advertisement
1
Introduction to Norman Network Protection Appliance
The Norman Network Protection Appliance provides a front-end protection solution for your entire local area network or segment of your internal network.
Norman Network Protection is powered by Linux and provides additional security by using the Norman SandBox technology.
2
Checking the Package Contents
You will find the following items in your Network Protection Appliance package:
1. Norman Network Protection Appliance
2. A quick setup guide (this document)
3. An AC power cable
4. Two (2) category 6 ethernet standard cable (color “Green”)
5. One (1) category 6 ethernet standard cable (color ”Blue”)
6. A bootable USB memory stick containing recovery software
(Behind the frontbezel)
If an item is missing from the package, contact your reseller immediately.
3
Appliance Overview
The Norman Network Protection Appliance consists of three (3) Network Interface
Cards. The NICs (named “Eth1” and “Eth2”) are used for traffic inspection (inside and outside interfaces). These interfaces do not need any IP-address
The third interface (named “Eth0”) is used as an interface towards the Linux console, the NNP command line console and the web administration interface. This interface needs an IP-address.
Front R210
Front R610
1. Power-on indicator, power button
2. NMI button
3. USB connectors (2)
Back R610
4. Video connector
5. LCD menu buttons
6. LCD panel
7. System identification button
8. Hard drives (6)
9. Optical drive (optional)
10. System identification panel
1 Power-on indicator, power button
2 NMI button
3 Video connector
4 Hard drive activity indicator
5 Diagnostic indicator lights (4)
Back R210
6 System status indicator
7 System identification button
8 USB connectors (2)
9 System identification panel
10 Optical drive (optional)
1 iDRAC6 Enterprise port (optional)
2 VFlash media slot (optional)
3 Ethernet connectors (2)
4 serial connector
5 video connector
6 eSATA
7 USB connectors (2)
8 Ethernet connectors (2)
9 System status indicator light
10 System identification button
11 System identification connector
12 Power supply
13 Retention clip
4
1. iDRAC6 Enterprise port
(optional)
2. VFlash media slot
3. Serial connector
4. PCIe slot 1
5. Video connector
6. USB connectors (2)
7. PCIe slot 2
8. Ethernet connectors (4)
9. System status indicator connector
10. System status indicator
11. System identification button
12. Power supply 1 (PS1)
13. Power supply 2 (PS2)
Network Planning Worksheet
Host name:
Network Protection Primary IP address:
Network Protection subnet:
Default Gateway:
DNS Suffix:
DNS Server 1:
DNS Server 2:
Network speed:
Duplex (inside NIC):
Duplex (outside NIC):
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
. . .
5
Deployment Strategy
The Norman Network Protection Appliance can be deployed almost anywhere in your network. If you already know where to place the Norman Network
Protection Appliance please skip this part, and go on to chapter 6.
If you are uncertain where to deploy the Norman Network Protection Appliance please consider one of the below scenarios.
1. Scan traffic to/from the Internet
In this deployment scenario Norman Network Protection scans supported traffic to/from the Internet.
2. Scan traffic to/from an DMZ
In this deployment scenario Norman Network Protection scans supported traffic to/ from the DMZ from both the internal LAN and Internet.
3. Scan traffic between LANs or segments
In this deployment scenario Norman Network Protection scans supported traffic to/ from the Internet in addition to traffic to/from computers from different segments.
4. Scan traffic in one or more VLAN(s):
In this deployment scenario
Norman Network Protection scans supported traffic comming from VLAN computers marked with red, in addition to traffic going to/from segments on each side of the router.
Norman Network Protection
6
Power up your Network Protection Appliance
1. Connect the power cable from the power source (typically an UPS) to the power jack (while facing the back of the appliance). The power cable is included with the appliance packaging.
7
Basic Configuration for the Network Protection Appliance
IMPORTANT: Do not connect the in and out interfaces to your network before you have completed the configuration.
1. Connect a monitor and an USB-keyboard to the Network Protection Appliance.
2. Power up the Network Protection Appliance.
3. When the device has finished booting up follow the instructions as described below. When asked, use the details from your “Network Planning Worksheet” as described in chapter 4.
If you have been provided a newer NNP version as ISO image or on USB please follow the instructions provided.
Press 1 or Enter to start the installation.
Checking installation archives
The installer will check the integrity of the installation archive.
Admin interface setup
To be able to manage your NNP an IP-address is necessary. Now it’s time to use your Network
Planning Worksheet. Insert the details in the appropriate fields.
Keyboard layout
Select your keyboard layout, then click Next .
Installing files from archive
The installation will resume.
Click Details to see a more verbose output.
Root password
Enter your desired password. This password is the same for both the web based admin interface, and the Linux console, so please don’t lose it.
Timezone
Select your timezone by first selecting your continent, then your country.
Configuring the network cards
NNP appliance comes with four NICs, but only three will be used in this round. To assist you in identifying the NICs you can use the
When pressing this button the LEDs on the corresponding NIC will start blinking, correctly identifying the NIC to the ethx.
Identify function.
The default for NNP NIC configuration is one admin
NIC and two Bridge NICs.
Complete
Congratulations, your installation is done. Click Reboot and start your NNP.
to finish
5. After finishing the configuration wizard connect the device to the network as described in the next chapter
8
Completing the Web based Setup Wizard
IMPORTANT: Do not power up the appliance before connecting it to the network.
1. Connect only the Admin interface to the appropiate switch in your network. Make sure this is accessible from your network, and that it is not connected behind the “Eth1” interface.
2. From another computer connect to the IP-address of the appliance on port 2868.
Example: http://<Network Protection Appliance-IP>:2868
3. Your are now prompted for a username and password.
Username and password default settings
User: admin
Password: admin
Step 1: Start the setup wizard
Step 3: Providing the license key
The license key enables Network Protection to be updated with signature and scanner engine updates. The license key is provided to you by your local vendor. If a license key was not included when you purchased Network Protection, please contact your local vendor or your local Norman office.
Step 4: Configuring Network Protection operation mode
Scan
This is the most used option. By selecting this option all traffic on supported protocols will be scanned for malware.
Sites blocked will be blocked for
The period for which a URL is blocked can be changed with this option. The default value is 1 week. Select the desired value for the period a blocked URL/Path should remain blocked.
Note: This value can also be changed individually per blocked URL in the “Blocked
URL” menu.
Max. file size for scanning
This option allows you to change the default limit for the file sizes Network Protection Appliance should scan. The default value is 32MB. All files larger than the set value will not be scanned.
Block files larger than max size
Check this option to block files that are larger than the maximum allowed filesize.
Step 5: Configuring protocol scanning options
Step 2: Restricting access to the web interface
You can restrict access to the Norman Network Protection web-interface either to single IP-addresses or subnets. The syntax for entering IP-addresses is:
192.168.0.4/255.255.255.0
This entry will accept access from the single IP-address 192.168.0.4
192.168.0.0/255.255.255.0
This entry will accept access from the entire subnet 192.168.0.0
These setting will determine how NNP will operate. Please select the preferred mode.
Log only
This option will detect and log malware, but will not block it. Please use with caution.
Bypass
This option allows all traffic to be transferred through Norman Network Protection without being scanned. Using this option will result in no traffic or incident statistics.
Block
This option will effectively block all traffic from being transferred through Norman
Network Protection. This option is known as the “Panic button”.
Note:
Please use this option with care as absolutely all traffic in the segment/network where Network Protection Appliance is installed will be blocked.
Step 8: Handling messages Example:
If this option is selected and a computer creates a connection to a Citrix server, this will not be visible in the log because the ICA protocol is not supported for scan.
• Purge logs older than:
Provides an option to delete logs that are older than the value selected. This functionality can prevent your hard drive from being filled up with legacy logs.
Note:
Even though traffic logs are purged after 1 or 60 days, traffic statistics will still be available in the management interface. Norman Network Protection stores digests of all logs, enabling a digest traffic statistics, all the way back to the installation of Norman Network Protection in your network.
Step 7: How to inform users that they have been blocked
Provides options for how Norman Network Protection should notify users that are blocked from a network path. (This option applies only to HTTP traffic).
• Display the text below.
Insert the text you want to display to the users and use HTML-tags to format the text.
• Redirect to a customized HTML page on a reachable web server.
Provides, for example, the option of redirecting users to an HTML page on an internal web server. This enables you to create a very specific HTML page where the design, layout and text can be customized to your company colors and logo.
Provides the option of sending e-mail messages about selected events.
• Enable e-mail messages
Forward messages as e-mail.
Mail recipients
Enter the e-mail addresses for the notification recipients.
• Click Add to enter the e-mail address for a recipient.
• Select an address from the list and click Remove selected to delete an existing address
SMTP server settings
The SMTP server address, name or IP-address, for the e-mail server recipient of the
SMTP message.
Note:
If you insert the SMTP server name make sure that DNS settings are verified for the installed operating system. Otherwise please use the IP-address.
Port
The default SMTP port is 25, which is the correct value unless you explicitly have selected another port.
These settings decides how each protocol is handled. If you are not sure which scan setting to use for a certain protocol, set it to bypass for now. You can always change the scan settings later.
Note: Please set all protocols to “Bypass” before connecting the appliance to the network. When the appliance is connected to your network you can make the necessary changes for each protocol.
Protocol scanning options
Bypass Traffic on this protocol will pass through without being scanned.
Block Traffic on this protocol will not be allowed through NNP.
Minimal Scan Traffic will be scanned using traditional signature scanning.
Archive files are not scanned.
Sandbox is not used.
Medium scan Traffic will be scanned using traditional signature scanning.
Archive files are scanned.
Sandbox is not used.
Sandbox scan Traffic will be scanned using traditional signature scanning.
Archive files are not scanned.
Sandbox is used.
Full Scan Traffic will be scanned using traditional signature scanning.
Archive files are scanned.
Sandbox is used.
Step 6: Selecting logging options
Provides options for enabling and handling Norman Network Protection logs. The main logs are the Traffic log and the Incident logs. These log options only affect the
Traffic log.
• Enable logging/statistics
Select this option to log all traffic, meaning all connections transferred through Norman Network Protection are logged to a file. If not selected this option disables all traffic statistics.
• Log only supported protocols
Select this option to reduce the number of log entries. Only supported protocols are logged, and all other connections are disregarded. The supported protocols are:
HTTP, FTP, SMTP, POP3, TFTP, RPC, IRC, CIFS/SMB
Step 10: Reviewing the configuration Reply-to address
Enter the e-mail address that a recipient can reply to, for example the system administrator.
Mail message body
Subject
The title of the e-mail, for example “Message from NNP”.
Common appended text
Enter the text to include as the default e-mail footnote text.
Step 9: Setting Internet Update options
Step 9: Setting Internet Update options
Norman Internet Update will keep your definition files and sanner engine up to date.
The options for automatic updates are:
Update manually
Norman Internet Update will never run. All updates must be done manually with the
Update now option.
Automatic update at set intervals
Update intervals: 6 hours, 12 hours, 1 day.
Note:
It is recommended to set the Automatic update interval to 6 hours.
Once the setup wizard is done, Norman Network Protection is ready for use!
9
Connecting Norman Network Appliance to your network
Connect the interface named “Eth1” to the inside of your network, and the interface named “Eth2” to the outside of your network, based on the network scenario you selected in chapter 5.
Note:
Remember to schedule this installation to a time of day when interrupted network connections can be accepted.
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement