Sangfor Iam 2.1 User manual

SANGFOR IAM v2.1 User Manual

IAM 2.1 User Manual

September, 2010

SANGFOR IAM v2.1 User Manual

Table of Contents

Table of Contents.....................................................................................................................1

Announcement.........................................................................................................................8

Preface......................................................................................................................................9

About This Manual ...................................................................................................................9

Document Conventions...........................................................................................................10

Graphic Interface Conventions...............................................................................................10

Symbol Conventions................................................................................................................11

Technical Support ...................................................................................................................11

Acknowledgements.................................................................................................................11

Chapter 1 IAM Installation..................................................................................................12

1.1. Environment Requirement...............................................................................................12

1.2. Power ...............................................................................................................................12

1.3. Product Appearance .........................................................................................................12

1.4. Configuration and Management.......................................................................................13

1.5. Wiring Method of Standalone..........................................................................................13

1.6. Wiring Method of Redundant System..............................................................................15

Chapter 2 Console.................................................................................................................17

2.1. Web UI Login...................................................................................................................17

2.2. IAM Gateway Configuration ...........................................................................................18

Chapter 3 System Status.......................................................................................................19

3.1. Running Status.................................................................................................................19

3.2. Security Status..................................................................................................................20

3.3. License.............................................................................................................................21

3.4. Gateway Mode.................................................................................................................22

3.4.1. Route Mode...................................................................................................................22

3.4.2. Bridge Mode..................................................................................................................24

3.4.2.1. Bridge Mode: Multiple-Interface...............................................................................25

3.4.2.2. Bridge Mode: Multi-Bridge .......................................................................................28

3.4.3. Bypass Mode.................................................................................................................31

3.4.4. Single-Arm Mode ..........................................................................................................34

3.5. Network Interface ............................................................................................................37

3.6. Multi-Node Sync..............................................................................................................38

3.7. Date/Time.........................................................................................................................40

3.8. Administrators..................................................................................................................40

3.9. WEBUI.............................................................................................................................43

SANGFOR IAM v2.1 User Manual

3.10. Backup/Restore..............................................................................................................44

3.11. Reboot............................................................................................................................45

3.12. Maintenance...................................................................................................................45

3.13. Auto Update ...................................................................................................................46

3.14. Route..............................................................................................................................47

3.14.1. Policy Routing.............................................................................................................47

3.14.2. Static Routing..............................................................................................................50

3.15. Generate Certificate .......................................................................................................53

3.16. HighAvailability............................................................................................................53

Chapter 4 Object...................................................................................................................56

4.1. Application Ident Rule.....................................................................................................56

4.2. Intelligent Ident Rule .......................................................................................................59

4.3. Service..............................................................................................................................61

4.4. IP Group...........................................................................................................................62

4.5. Schedule...........................................................................................................................64

4.6. URL Group.......................................................................................................................65

4.7. White List Group..............................................................................................................68

4.8. Keyword Group................................................................................................................69

4.9. File Type Group ...............................................................................................................70

4.10. Ingress Rule....................................................................................................................71

4.11. SSL Certificate...............................................................................................................80

Chapter 5 Firewall ................................................................................................................82

5.1. Firewall Rule....................................................................................................................82

5.1.1. LAN <-> DMZ..............................................................................................................82

5.1.2. DMZ <-> WAN .............................................................................................................84

5.1.3. WAN<->LAN ................................................................................................................84

5.1.4. VPN <-> WAN ..............................................................................................................85

5.1.5. VPN<->LAN.................................................................................................................86

5.1.6. LAN<->LAN.................................................................................................................87

5.1.7. DMZ <-> DMZ.............................................................................................................88

5.2. NAT Rules........................................................................................................................88

5.2.1. SNAT .............................................................................................................................89

5.2.2. DNAT.............................................................................................................................90

5.3. Anti-DoS ..........................................................................................................................92

5.4. ARP Protection.................................................................................................................95

Chapter 6 WAN Optimization..............................................................................................97

6.1. Optimization Status..........................................................................................................97

SANGFOR IAM v2.1 User Manual

6.1.1. System Status.................................................................................................................98

6.1.2. Optimization Status.......................................................................................................98

6.1.3. Cache Hit ....................................................................................................................100

6.2. Proxy Options ................................................................................................................101

6.2.1. System Settings............................................................................................................102

6.2.1.1. Basic Settings...........................................................................................................104

6.2.1.2.Advanced Settings....................................................................................................105

Chapter 7 IAM....................................................................................................................107

7.1. Access Control Policy....................................................................................................107

7.1.1. Add Access Control Policy..........................................................................................109

7.1.2. Edit Access Control Policy.......................................................................................... 111

7.1.2.1. Access Control .........................................................................................................112

7.1.2.1.1. Application Control......................................................................................113

7.1.2.1.2. Service Control.............................................................................................114

7.1.2.1.3. Proxy Control...............................................................................................116

7.1.2.2. Web Filter.................................................................................................................117

7.1.2.2.1. HTTP URL Filter..........................................................................................117

7.1.2.2.2. HTTPS URL Filter.......................................................................................120

7.1.2.2.3. Keyword Filter .............................................................................................122

7.1.2.2.4. File Type Filter.............................................................................................123

7.1.2.2.5. ActiveX Filter...............................................................................................126

7.1.2.2.6. Script Filter...................................................................................................130

7.1.2.3. Email Filter ..............................................................................................................131

7.1.2.3.1. Send/Receive Mail .......................................................................................131

7.1.2.3.2. Delayed Email Audit....................................................................................132

7.1.2.4. SSL Management.....................................................................................................134

7.1.2.4.1. SSL Control..................................................................................................134

7.1.2.4.2. SSL Content Ident ........................................................................................135

7.1.2.5. Application Audit.....................................................................................................137

7.1.2.5.1. Audit Option.................................................................................................137

7.1.2.5.2. Outgoing File Alarm.....................................................................................140

7.1.2.6. Flow/Time Statistics.................................................................................................144

7.1.2.6.1. Flow/Time Statistics.....................................................................................144

7.1.2.6.2. Online Duration Control...............................................................................145

7.1.2.6.3. Session Control ............................................................................................145

7.1.2.7. Ingress System .........................................................................................................146

7.1.2.8. Risk Ident.................................................................................................................147

SANGFOR IAM v2.1 User Manual

7.1.2.9. Reminder..................................................................................................................149

7.1.2.9.1. Time Reminder.............................................................................................149

7.1.2.9.2. Flow Reminder.............................................................................................150

7.1.2.9.3. Bulletin Page................................................................................................151

7.2. Authentication Options...................................................................................................153

7.2.1. New User Authentication ............................................................................................153

7.2.2. SSO Settings................................................................................................................156

7.2.2.1.Active Directory SSO...............................................................................................157

7.2.2.1.1. Install Component Mode..............................................................................158

7.2.2.1.2. AD Group Policy Mode ...............................................................................158

7.2.2.1.3. Configure Logon Script Program.................................................................159

7.2.2.1.4. Configure Logoff Script Program ................................................................163

7.2.2.2. POP3 SSO................................................................................................................166

7.2.2.2.1. POP3 Authentication....................................................................................166

7.2.2.2.2. Network Environment..................................................................................167

7.2.2.2.3. Configuration ...............................................................................................167

7.2.2.3. WEB SSO ................................................................................................................168

7.2.2.4. Proxy SSO................................................................................................................170

7.2.2.4.1. ProxyAuthentication....................................................................................170

7.2.2.4.2. Network Environment..................................................................................170

7.2.2.4.3. Configuration ...............................................................................................170

7.2.2.5. Listening Mirror Port ...............................................................................................171

7.2.2.6. OnlyAllow SSO.......................................................................................................171

7.2.3. Page Display After Authentication..............................................................................172

7.2.4. Authentication Conflict Settings..................................................................................173

7.2.5. SNMP Option..............................................................................................................174

7.2.6. Other Authentication Options .....................................................................................175

7.3. Authentication Server.....................................................................................................177

7.3.1. LDAP...........................................................................................................................178

7.3.2. RADIUS.......................................................................................................................179

7.3.3. POP3...........................................................................................................................180

7.4. Organization Structure ...................................................................................................180

7.4.1. Search..........................................................................................................................182

7.4.2. Add Subgroup..............................................................................................................183

7.4.3. Edit Subgroup..............................................................................................................185

7.4.4. Edit User.....................................................................................................................190

7.4.5. Edit User.....................................................................................................................192

SANGFOR IAM v2.1 User Manual

7.4.5.1. Binding IP/MAC......................................................................................................193

7.4.5.1.1. Bind IP .........................................................................................................193

7.4.5.1.2. Bind MAC....................................................................................................194

7.4.5.1.3. Bind Both IP and MAC................................................................................196

7.4.5.1.4. No Binding...................................................................................................197

7.4.5.2. Group .......................................................................................................................197

7.4.5.3.Authentication Method.............................................................................................198

7.4.5.4. Expiry Date..............................................................................................................200

7.4.5.5. Enable This User......................................................................................................201

7.4.5.6.Access Control Policy..............................................................................................203

7.5. User Import....................................................................................................................204

7.6. LDAP Sync ....................................................................................................................206

7.6.1. Sync by LDAP Organization Structure........................................................................207

7.6.2. Sync by LDAP Security Group....................................................................................209

7.6.3. View Sync Report.........................................................................................................210

7.7. Online User....................................................................................................................211

Chapter 8 Bandwidth Management ..................................................................................214

8.1. Bandwidth Status ...........................................................................................................214

8.1.1. Bandwidth Channel.....................................................................................................215

8.1.2. Exclusion Policy..........................................................................................................216

8.2. Bandwidth Settings........................................................................................................217

8.2.1. Bandwidth Channel.....................................................................................................217

8.2.1.1.Add Bandwidth Channel..........................................................................................218

8.2.1.2.Add Child Bandwidth Channel ................................................................................223

8.2.1.3. Select and Edit Bandwidth Channel.........................................................................224

8.2.2. Exclusion Policy..........................................................................................................226

8.3. Line Bandwidth..............................................................................................................227

8.4. Virtual Line ....................................................................................................................227

Chapter 9 Delayed EmailAudit.........................................................................................232

9.1. Email Audit Policy.........................................................................................................232

9.2. Audited Email ................................................................................................................233

9.3. Unaudited Email ............................................................................................................233

Chapter 10 InternetAccessAudit......................................................................................234

10.1. Realtime Logs..............................................................................................................234

10.1.1. Flow Ranking............................................................................................................235

10.1.2. Connection Ranking..................................................................................................237

10.1.3. Connection Monitoring.............................................................................................238

SANGFOR IAM v2.1 User Manual

10.1.4. Behavior Monitoring.................................................................................................238

10.2.Audit Log Maintenance................................................................................................239

10.3. Data Center Settings.....................................................................................................239

10.4. Enter Data Center.........................................................................................................242

Chapter 11 Logs/Troubleshooting......................................................................................244

11.1. System Logs.................................................................................................................244

11.2. Policy Troubleshooting ................................................................................................246

11.3. Packet Capture .............................................................................................................249

Chapter 12Advanced..........................................................................................................253

12.1.Alarm............................................................................................................................253

12.2. Proxy Server.................................................................................................................254

12.3. Web Tracking...............................................................................................................255

12.4. Excluded IP/Domain....................................................................................................257

12.5. Page Customization......................................................................................................258

Chapter 13 Security............................................................................................................260

13.1. GatewayAntivirus........................................................................................................260

13.2. IPS................................................................................................................................262

13.2.1. IPS Options...............................................................................................................262

13.2.2. IPS Rules...................................................................................................................264

13.3. VPN Settings................................................................................................................265

13.3.1. VPN Status.................................................................................................................265

13.3.2. Basic Settings............................................................................................................266

13.3.3. User Management.....................................................................................................269

13.3.4. Connection Management ..........................................................................................273

13.3.5. Virtual IP Pool ..........................................................................................................276

13.3.6. Multiline Settings ......................................................................................................278

13.3.7. Multiline Routing Policy...........................................................................................280

13.3.8. Local Subnet List.......................................................................................................284

13.3.9. Tunnel Route..............................................................................................................285

13.3.10. IPSec Connection....................................................................................................289

13.3.10.1. Device List...........................................................................................................289

13.3.10.2. Security Option ....................................................................................................291

13.3.10.3. Outbound Policy...................................................................................................293

13.3.10.4. Inbound Policy.....................................................................................................294

13.3.11. Common Settings.....................................................................................................296

13.3.11.1. Schedule...............................................................................................................296

13.3.11.2. Algorithm List......................................................................................................298

SANGFOR IAM v2.1 User Manual

13.3.12. Advanced.................................................................................................................298

13.3.12.1. LAN Service ........................................................................................................298

13.3.12.2. VPN Interface.......................................................................................................302

13.3.12.3. LDAP Server........................................................................................................303

13.3.12.4. Radius Server.......................................................................................................304

13.3.13. Generate Certificate................................................................................................305

Chapter 14 DHCP...............................................................................................................306

14.1. DHCP Status ................................................................................................................306

14.2. DHCP Settings .............................................................................................................306

Chapter 15 Wizard..............................................................................................................309

AppendixA: Gateway Client-Updater..............................................................................310

Appendix B: Acronyms And Abbreviations......................................................................317

SANGFOR IAM v2.1 User Manual

Announcement

No part of the contents of this document shall be extracted, reproduced or transmitted in any form

or by any means without prior written permission of SANGFOR.

SANGFOR, SANGFOR Technology and the SANGFOR logo are the trademarks or

registered trademarks of SANGFOR Technology Co., Ltd. All other trademarks used or mentioned

herein belong to their respective owners.

This manual shall only be used as usage guide, and no statement, information, or suggestion in it

shall be considered as implied or express warranty of any kind, unless otherwise stated. This

manual is subject to change without notice. To obtain the latest version of this manual, please

contact the Customer Service of SANGFOR Technology Co., Ltd.

SANGFOR IAM v2.1 User Manual

Preface

About This Manual

The IAM2.1 User Manual includes the following chapters:

Chapter

Describe…

Chapter 1 IAM

Installation

The product appearance, function features and performance

parameters of IAM gateway device, and wiring and cautions before

installation.

Chapter 2 Console

How to use the console and the general operation on the console.

Chapter 3 System

Status

How to configure the device-related options, including status

displays, license, gateway mode, network interface, multi-node

synchronization, WEBUI, system date and time, backup/restore,

reboot, maintenance and update.

Chapter 4 Object

Some related objects of IAM gateway and configuration of each of

them, including the internal application/intelligent identification rules,

user-defined identification rules, URL group, IP group, service, time

schedule, white list group, keyword group, file type group, ingress

rule, and SSL certificate.

Chapter 5 Firewall

How to configure the firewall rules of the IAM gateway, as well as

the SNAT (source network address translation) rule and DNAT

(destination network address translation) rule.

Chapter 6 WAN

Optimization

How to configure WAN optimization module to achieve WAN

optimization (acceleration).

Chapter 7 IAM

How to configure the access control policies, authentication method,

organization structure, etc., of the IAM gateway.

Chapter 8 Bandwidth

Management

How to view the bandwidth related information, and configure the

bandwidth channel policy as well as bandwidth rule for line and

virtual line.

Chapter 9 Delayed

Email Audit

How to configure the email audit policy for some specified emails.

Chapter 10 Internet

AccessAudit

The internet access audit information, including viewing the internet

access statistics in real time, log maintenance and Data Center

settings, etc.

Table of contents

Other Sangfor Gateway manuals

Sangfor

Sangfor IAM11.2 User manual

Popular Gateway manuals by other brands

Telecom FM

Telecom FM onestream gfx Programming guide

UfiSpace

UfiSpace LoRa GPE810U Quick setup guide

Merak

Merak MMk-736F Quick setup guide

Robustel

Robustel R3010 user guide

turck

turck BL20-PG-EN-V3 user manual

IBM

IBM Security Web Gateway Appliance quick start guide

SSS Siedle

SSS Siedle Smart Gateway Commissioning instructions

ADTRAN

ADTRAN 424RG Installation

Chorus

Chorus Hyperfibre XGS-250WX-A user guide

Dragino

Dragino G308 user manual

Data Domain

Data Domain DD690g Installation and setup guide

Raritan

Raritan Laptop Release notes

Haivision

Haivision Torpedo quick start guide

ATCOM

ATCOM AG-268 user manual

LST

LST M500RFE-AS Specification sheet

Vega

Vega VEGA BS-3 user manual

Kinnex

Kinnex Media Gateway quick start guide

2N Telekomunikace

2N Telekomunikace 2N StarGate user manual

Sangfor IAM 2.1 User manual

Popular Gateway manuals by other brands