advertisement
Installation
2.2.2. Configuring Security Manager
The rest of the configuration will use the WebAdmin interface, accessed through a standard web browser (e.g., MS Internet Explorer) from your administration PC:
1. Start your Browser and open WebAdmin:
Before you can access the WebAdmin interface, you must make sure that your browser is configured correctly. Please see in chapter 4.6.1 on page 167 for more details.
Once your browser is correctly configured, start it and enter the management address of the Novell Security Manager (the internal IP address configured for eth0) as follows: https://IP Address.
(In the example from step 6 above, this would be https://192.168.2.100)
A security notice will appear. When you generate a certificate for
WebAdmin in a later step, this notice will disappear.
Further information on generating and installing certificates can be found in chapter 4.1.9 on page 72.
For now, simply accept the security notice by clicking the Yes button.
The first time you start WebAdmin, two windows will open: the first contains the License Agreement, and the second is used for Setting
System Passwords.
2. Complete the License Agreement:
In the License Agreement window, accept the terms of the license by clicking the I agree to the terms of the license selection box.
Note:
Please read the terms of the license carefully.
3. Set the System Passwords:
In the Setting System Passwords window, enter the passwords for
Novell Security Manager.
Security Note:
Use a secure password! Your name spelled backwards is, for example, not a secure password – while something like xfT35$4 would be.
You will only be able to start WebAdmin once you have entered passwords for the functions listed below. Enter the password for each service, and then re-enter it in the text field labeled Confirm. The
usernames are pre-defined, and cannot be changed.
22
Installation
WebAdmin user: access to WebAdmin
This user is called admin.
Shell Login user: access to SSH
This user is called loginuser.
Shell Administrator user: administrator privileges in the entire
Security Manager.
This user is called root.
4. Log in to WebAdmin:
User: admin
Password: Password of the WebAdmin user
Please note that passwords are case-sensitive!
Click Login.
Note:
Please follow steps 5 through 16 in the order listed below.
Security Note:
Use different passwords for the Shell Login and Shell
Administrator users.
Configuration Manager User (optional): You need this password, if you wish to configure Novell Security Manager with the Configuration
Manager.
Boot Manager (optional): If set, the password will prevent unauthorized users from changing boot-time parameters.
Confirm the entered passwords by clicking Save.
5. Uploading the License Key:
In the System tab, open the Licensing menu and upload the license
key under the License File window.
Note:
When using a license with the High Availability (HA) option, you must import the License Key to both Security Managers (Normal and
Hot Standby mode).
For more information on Licensing, see chapter 4.1.2 on page 38.
6. Configure Basic Settings:
In the System tab, open the Settings menu and enter the following setting:
Administrator E-Mail Addresses: Enter the e-mail address of the administrator here.
23
Installation
You can find further information about these functions in chapter 4.1.1 on page 34.
In the Network tab, open the Hostname/DynDNS menu and enter the following settings in the General System Settings window:
Hostname: Enter the Hostname for Novell Security Manager.
A domain name may contain alphanumeric characters, periods, and hyphens. The end of the name must be a valid top-level domain, such as “com”, “de”, or “org”. The Hostname will be included in all
Notification E-Mails.
Save the settings by clicking Save.
7. Configure the internal Network Interface (eth0):
In the Network tab, open the Interfaces menu and check the settings for eth0 network card.
The settings for this network card are based on the information entered during the software installation. After starting Novell Security
Manager, they are shown in the Current Interface Status window.
If you wish to change settings for this card, for example changing the configured name, please open the Edit Interface window by clicking the edit button and make these changes now.
Attention:
If you change the IP address of the eth0 network card, you will be locked out of WebAdmin.
The configuration of network cards and virtual interfaces is described in chapter 4.3.2 on page 93.
8. Configure the internal Network:
In the Definitions tab, open the Networks menu and check the settings for the internal network. Three logical networks were defined during installation based on your settings for the internal network card (eth0):
The interface Internal (Interface), consisting of the defined IP address (example: 192.168.2.100) and the host network mask
255.255.255.255.
The broadcast network Internal (Broadcast), consisting of the broadcast address (example: 192.168.2.255) and the host network mask 255.255.255.255.
24
Installation
The internal network Internal (Network), consisting of the defined
IP address (example: 192.168.2.0) and the defined network mask
(example: 255.255.255.0).
Defining new Networks is described in chapter 4.2.1 on page 80.
9. Configure the external Network Card:
In the Network tab, open the Interfaces menu and configure the interface to be used to connect to the external network (Internet). The choice of interface and the required configuration depend on what kind of connection to the Internet you will be using.
The configuration of network cards and virtual interfaces is described in chapter 4.3.2 on page 93.
10. Define Masquerading Rules:
If you wish to use private IP addresses for your internal network and wish to connect directly (without proxies) to the Internet, you can now establish the relevant rules in the Network/ NAT/Masquerading menu.
More information about DNAT, SNAT and Masquerading can be found in chapter 4.3.5 on page 123.
IP routing entries for networks directly connected to Novell Security
Manager’s network cards (Interface Routes) will be added automatically.
If required, you can also define routing entries manually using the
Routing menu. This will, however, usually only be necessary in complex network environments.
11. Configure the DNS Proxy:
In order to speed up name resolution, you can specify a local DNS
name server (or one provided by your ISP) in the Proxies/DNS menu. Otherwise, Novell Security Manager will automatically use the
root name servers.
If you wish to use the proxy, you should configure the DNS Proxy settings now.
More information about configuring the DNS Proxy can be found in chapter 4.6.4 on page 208.
12. Connect other Networks:
If you wish to connect other internal networks to Novell Security
Manager, attach their cables now.
13. Configure the HTTP Proxy:
If computers on the internal network should use the HTTP proxy to connect to the Internet, open the HTTP menu in the Proxies tab and click Enable.
25
Installation
It might be necessary to configure the browsers to allow the computers in the internal network to access the Internet by using the
HTTP proxy afterwards - e.g. if the proxy was configured for the standard operation mode.
The configuration of the HTTP proxy is described in more detail in chapter 4.6.1 on page 167.
14. Configure the Packet Filter:
In the Rules menu under the Packet Filter tab, you can establish packet filtering rules.
By default, all packets are filtered until you explicitly enable certain services. New rules are added to the bottom of the list, and are inactive until explicitly enabled. The rules are processed starting with the first and moving down the list, stopping at the first applicable rule.
To activate a rule, click the status light once – the status light will turn green.
Please note that, because Novell Security Manager uses Stateful
Inspection, only the connection-building packets need be specified.
All response packets will automatically be recognized and accepted.
Configuring the Packet Filter is described in chapter 4.5 on page 152.
15. Debug Packet Filter Rules:
With the Packet Filter Live Log function In the Packet Filter/
Advanced menu, you can see which packets the packet filter is filtering. If you have problems after installing your Security Manager, this information can be helpful in debugging your filtering rules.
The Packet Filter Live Log function is described in chapter 4.5.3 on page 163.
16. Install System and Virus Scanner Updates:
You should download and install the latest System Up2Dates as soon as possible.
If you have a license for the Virus Protection option, you should also run the Pattern Up2Date system.
The Up2Date Service option is described in chapter 4.1.3 on page
40.
When you’ve completed these steps, the initial configuration of your
Security Manager is complete. Click the Exit tab to leave WebAdmin.
Problems
If you have problems completing these steps, please visit the Novell
Support Forum at: http://support.novell.com/forums/2sm.html
26
advertisement
