Secure Computing SG550 Manuel d'utilisateur Page 161
- Page / 297
- Table des matières
- DEPANNAGE
- MARQUE LIVRES
Noté. / 5. Basé sur avis des utilisateurs
Firewall
157
Check Enabled.
Select the network Interface to monitor (Snort IDS only). This is typically Internet, or
possibly DMZ.
Check Use less memory to restrict Snort's memory usage (Snort IPS only). This results
in slower signature detection throughput, but may be necessary if the device is
configured to run many services, many VPN tunnels, or both Snort IDS and IPS.
Rule sets are sets of defined patterns or rules used for the detection of attacks. These
are grouped by type such as ddos, exploit, backdoor, netbios, etc. Each group
encompasses many attack signatures. The full list of signatures can be viewed at the
Snort web site (http://www.snort.org).
Note
The more rule sets that are selected, the greater load is imposed on the device.
Therefore a conservative rather than aggressive approach to adding rule sets should be
followed initially.
Logging to an analysis server (Snort IDS only)
Typically, Snort in IDS mode is configured to log intrusion attempts to a remote database
server, which in turn runs an analysis console. An analysis console, such as BASE
(Basic Analysis and Security Engine), is an application purpose built for analyzing this log
output.
- Secure Computing SG 1
- User Manual 1
- Contents 2
- 1. Introduction 5
- Front panel LEDs 6
- Rear panel 7
- Front panel 9
- Specifications 10
- Bridged mode 11
- Secure by default 12
- Document Conventions 14
- 2. Getting Started 15
- Unpack the SG unit 16
- Set up the SG unit’s switch 23
- Set up the PCs on your LAN 33
- SG PCI Appliance Quick Setup 37
- Automatic configuration 40
- Manual configuration 41
- The SG Management Console 44
- 3. Network Setup 45
- Direct Connection 48
- Firewall class 49
- Ethernet configuration 49
- Interface aliases 50
- Manually assign settings 54
- Connection (dial on demand) 55
- Cable Modem 56
- Dialout and ISDN 57
- Port settings 58
- Static addresses 58
- Aliases 58
- Dialin setup 58
- Connecting a dialin client 60
- Internet Failover 65
- Edit connection parameters 66
- Internet Load Balancing 69
- Enabling load balancing 70
- High Availability 72
- Enabling high availability 73
- Advanced configurations 74
- DMZ Network 75
- Guest Network 76
- Wireless 79
- Basic wireless settings 80
- Wireless security 81
- WEP security method 82
- ACL (Access Control List) 83
- Connecting wireless clients 87
- Bridging 90
- Adding a bridge interface 91
- Edit bridge configuration 92
- Adding VLANs 95
- Editing VLANs 95
- Port Based VLANs 96
- Adding port based VLANs 98
- GRE Tunnels 100
- GRE over IPSec 101
- GRE troubleshooting 104
- Static routes 104
- Route management 105
- Hostname 112
- Workgroup/domain 113
- Administrative contact 113
- Device location 113
- DNS proxy 113
- Dynamic DNS 114
- DHCP Server 115
- DHCP addresses 116
- Address list 116
- Reserving IP addresses 118
- DHCP status 118
- Web Cache 119
- Enabling the web cache 120
- Selecting a cache size 120
- Storage 120
- Local storage 121
- Network storage share 121
- ICAP client 124
- Advanced 125
- QoS Traffic Shaping 127
- ToS traffic shaping 128
- Configuring the SIP proxy 130
- 4. Firewall 131
- Administration services 132
- Web Server 133
- SSL/HTTPS (Secure HTTP) 134
- Customizing the Firewall 135
- Definitions 136
- Addresses 137
- Interfaces 138
- Packet Filtering 139
- Rate limiting 142
- Custom firewall rules 143
- Port forwarding 144
- Source NAT 149
- 1-to-1 NAT 151
- Masquerading 152
- Configuring the UPnP gateway 153
- Connection Tracking 155
- Intrusion Detection 156
- The benefits of using an IDS 157
- IDB Configuration 158
- Dummy services 159
- Snort and IPS configuration 160
- Enabling access control 164
- User authentication 165
- Browser setup 167
- Web lists 169
- Content filtering 170
- Content or Webwasher? 171
- Content 172
- Webwasher 173
- ZoneAlarm 174
- Antivirus 175
- Enable antivirus 176
- Network storage 177
- POP email 180
- Scan all POP email 180
- SMTP email 182
- PPTP and L2TP 187
- PPTP VPN Server 187
- Add a PPTP user account 189
- Setup the remote PPTP client 189
- Windows XP PPTP client setup 192
- L2TP VPN Server 195
- Add an IPSec tunnel 197
- Add an L2TP user account 199
- PPTP and L2TP VPN Client 202
- SG unit to SG unit 204
- Set Up the Branch Office 205
- Tunnel settings page 206
- Local endpoint settings 209
- Other options 210
- Phase 1 settings 214
- Phase 2 settings page 216
- Enable IPSec 217
- Local endpoint settings page 218
- Phase 1 settings page 219
- Tunnel List 220
- NAT Traversal Support 223
- Dynamic DNS Support 223
- Certificate Management 223
- The OpenSSL application 224
- Extracting certificates 224
- Create a CA certificate 225
- Creating certificates 225
- Add certificates 227
- IPSec Failover 228
- IPSec Troubleshooting 238
- Port Tunnels 241
- Tunnel client 242
- 6. USB 244
- Share the storage device 245
- Set access permissions 245
- Join a Windows workgroup 247
- USB Printers 251
- Set up the print spool 252
- Printer Troubleshooting 257
- 7. System 259
- Backup/Restore Configuration 260
- Local backup/restore 261
- Text save/restore 262
- Administrative users 263
- Local Users 265
- TACACS+ 266
- Management 267
- Diagnostics 270
- System log 271
- Local syslog 271
- Remote syslog 271
- Email delivery 272
- Reboot and Reset 273
- Reboot device 274
- Erase configuration 274
- Reset button 274
- Flash upgrade 275
- Netflash 276
- Flash upgrade via HTTP 276
- Flash upgrade via TFTP 276
- Configuration Files 277
- Support 278
- Appendix A – Terminology 279
- Appendix B – System Log 285
- Creating Custom Log Rules 287
- Rate Limiting 290
- Boot Log Messages 291
- Practices and Precautions 292
- Failed Upgrade 294
© 2020, manymanuals.fr. Tous droits réservés | 0.101 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Commentaires sur ces manuels