ❏ Standard

Networking Worksheet

IronPort S-Series Web Security Appliance

P/N 421-0098(B)

UNPACK

PLAN THE

INSTALLATION

IronPort S160

Web Security Appliance

The IronPort S-Series Web Security Appliance (WSA) integrates integrates seamlessly into any

corporate network to defend against a wide variety of web-based malware threats such as malware,

spyware, malicious system monitors, Trojans, phishing, and pharming. Additionally, the S-Series

appliance provides a next generation platform to control and monitor web trafﬁc that originates from

within the network.

Use this Quick Start Guide to get the IronPort S-Series appliance installed and running on your

network, and refer to the Deployment chapter in the Web Security Appliance User Guide for

information about how to conﬁgure appliance settings.

Before you start, make sure you have the following equipment:

• Rack cabinet enclosure

• RapidRailsTM and adaptor kits

• 10/100/Gigabit BaseT TCP/IP local area network (LAN)

Note: The Networking Work-

sheet that is located toward

the back of this guide is a

useful prerequisite to running

the System Setup Wizard.

Ironport strongly recommends

using the Networking Work-

sheet to plan your deployment

and record the information

that you need to complete

the initial conﬁguration.

Note: Cisco IronPort recom-

mends that you contact a

sales engineer from your

Certiﬁed VAR or Cisco IronPort

to participate in the planning

and implementation of the

install. Cisco IronPort also

recommends that you contact

your sales engineer for any

installation questions.

• Documentation CD

• Safety and Compliance Guide

• Terms and Conditions of Use

Verify that the system box contains the following items:

Straight

Power

Cable

Ethernet

Cable

Null Modem

Cable

• IronPort S-Series appliance

• Straight power cable

• EthernetTM cable

• Null Modem cable

Decide how you are going to conﬁgure the appliance within your network.

The S-Series appliance is typically installed as an additional layer in the network between clients

and the Internet. Depending on how you deploy the appliance, you may or may not need a Layer 4

(L4) switch or a WCCP router to direct client trafﬁc to the appliance. Deployment options include:

• Transparent Proxy – Web proxy with an L4 switch

• Transparent Proxy – Web proxy with a WCCP router

• Explicit Forward Proxy – Connected to a network switch

• L4 Trafﬁc Monitor – Ethernet tap (simplex or duplex)

– Simplex Mode: Por t T1 receives all outgoing trafﬁc and por t T2 receives all incoming trafﬁc.

– Duplex Mode: Por t T1 receives all incoming and outgoing trafﬁc.

P1 P2 T1 T2

Clients

Ethernet tap

Simplex/Duplex Firewall

Management PC

Internet

L4 switch

WCCP router

Note: To monitor true client IP addresses,

the L4 Trafﬁc Monitor should always be

conﬁgured inside the ﬁrewall and before

NAT (Network Address Translation).

RUN THE SYSTEM

SETUP WIZARD

CONFIGURE

INSTALL

IN RACK

CONNECT

CABLE

POWER UP

Install the IronPort S-Series appliance

into your rack cabinet.

Ensure the ambient temperature around

the system is within the speciﬁed limits,

and ensure there is sufﬁcient airﬂow

around the unit.

Conﬁgure your laptop’s network connection to use an IP address on the same subnet as the

S-Series appliance (192.168.42.xx).

Note: The laptop can only connect to the S-Series appliance if the laptop IP address and the appliance

IP address are on the same subnet.

Connect your laptop to the M1 Management Port using the Ethernet cable included in the system box.

The S-Series appliance uses the M1 Management Port only.

Connect the power cables and power up the system.

• Plug the female end of the straight power cable, or the female ends of the dual-headed power

cable into the redundant power supplies on the back panel of the appliance.

• Plug the male end(s) into an electrical outlet.

• Turn on the system power by pressing the On/Off switch on the front panel of the appliance.

You must wait ﬁve minutes for the system to initialize each time you power up the system.

POWER

STRAIGHT

POWER CABLE

Access the IronPort S-Series appliance and run the System Setup Wizard to conﬁgure basic settings

and enable a set of system defaults.

• To access the S-Series appliance, open a web browser and connect to the Management inter face:

http://192.168.42.42:8080

where 192.168.42.42 is the default IP address, and 8080 is the default Admin Por t setting.

The host name parameter is assigned during system setup. Before you can connect to the

Management interface using a host name (http://hostname:8080), you must add the appliance

host name and IP address to your DNS server database.

• Login using the default user name admin, and the default password ironpor t.

• Run the System Setup Wizard.

Use the web interface to set up web access policies, schedule reports, enable features, create

WCCP services, and modify settings as necessary to maintain your conﬁguration.

Set Web Access Policies: Use the Web Security Manager > Web Access Policies page to control

user access to the Internet by conﬁguring which objects and applications to allow or block, which

URL categories to monitor or block, and web reputation and anti-malware settings.

Schedule Reports: Use the Monitor > Repor ts page to schedule interactive reports, and setup

archive repor ting to track trends and activity over time.

Enable Features: Use the System Administration > Feature Keys page to enter valid keys for

features that you enabled during setup.

Create WCCP Services: If you connect the appliance to a WCCP v2 router, use the Network >

Transparent Redirection page to create at least one WCCP service.

Send Conﬁguration File: Send a copy of the current conﬁguration ﬁle to the system administrator.

This ﬁle can be used to restore your initial System Setup Wizard defaults if necessar y.

For information about managing the IronPor t S-Series appliance, refer to the Web Security

Appliance User Guide.

MORE>>

Cable the IronPort S-Series appliance.

Plug the Ethernet cables into the appropriate por ts on the back

panel of the appliance.

• The proxy ports are labeled P1 and P2.

– P1 only enabled: When only P1 is enabled, connect it to

the network for both incoming and outgoing trafﬁc.

– P1 and P2 enabled: When both P1 and P2 are enabled, you

must connect P1 to the internal network and P2 to the Internet.

• The Trafﬁc Monitor ports are labeled T1 and T2.

– Simplex tap: Por ts T1 and T2; one cable for all packets destined

for the internet (T1), and one cable for all packets coming from the Internet (T2).

– Duplex tap: Por t T1; one cable for all incoming and outgoing trafﬁc.

P1 P2 T1 T2

M1 PORT

P1P2T1T2

M1M1

MANAGEMENT PC

L4 SWITCH/

WCCP ROUTER

ETHERNET TAP

SIMPLEX/DUPLEX

Popular Security System manuals by other brands

Resolution

Resolution RE508XC installation guide

Chamberlain

Chamberlain 976LMC Security+ user manual

ALC

ALC observer AWS52155 quick start guide

Amcrest

Amcrest AL-HUB1 quick start guide

Motorola

Motorola HMEZ2000 - Homesight Wireless Home Security... quick start guide

Siemens

Siemens FDM225 manual

Nortel

Nortel DMS-100 Series Reference manual

Visonic

Visonic POWERMAX - Programming guide

Carefree

Carefree 1050A owner's manual

GuardTronic

GuardTronic GTWAE7-4D Instruction

Memco

Memco C100 LVAS installation guide

Climax

Climax ACGS-23 manual

MITECH

MITECH GARDEN-TOWER MAGNUS Installation and user manual

Alarm Lock

Alarm Lock PG21 installation instructions

Ksenia

Ksenia imago wls 96 installation guide

DSC

DSC PK5500 installation instructions

Hiltron security

Hiltron security SEN manual

Universal Companies

Universal Companies TALM011 user manual

IronPort S160 User manual

Popular Security System manuals by other brands