Planet Cs-2001 User manual

CS-2001 UTM Content Security Gateway User’s Manual

User’s Manual

CS-2001

UTM Content Security Gateway

reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or

computer

language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or

otherwise, without the prior written permission of PLANET.

PLANET makes no representations or warranties, either expressed or implied, with respect to the

contents

hereof and specifically disclaims any warranties, merchantability or fitness for any particular purpose.

Any

software described in this manual is sold or licensed "as is". Should the programs prove defective

following

their purchase, the buyer (and not this company, its distributor, or its dealer) assumes the entire cost of

all

necessary servicing, repair, and any incidental or consequential damages resulting from any defect in the

software. Further, this company reserves the right to revise this publication and to make changes from

time

to time in the contents hereof without obligation to notify any person of such revision or changes.

All brand and product names mentioned in this manual are trademarks and/or registered trademarks of

their

respective holders.

Disclaimer

PLANET Technology does not warrant that the hardware will work properly in all environments and

applications, and makes no warranty and representation, either implied or expressed, with respect to the

quality, performance, merchantability, or fitness for a particular purpose.

PLANET has made every effort to ensure that this User’s Manual is accurate; PLANET disclaims liability

for any inaccuracies or omissions that may have occurred.

Information in this User’s Manual is subject to change without notice and does not represent a

commitment

on the part of PLANET. PLANET assumes no responsibility for any inaccuracies that may be contained in

this User’s Manual. PLANET makes no commitment to update or keep current the information in this

User’s

Manual, and reserves the right to make improvements to this User’s Manual and/or to the products

described

in this User’s Manual, at any time without notice.

If you find information in this manual that is incorrect, misleading, or incomplete, we would appreciate

your

comments and suggestions.

Trademarks

The PLANET logo is a trademark of PLANET Technology.

This documentation may refer to numerous hardware and software products by their trade names. In

most, if

not all cases, these designations are claimed as trademarks or registered trademarks by their respective

companies.

CE mark Warning

This is a class A device, in a domestic environment; this product may cause radio interference, in which

case the user may be required to take adequate measures.

Federal Communication Commission Interference Statement

This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant

Part 15 of FCC Rules. These limits are designed to provide reasonable protection against harmful

interference in a residential installation. This equipment generates, uses, and can radiate radio frequency

energy and, if not installed and used in accordance with the instructions, may cause harmful interference

radio communications. However, there is no guarantee that interference will not occur in a particular

installation. If this equipment does cause harmful interference to radio or television reception, which can

be determined by turning the equipment off and on, the user is encouraged to try to correct the

interference

by one or more of the following measures:

1. Reorient or relocate the receiving antenna.

2. Increase the separation between the equipment and receiver.

3. Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.

4. Consult the dealer or an experienced radio technician for help.

FCC Caution:

To assure continued compliance (example-use only shielded interface cables when connecting to

computer or

peripheral devices). Any changes or modifications not expressly approved by the party responsible for

compliance could void the user’s authority to operate the equipment.

This device complies with Part 15 of the FCC Rules. Operation is subject to the Following two conditions:

(1)

This device may not cause harmful interference, and (2) this Device must accept any interference

received,

including interference that may cause undesired operation.

R&TTE Compliance Statement

This equipment complies with all the requirements of DIRECTIVE 1999/5/EC OF THE EUROPEAN

PARLIAMENT AND THE COUNCIL OF 9 March 1999 on radio equipment and telecommunication

terminal Equipment and the mutual recognition of their conformity (R&TTE)

The R&TTE Directive repeals and replaces in the directive 98/13/EEC (Telecommunications Terminal

Equipment and Satellite Earth Station Equipment) As of April 8, 2000.

WEEE Caution

To avoid the potential effects on the environment and human health as a result of the

presence of hazardous substances in electrical and electronic equipment, end users of

electrical and electronic equipment should understand the meaning of the crossed-out

wheeled bin symbol. Do not dispose of WEEE as unsorted municipal waste and have to

collect such WEEE separately.

Safety

This equipment is designed with the utmost care for the safety of those who install and use it. However,

special attention must be paid to the dangers of electric shock and static electricity when working with

electrical equipment. All guidelines of this and of the computer manufacture must therefore be allowed at

all

times to ensure the safe use of the equipment.

Customer Service

For information on customer service and support for the UTM Content Security Gateway, please refer to

the following Website URL:

http://www.test.com

Before contacting customer service, please take a moment to gather the following information:

♦UTM Content Security Gateway serial number and MAC address

♦Any error messages that displayed when the problem occurred

♦Any software running when the problem occurred

♦Steps you took to resolve the problem on your own

Revision

User’s Manual for PLANET UTM Content Security Gateway

Model: CS-2001v2

Rev: 1.0 (April, 2012)

PartNo: EM-CS2001v2_v1.0

Table of Contents

Quick Installation Guide..........................................................................8

Hardware Installation ........................................................................................9

Basic System Configuration...............................................................................1

S.1 Overview of Functions ....................................................................9

System ......................................................................................................16

Chapter 1 Administration ................................................................................17

1.1 Admin.............................................................................................19

1.2 Permitted IPs..................................................................................21

1.3 Logout............................................................................................22

1.4 Updating Software.........................................................................24

Chapter 2 Configuration..................................................................................25

2.1 Settings...........................................................................................35

2.2 Date / Time.....................................................................................40

2.3 Multiple Subnet..............................................................................41

2.4 Route Table ....................................................................................55

2.5 DHCP.............................................................................................59

2.6 DDNS.............................................................................................64

2.7 Host Table ......................................................................................65

2.8 SNMP.............................................................................................66

2.9 Bulletin Board................................................................................68

2.10 Language......................................................................................72

Interface...................................................................................................73

Chapter 3 Interface...........................................................................................74

3.1 Example .........................................................................................84

Policy Object..........................................................................................124

Chapter 4Address...........................................................................................125

4.1 Example .......................................................................................128

Chapter 5 Service............................................................................................136

5.1 Example of Pre-defined ...............................................................138

5.2 Example of Service Group...........................................................142

Chapter 6 Schedule.........................................................................................146

6.1 Example .......................................................................................148

Chapter 7 QoS.................................................................................................150

7.1 Example .......................................................................................152

Chapter 8Authentication...............................................................................156

8.1 User / Group Authentication........................................................162

8.2 RADIUS Authentication..............................................................166

8.3 POP3 Authentication....................................................................187

8.4 LDAPAuthentication...................................................................190

Chapter 9Application Blocking ....................................................................204

9.1 Example .......................................................................................207

Chapter 10 Virtual Server..............................................................................214

10.1 Example .....................................................................................216

Chapter 11 VPN ..............................................................................................236

11.1 Example .....................................................................................249

Mail Security.........................................................................................407

Chapter 12 Configuration..............................................................................408

12.1 Mail Domains.............................................................................415

12.2 Account Manager.......................................................................420

12.3 Mail Relay..................................................................................434

12.4 Mail Notice ................................................................................440

12.5 Queued Mail...............................................................................443

12.6 Mail Signatures..........................................................................445

Chapter 13Anti-Spam....................................................................................447

13.1 Example .....................................................................................458

Chapter 14Anti-Virus ....................................................................................526

14.1 Example .....................................................................................529

Chapter 15 Mail Reports................................................................................550

15.1 Statistics.....................................................................................559

15.2 Logs............................................................................................560

Web Filter..............................................................................................562

Chapter 16 Configuration..............................................................................563

16.1 Example .....................................................................................570

Chapter 17 Reports.........................................................................................586

17.1 Statistics.....................................................................................591

17.2 Logs............................................................................................595

IDP..........................................................................................................596

Chapter 18 Configuration..............................................................................597

Chapter 19 Signatures ....................................................................................602

19.1 Example .....................................................................................608

Chapter 20 IDP Report...................................................................................615

20.1 Statistics.....................................................................................619

20.2 Logs............................................................................................620

Web VPN / SSLVPN ............................................................................621

Chapter 21 Web VPN / SSLVPN ..................................................................622

21.1 Example .....................................................................................626

IM Recording ........................................................................................641

Chapter 22 Configuration..............................................................................642

22.1 Example .....................................................................................644

Chapter 23 Reports.........................................................................................650

23.1 Statistics.....................................................................................657

23.2 Message History.........................................................................659

Policy......................................................................................................659

Chapter 24 Policy............................................................................................660

24.1 Example .....................................................................................666

Anomaly Flow IP ..................................................................................691

Chapter 25Anomaly Flow IP.........................................................................692

25.1 Example .....................................................................................693

Advance..................................................................................................697

Chapter 26 Inbound Balancing......................................................................698

26.1 Example .....................................................................................709

Chapter 27 High Availability .........................................................................742

27.1 Example .....................................................................................744

Chapter 28 Co-Defense System......................................................................751

28.1 Example .....................................................................................754

Monitoring.............................................................................................759

Chapter 29 Logs..............................................................................................760

29.1 Traffic.........................................................................................768

29.2 Event..........................................................................................772

29.3 Connection.................................................................................774

29.4 Viruses........................................................................................776

29.5 Application Blocking .................................................................780

29.6 Concurrent Sessions...................................................................782

29.7 Quota..........................................................................................785

29.8 Log Backup................................................................................788

Chapter 30 Accounting Reports ....................................................................791

30.1 Flow Analysis.............................................................................797

30.2 Today’s Top Chart......................................................................798

30.3 Historical Top Chart...................................................................805

Chapter 31 Traffic Grapher...........................................................................806

31.1 WAN Traffic...............................................................................808

31.2 Policy-Based Traffic ..................................................................812

Chapter 32 Diagnostic Tools ..........................................................................816

32.1 Ping............................................................................................817

32.2 Traceroute ..................................................................................820

32.3 Packet Capture...........................................................................822

Chapter 33 Wake-On-LAN............................................................................823

33.1 Example .....................................................................................824

Chapter 34 Status............................................................................................825

34.1 Interface .....................................................................................826

34.2 System Info................................................................................828

34.3 Authentication............................................................................830

34.4 ARP Table ..................................................................................831

34.5 Sessions Info..............................................................................834

34.6 DHCP Clients.............................................................................836

34.7 Host Info ....................................................................................837

Quick Installation Guide

Hardware Installation

Front panel:

Figure 1a. Front Panel of the CS-2001

Rear panel:

Figure 1b. Rear Panel of the CS-2001

Power Indicator: Lights up when the power is on.

HDD Indicator: Glitters when system is accessing data from the HDD.

Console Port (9600, 8, N, 1):A RS-232 console cable connect this serial port for

checking network interface setting and can reset to factory setting.

Ethernet Port 1/2/3/4 can be set as a:

LAN Port: Connects to the Intranet.

WAN Port: Connects to the perimeter router.

DMZ Port: The demilitarized zone (DMZ) is a physical subnet for securing

the Local Area Network. It allows the externals users to access the

company’s external network.

USB Port: If the firmware damage issue result the device can’t boot

normally, use the USB device to upgrade (recovery) the firmware in order

to make this be normal.

Power Indicator

HDD Indicator

Power Socket

Power Switch

Ethernet Port1/2/3/4

Console Port

USB Port

CS-2001 UTM Content Security Gateway User’s Manual

LED / Port Description

WAN

LAN

DMZ

LED1(Left) Orange Steady on indicates the port is connected to other

network device.

Blink to indicates there is traffic on the port

LED2(Right) Orange Steady on indicates the port is connected at

1000Mbps speed

Green Steady on indicates the port is connected at

100Mbps speed

Off The LED off to indicate the port is connected at

10Mbps speed

CS-2001 Topology：

Figure2. Topology of the CS-2001

Basic System Configuration

Step 1.Connect both the IT administrator’s PC and the device’s LAN port to the

same hub / switch, and launch a browser (e.g., IE or Firefox) to access the

management interface address which is set to http://192.168.1.1 by default.

Step 2.You will be prompted for user name and password when accessing the

management interface. (both of user name and password are “admin” by

default)

Figure3. Typing the User Name and Password

Step 3. The user interface consists of the following two panels:

Menu Panel: Presents all the available system configurations in a tree

directory structure. (see Overview of Functions)

Configuration Panel: Displays the data or configurable settings of the

corresponding item selected on the Menu Panel.

Figure4. The CS-2001 User Interface

Note：

1. For your reference, you may configure your management address based on the available

subnet ranges below.

10.0.0.0 ~ 10.255.255.255

172.16.0.0 ~ 172.31.255.255

192.168.0.0 ~ 192.168.255.255

Step 4.If it’s the first time you’ve logged into the management interface, an install

wizard will appear to guide you through setting some of the basic settings

required. System > Configuration > Installation Wizard

Figure5. The Install Wizard

Step 5.Select the language for the user interface and the default character

encoding.

Figure6. Selecting the Language and Default Character Encoding

Important：

1. Any data saved on the interface will be saved as the selected default character encoding if the

device is unable to recognize the encoding.

Step 6.The LAN interface address must reflect your network environment. The

defualt LAN interface is set to 192.168.1.x/24. However, if the LAN

interface was changed to 172.16.0.1 (subnet mask: 255.255.255.0), the IT

administrator must configure each PC in the subnet using an available IP

address from this subnet.

Setting: Select Port1 (LAN1).

Interface: Select LAN.

LAN Interface Mode: Select NAT / Routing Mode.

Fill in the IPAddress and Netmask fields.

Figure7. Interface Settings

Important :

1. Note: Once the LAN interface is changed, please enter the new LAN IP address in the

browser next time when you log in the CS-2001 Web UI.

Step 7.Configure theWAN Interface (please refer to your ISP for the settings).

Setting: Select Port2(WAN1)

Interface: Select WAN

Connection Mode: Select the required mode

Configure the remaining settings.

Figure8. The WAN Settings

Step 8.Tick the Synchronize to an NTPServer box to ensure the system is

provided with the accurate time.

Figure9. Time Settings

Step 9. Enable Outgoing.

Figure10. Enabling an Outgoing Policy

Note：

1. Go to Policy > Outgoing and configure as below:

SourceAddress: Select Inside_Any

Destination Address: Select Outside_Any

Service:Select ANY

Figure11. A Policy Allowing LAN Users to Access Any External Network Services

2. Finally, configure all LAN PC addresses within the same domain as the LAN interface

address, which is also the default gateway address for the LAN. Or, simply by using the

DHCP to enable LAN PCs to obtain IP addresses, users may have Internet access right after

configuring DHCP. To configure any network policies, please go to Policy Object and Policy.

Step 10. Provide the following CS-2001 interface information to LAN users.

Figure12. Settings Confirmation

Step 11. Settings complete.

Figure13. Installation Wizard Completed

S.1 Overview of Functions

Category Configurable Settings Description Index

System Administration Admin Creates, modifies or removes

administrator accounts.

Chapter 1

Permitted IPs Permits specific IP addresses to

access the system.

Software

Update

Update the system’s software

version.

Configuration Settings For importing or exporting the

system settings, resetting the

system to factory default settings,

formatting the hard disk,

enabling email alert notifications,

configuring the Syslog settings,

configuring the Web management

port, configuring the Proxy

settings, configuring the max.

number of items shown per page,

etc.

Chapter 2

Date/ Time Synchronizes the time between

the system and the device.

Multiple

Subnets

ForAdding the multiple subnets

to facilitate the internal network’s

distribution.

Routing Table Assigns a gateway for packets

going to specific destination

addresses.

DHCP Allocates IPs to LAN PCs.

Dynamic DNS Maps a dynamic IP to specific

domain name.

Host Table Maps LAN IPs to customizable

names to facilitate management.

SNMP Captures real time information of

the system.

Bulletin Board

Announces the information to

Table of contents

Popular Gateway manuals by other brands

ZyXEL Communications

ZyXEL Communications P-660HU-T1 Brochure & specs

DIGITAL YACHT

DIGITAL YACHT Smart WLN10 Technical notes

Cisco

Cisco VG200 manual

Grandstream Networks

Grandstream Networks GXW-4024 Quick install guide

Carel

Carel CloudGate Assembly procedure

RisingHF

RisingHF RHF2S025 user manual

Eaton

Eaton ProtoAir FPA-W34 Startup guide

Intesis

Intesis INBACPAN128O000 Installation sheet

Juniper

Juniper SRX220 manual

Honeywell

Honeywell Evohome installation guide

Janus

Janus AC-4CM10-650-F-20-000 Installation & operation manual

enphase

enphase 400 A Consumption CTs Installation instruction

Intellinet

Intellinet 524759 user manual

ETC

ETC Net3 Four Port Gateway Setup guide

ZyXEL Communications

ZyXEL Communications PRESTIGE 2302RL - Support notes

Zte

Zte ZXHN H268A user manual

IPCOMM

IPCOMM IPC191V5 General Operating, Maintenance, and Installation Manual

ZIGBEE

ZIGBEE SEG-X3 quick start guide

Planet CS-2001 User manual

Popular Gateway manuals by other brands