SG PCI Appliance Quick Setup. Secure Computing SG570, SG300, SG560, SG565, SG550, SG530, SG580, SG575
Add to My manuals341 Pages
Secure Computing SG570 is a rack-mountable network security appliance that provides comprehensive protection for enterprise networks. It offers a wide range of features including firewall, intrusion detection, virtual private networking, and web filtering. SG570 is ideal for businesses that need to secure their networks from a variety of threats.
advertisement
![SG PCI Appliance Quick Setup. Secure Computing SG570, SG300, SG560, SG565, SG550, SG530, SG580, SG575 | Manualzz SG PCI Appliance Quick Setup. Secure Computing SG570, SG300, SG560, SG565, SG550, SG530, SG580, SG575 | Manualzz](http://s1.manualzz.com/store/data/000870178_1-2932692d9012d2b033dc8054b1d13b44-360x466.png)
SG PCI Appliance Quick Setup
Unpack the SnapGear unit
Check that the SG CD is included with your appliance:
On the SnapGear unit is a single 10/100 network port, a Reset button, and four LEDs
(lights). The LEDs provide information on the operating status of your SnapGear unit.
The two LEDs closest to the network port indicate network link and network activity.
The two LEDs furthest from the network port indicate Power and Heart Beat. The Heart
Beat LED blinks when the SnapGear unit is running. The Power LED is ON when power is applied.
Install the SnapGear unit in an unused PCI slot
Power off your PC and remove its cover.
Select an unused PCI slot and insert the SnapGear unit.
Power on your PC.
Install the network driver on your PC
The SnapGear unit is automatically detected and the appropriate driver is installed when
Windows starts up. It is detected as a Realtek RTL8139-series Fast Ethernet Adapter.
Note
You can check that a new network adapter has been installed by clicking Start >
(Settings >) Network and Dialup Connections > Local Area Connection (possibly followed by a number) > Properties and ensure the adapter is listed in the Connect
using field.
Getting Started
34
Set up your PC to connect to the web management console
Note
The following steps assume you want to set up your SnapGear unit in bridged mode, so that it sits between your PC and the LAN, transparently filtering network traffic.
If you want to set up your SnapGear unit for NAT mode or to connect directly to your ISP,
refer to Network Address Translation (NAT) on page 148.
The SnapGear unit ships with initial network settings of:
IP address:
Subnet mask:
192.168.0.1
255.255.255.0
Next, modify your PC’s network settings to enable it to communicate with the SnapGear unit.
Click Start > (Settings >) Control Panel and double-click Network Connections.
Right-click on Local Area Connection (or appropriate network connection for the newly installed PCI appliance) and select Properties.
Select Internet Protocol (TCP/IP) and click Properties.
35
Getting Started
Select Use the following IP address and enter the following details:
IP address:
Subnet mask:
192.168.0.100
255.255.255.0
Leave the Default gateway and DNS server addresses blank.
Set up the SnapGear unit’s password and network connection settings
Launch your web browser and navigate to 192.168.0.1.
Select Network Setup from the Networking menu.
A login prompt is displayed. Enter the initial user name and password for the SnapGear unit:
User name: root
Password: default
Note
If you are unable to connect to the management console at 192.168.0.1, or the initial user name and password are not accepted, press the Reset button on the SnapGear unit’s rear panel twice, wait 20 – 30 seconds, and try again.
Pressing Reset twice within 2 seconds resets the SnapGear unit to its factory default settings
Enter and confirm a password for your SnapGear unit. This is the password for the user
root, the main administrative user account on the SnapGear unit. It is therefore important that you choose a password that is hard to guess, and keep it safe.
Getting Started
36
Note
The new password takes effect immediately. You are prompted to enter it when completing the next step.
In the row labeled Bridge, click the Modify icon.
Note
The purpose of this step is to configure the IP address for the web management console.
For convenience, this is generally a free IP address on your LAN.
If your LAN has a DHCP server running, you may set up the SnapGear unit and your
PC to obtain their network settings automatically. Proceed to Automatic configuration.
Otherwise, you must manually specify network settings for both the SnapGear unit and your PC. Proceed to Manual configuration.
Automatic configuration
Before continuing, ensure your DHCP server has two free leases. One is used for the web management console, the other for your PC.
Note
It is strongly recommended that you reserve the IP address to be used by the web management console using the SnapGear unit’s MAC address. In bridged mode, this is the top MAC address of the three displayed on the SnapGear unit itself.
Getting Started
37
Check DHCP assigned. Anything in the IP Address and Subnet Mask fields is ignored.
Click Update.
Click Start > (Settings >) Control Panel and double-click Network Connections.
Right-click Local Area Connection (or appropriate network connection for the newly installed PCI appliance) and select Properties.
Select Internet Protocol (TCP/IP) and click Properties and click Properties.
Getting Started
38
Check Obtain an IP address automatically, check Obtain DNS server address
automatically and click OK.
Attach your SnapGear unit’s Ethernet port to your LAN’s hub or switch.
Quick setup is now complete.
Manual configuration
Ensure you have two free IP addresses that are part of the subnet range of your LAN, and ensure you know your LAN’s subnet mask, and the DNS server address and gateway address used by PCs on your LAN.
Note
Contact your network administrator if you are unsure of any of these settings.
The first IP address is used by the web management console.
Getting Started
39
Enter this address as the IP Address, and the subnet mask for your LAN as the Subnet
mask.
Ensure DHCP assigned is unchecked.
You may also enter one or more DNS Server(s) and a Gateway address to be used by the SnapGear unit, not your PC, for access to the Internet. Typically this is not necessary, as only your PC needs to access the Internet.
Click Update.
Next, configure your PC with the second IP address in the same manner you would as if it were connected to the LAN with a regular network interface card.
Click Start > (Settings >) Control Panel and double-click Network Connections.
Right-click Local Area Connection (or appropriate network connection for the newly installed PCI appliance) and select Properties.
Select Internet Protocol (TCP/IP) and click Properties.
Getting Started
40
Enter the following details:
IP address is the second free IP address that is part of your LAN’s subnet range.
Subnet mask is you LAN’s subnet mask.
Default gateway is your LAN’s default gateway IP address.
Preferred DNS server is the IP address of the DNS server used by PCs on your
LAN.
Click OK.
Attach your SnapGear unit’s Ethernet port to your LAN’s hub.
Quick setup is now complete.
Disabling the reset button on your SnapGear PCI appliance
For convenience, the SnapGear unit ships with the rear panel Reset button enabled.
This allows the SnapGear unit’s configuration to be reset to factory defaults.
From a network security standpoint, it may be desirable to disable the Reset switch after initial setup has been performed. This is accomplished by removing the jumper linking
CON2 on the SnapGear unit. This jumper is labeled Remove Link to Disable Erase.
Getting Started
41
advertisement
Key Features
- Advanced firewall with stateful packet inspection
- Intrusion detection and prevention system
- Virtual private networking (VPN) support
- Web filtering and content control
- Load balancing and failover
- High availability clustering
Related manuals
Frequently Answers and Questions
What is the maximum number of VPN tunnels that the SG570 can support?
Does the SG570 support IPv6?
Can the SG570 be managed remotely?
advertisement
Table of contents
- 7 SG Gateway Appliances (SG3xx, SG5xx Series)
- 8 Front panel LEDs
- 9 Rear panel
- 9 Specifications
- 10 SG Rack Mount Appliances (SG7xx Series)
- 11 Front panel LEDs
- 11 Front panel
- 12 Rear panel
- 12 Specifications
- 13 SG PCI Appliances (SG6xx Series)
- 13 Bridged mode
- 14 Secure by default
- 14 LEDs
- 15 Specifications
- 18 SG Gateway Appliance Quick Setup
- 18 Unpack the SnapGear unit
- 19 Set up a single PC to connect to the SnapGear unit
- 21 Set up the SnapGear unit’s password and LAN connection settings
- 24 Set up the SnapGear unit’s Internet connection settings
- 25 Set up the SnapGear unit’s switch
- 26 Connect the SnapGear unit to your LAN
- 26 Set up your LAN to access the Internet
- 27 Automatic configuration of your LAN
- 28 Automatic configuration of your LAN using an existing DHCP server
- 28 Manual configuration of your LAN
- 29 SG Rack Mount Appliance Quick Setup
- 29 Unpack the SnapGear unit
- 30 Set up a single PC to connect to the SnapGear unit
- 32 Set up the SnapGear unit’s password and LAN connection settings
- 34 Connect the SnapGear unit to your LAN
- 35 Set up the PCs on your LAN
- 35 Automatic configuration of your LAN
- 36 Automatic configuration of your LAN using an existing DHCP server
- 37 Manual configuration of your LAN
- 38 Set up the SnapGear unit’s Internet connection settings
- 40 SG PCI Appliance Quick Setup
- 40 Unpack the SnapGear unit
- 40 Install the SnapGear unit in an unused PCI slot
- 40 Install the network driver on your PC
- 40
- 41 Set up your PC to connect to the web management console
- 42 Set up the SnapGear unit’s password and network connection settings
- 43 Automatic configuration
- 45 Manual configuration
- 47 Disabling the reset button on your SnapGear PCI appliance
- 48 The SnapGear Management Console
- 48 Help
- 48 Backup/restore configuration
- 49 Configuring Connections
- 50 Multifunction vs. Fixed-function Ports
- 50 SG710, SG710+: Multifunction Switches and Ports
- 51 SG560, SG565 and SG580: Multifunction Ports
- 51 All Other SG Models: Fixed-function Ports
- 52 Direct Connection
- 52 Network settings
- 53 Firewall class
- 53 Ethernet configuration
- 54 Interface aliases
- 55 IPv6
- 55 ADSL
- 57 PPPoE
- 58 PPTP
- 58 DHCP
- 58 Manually assign settings
- 59 Connection (dial on demand)
- 60 Ethernet configuration
- 60 Aliases
- 60 Cable Modem
- 61 Ethernet configuration
- 61 Aliases
- 61 Dialout and ISDN
- 62 Port settings
- 62 Static addresses
- 62 Aliases
- 62 Connection (dial on demand)
- 62 Dial-in
- 62 Dial-in setup
- 65 Connecting a dial-in client
- 68 Failover, Load Balancing and High Availability
- 68 Configure Internet connections
- 69 Internet Failover
- 70 Edit connection parameters
- 72 Modify failover levels (primary, secondary, tertiary)
- 74 Internet Load Balancing
- 75 Enabling load balancing
- 75 Limitations of load balancing
- 76 High Availability
- 78 Enabling high availability
- 79 DMZ Network
- 80 Configuring a DMZ connection
- 80 Services on the DMZ network
- 81 Guest Network
- 82 Configuring a Guest connection
- 83 Wireless
- 83 Configuring a wireless connection
- 84 Basic wireless settings
- 86 Wireless security
- 86 WEP security method
- 87 WEP with 802.1X
- 87 WPA-PSK (aka WPA-Personal) security method
- 88 WPA-Enterprise
- 88 ACL (Access Control List)
- 89 WDS
- 91 Advanced
- 93 Connecting wireless clients
- 97 Bridging
- 98 Adding a bridge interface
- 99 Edit bridge configuration
- 100 Bridging across a VPN connection
- 100 VLANs
- 101 Adding VLANs
- 102 Editing VLANs
- 102 Removing VLANs
- 103 Port Based VLANs
- 103 Tagged and untagged VLANs
- 104 Limitations of port based VLANs
- 104 Enabling port based VLANs
- 105 Adding port based VLANs
- 107 Editing port based VLANs
- 107 Removing port based VLANs
- 107 GRE Tunnels
- 108 Adding a GRE interface
- 108 GRE over IPSec
- 111 GRE troubleshooting
- 112 Routes
- 112 Static routes
- 112 Policy routes
- 113 Route management
- 113 RIP
- 116 OSPF
- 118 BGP
- 121 System
- 121 Hostname
- 121 Workgroup/domain
- 121 Administrative contact
- 121 Device location
- 122 DNS
- 122 DNS proxy
- 123 Dynamic DNS
- 123 Static hosts
- 124 DHCP Server
- 124 DHCP configuration
- 125 DHCP addresses
- 125 Address list
- 126 Adding and removing addresses
- 127 Reserving IP addresses
- 127 DHCP status
- 128 DHCP Proxy
- 129 Web Cache
- 129 Enabling the web cache
- 129 Selecting a cache size
- 130 Storage
- 130 Local storage
- 131 Network storage share
- 133 Set up LAN PCs to use the web cache
- 133 Peers
- 134 ICAP client
- 135 Advanced
- 136 Web cache with access control
- 136 Transparent web cache with access control
- 136 QoS Traffic Shaping
- 137 QoS autoshaper
- 137 QoS traffic shaping
- 139 IPv6
- 139 SIP
- 140 Configuring the SIP proxy
- 141 Incoming Access
- 142 Administration services
- 143 Web Management
- 144 SSL/HTTPS (Secure HTTP)
- 145 Upload SSL certificates
- 145 Create SSL certificates
- 146 Customizing the Firewall
- 146 Definitions
- 147 Service groups
- 148 Addresses
- 149 Interfaces
- 150 Packet Filtering
- 150 Packet filter rules
- 152 Rate limiting
- 154 Custom firewall rules
- 154 Network Address Translation (NAT)
- 155 Port forwarding
- 158 Port forwarding to an internal mail server
- 160 Source NAT
- 163 1-to-1 NAT
- 164 Masquerading
- 165 Universal Plug and Play Gateway
- 165 Configuring the UPnP Gateway
- 166 Configuring UPnP rules from Windows XP
- 167 Connection Tracking
- 167 Configuring connection tracking
- 169 Intrusion Detection
- 169 The benefits of using an IDS
- 170 Basic Intrusion Detection and Blocking (IDB)
- 170 IDB Configuration
- 171 Dummy services
- 172 Advanced Intrusion Detection and Prevention (Snort and IPS)
- 173 Snort and IPS configuration
- 174 Logging to an analysis server (Snort IDS only)
- 175 Setting up the analysis server
- 177 Access Control and Content Filtering
- 177 How access controls are applied
- 177 Enabling access control
- 179 User authentication
- 180 Browser setup
- 181 ACL
- 182 Web lists
- 182 Policy
- 185 Content filtering
- 185 Obtaining a content filtering license
- 185 Content or Webwasher?
- 186 Webwasher
- 187 Content
- 188 Antivirus
- 189 Enable antivirus
- 190 Storage
- 190 Network share
- 193 Local storage
- 193 POP email
- 193 Scan all POP email
- 195 Scan POP email for specific clients only
- 196 SMTP email
- 197 Web
- 198 FTP
- 200 PPTP and L2TP
- 200 PPTP VPN Server
- 200 Enable the PPTP server
- 202 Add a PPTP user account
- 202 Set up the remote PPTP client
- 203 Windows 2000 PPTP client setup
- 205 Windows XP PPTP client setup
- 207 Connect the remote VPN client
- 208 L2TP VPN Server
- 208 L2TP server setup
- 210 Add an IPSec tunnel
- 212 Add an L2TP user account
- 212 Configure the remote L2TP client
- 215 Connect the remote VPN client
- 215 PPTP and L2TP VPN Client
- 217 IPSec
- 217 SnapGear unit to SnapGear unit
- 218 Quick Setup
- 218 Enable IPSec
- 221 Set Up the Branch Office
- 221 Enable IPSec
- 222 Configure a tunnel to connect to the headquarters office
- 222 Tunnel settings page
- 225 Local endpoint settings
- 226 Other options
- 228 Other options
- 230 Phase 1 settings
- 231 Other options
- 232 Phase 2 settings page
- 233 Configuring the Headquarters
- 233 Enable IPSec
- 233 Configure a tunnel to accept connections from the branch office
- 233 Tunnel settings page
- 234 Local endpoint settings page
- 234 Remote endpoint settings page
- 235 Phase 1 settings page
- 235 Phase 2 settings page
- 236 Tunnel List
- 236 Connection
- 236 Remote party
- 236 Status
- 239 NAT Traversal Support
- 239 Dynamic DNS Support
- 239 Certificate Management
- 240 The OpenSSL application
- 240 Extracting certificates
- 241 Creating certificates
- 241 Create a CA certificate
- 242 Create local certificate pairs
- 242 Using certificates with Windows IPSec
- 243 Add certificates
- 244 IPSec Failover
- 253 IPSec Troubleshooting
- 256 Port Tunnels
- 257 Tunnel server
- 258 Tunnel client
- 260 Attach the USB device
- 260 USB Mass Storage Devices
- 261 Share the storage device
- 261 Set access permissions
- 263 Join a Windows workgroup
- 264 Partitioning a USB mass storage device
- 267 USB Printers
- 267 Set up the print server
- 268 Set up the print spool
- 269 Join a Windows workgroup
- 269 Set up Windows PCs for remote printing
- 273 LPR / LPD setup
- 273 Printer Troubleshooting
- 273 Print driver installation fails
- 273 Printer shows up in Printers and Faxes, but printing fails
- 274 Printing still fails
- 274 USB Network Devices and Modems
- 275 Date and Time
- 275 Manually setting date and time
- 276 Network time
- 276 Synchronizing with an NTP server
- 276 Adding an NTP peer
- 277 Locality
- 277 Backup/Restore Configuration
- 278 Remote backup/restore
- 278 Local backup/restore
- 279 Text save/restore
- 280 Users
- 280 Administrative users
- 282 Local Users
- 283 RADIUS
- 284 TACACS+
- 285 Management
- 285 GCC
- 286 CMS
- 287 SNMP
- 288 Diagnostics
- 288 Diagnostics
- 288 System log
- 289 Local syslog
- 289 Remote syslog
- 290 Email delivery
- 291 Network tests
- 291 USB
- 291 Packet Capture
- 292 Advanced
- 292 Reboot and Reset
- 292 Reboot device
- 292 Erase configuration
- 293 Reset button
- 293 Disabling the reset button on your SG PCI appliance
- 293 Flash upgrade
- 294 Netflash
- 294 Flash upgrade via HTTP
- 294 Flash upgrade via TFTP
- 295 Configuration Files
- 295 Edit files
- 296 Upload file
- 296 Support
- 297 Technical support report
- 305 Access Logging
- 307 Creating Custom Log Rules
- 310 Rate Limiting
- 311 Administrative Access Logging
- 311 Boot Log Messages
- 314 Recovery using Netflash
- 316 Recovery using a BOOTP server
- 318 Units with a hardware clock
- 318 Units without a hardware clock
- 319 Enable null modem dial-in on the SnapGear unit
- 319 Connect the null modem cable
- 319 Enable null modem dialout of the local PC
- 320 Troubleshooting