Symantec 460R Administration Guide

Symantec 460R - Gateway Security Manual

Get Symantec 460R - Gateway Security PDF manuals and user guides
UPC - 037648245234
View all Symantec 460R manuals
Add to My Manuals
Save this manual to your list of manuals

Symantec 460R manual content summary:

  • Symantec 460R | Administration Guide - Page 1
    Symantec™ Gateway Security 400 Series Administrator's Guide Supported models: Models 420, 440, 460, and 460R
  • Symantec 460R | Administration Guide - Page 2
    for virus outbreaks and security alerts. Symantec technical support offerings include: ■ A range of support options that give you the flexibility to select the right amount of service for any size organization ■ Telephone and Web support components that provide rapid response and up-to-the-minute
  • Symantec 460R | Administration Guide - Page 3
    IP address information ■ Problem description ■ Error messages/log files ■ Troubleshooting performed prior to contacting Symantec ■ Recent software configuration changes and/or network changes Customer Service To contact Enterprise Customer Service online, go to www.symantec.com/techsupp, select the
  • Symantec 460R | Administration Guide - Page 4
  • Symantec 460R | Administration Guide - Page 5
    12 Antivirus policy enforcement (AVpe 12 Static content filtering ...12 Intrusion detection and intrusion prevention (IDS and IPS 12 LiveUpdate support ...12 Managing Symantec Gateway Security 400 Series locally 12 Managing Symantec Gateway Security 400 Series through SESA 13 Intended audience
  • Symantec 460R | Administration Guide - Page 6
    56 Defining computer groups ...57 Defining inbound access ...58 Defining outbound access ...59 Outbound rule example ...60 Configuring services ...61 Redirecting services ...61 Configuring special applications ...62 Configuring advanced options ...64 Enabling the IDENT port ...64 Disabling NAT mode
  • Symantec 460R | Administration Guide - Page 7
    firmware manually ...102 Checking firmware update status ...104 Backing up and restoring configurations 105 Resetting the appliance ...106 Interpreting LEDs ...107 LiveUpdate and firmware upgrade LED sequences 108 Troubleshooting About troubleshooting ...109 Accessing troubleshooting information
  • Symantec 460R | Administration Guide - Page 8
    Outbound Rules tab field descriptions 142 Services tab field descriptions ...142 Special 157 Antivirus Policy field descriptions ...158 Content Filtering field descriptions ...159 Joining security gateways the Symantec Management Console 166 Troubleshooting problems when joining SESA 166 Leaving
  • Symantec 460R | Administration Guide - Page 9
    enforcement (AVpe) ■ Static content filtering ■ Intrusion detection and intrusion prevention ■ LiveUpdate support Key features All features are integrated security for wireless LANs. LiveUpdate of firmware strengthens the Symantec Gateway Security 400 Series security response, making it an ideal
  • Symantec 460R | Administration Guide - Page 10
    and other outbound traffic. Static content filtering Symantec Gateway Security 400 Series supports content filtering for outbound traffic using allow and in real-time, letting you respond rapidly to the attacks. LiveUpdate support Symantec Gateway Security 400 Series incorporates patented LiveUpdate
  • Symantec 460R | Administration Guide - Page 11
    's Guide for details on using the Symantec Management Console. Symantec Advanced Manager for Security Gateways (Group 2) v2.1 Symantec Advanced By collecting and formatting information from Symantec and third-party supported products, the Symantec Event Manager consolidates and normalizes security
  • Symantec 460R | Administration Guide - Page 12
    400 Series functionality is described in the following manuals: ■ Symantec™ Gateway Security 400 Series Administrator's Guide The guide you are reading describes how to configure the firewall, VPN, AntiVirus policy enforcement (AVpe), content filtering, IDS, IPS, LiveUpdate, and all other features
  • Symantec 460R | Administration Guide - Page 13
    , and issues and workarounds. Network security best practices Symantec encourages all users and administrators to adhere to the following security practices: ■ Turn off and remove unneeded services. By default, many operating systems install auxiliary services that are not critical, such as an FTP
  • Symantec 460R | Administration Guide - Page 14
    14 Introducing the Symantec Gateway Security 400 Series Network security best practices
  • Symantec 460R | Administration Guide - Page 15
    Use one of the following supported Web browsers to connect to SGMI instructions in the Symantec Gateway Security 400 Series Quick Start Card or the Symantec Gateway Security 400 Series Installation Guide of serial (modem) ports 420/440 1 4 1 460/460R 2 8 1 To connect to the SGMI You can
  • Symantec 460R | Administration Guide - Page 16
    options Right pane menu tabs Online help button Command buttons Right pane content Note: The wireless features do not appear in the SGMI until a compatible Symantec Gateway Security WLAN (Wireless Local Area Network) Access Point option is properly installed and configured. See the
  • Symantec 460R | Administration Guide - Page 17
    services, organize computer groups, map services to ports, and customize connectivity for internal network nodes. Wireless Control the wireless functionality supported Filtering Control allow or deny lists with which you can filter appliance log file. ■ Troubleshooting Enable testing tools and
  • Symantec 460R | Administration Guide - Page 18
    the SGMI to set the password. See the Symantec Gateway Security 400 Series Installation Guide for more information about setting up the appliance. of the firmware resets the password to password. See "Upgrading firmware manually" on page 100. Note: You should change the administration password on
  • Symantec 460R | Administration Guide - Page 19
    Password text box, type the password. Passwords are case-sensitive. 3 In the Verify Password text box, type the password again. 4 Click Save. To manually reset the password 1 On the back of the appliance, press the reset button for 10 seconds. 2 Repeat the procedure to configure a password. See "To
  • Symantec 460R | Administration Guide - Page 20
    configuration. Figure 2-2 Remote management SGMI 192.168.0.2 Symantec Gateway Security 400 Series appliance 192.168.0.3 Protected devices , check Allow Remote Firmware Upgrade. The default is disabled. See "Upgrading firmware manually" on page 100. 5 Click Save. 6 To access the SGMI remotely,
  • Symantec 460R | Administration Guide - Page 21
    Administering the security gateway 21 Managing the security gateway using the serial console Managing the security gateway using the serial console You can configure or reset the security gateway through the serial port using the null modem cable that is supplied with the security gateway.
  • Symantec 460R | Administration Guide - Page 22
    22 Administering the security gateway Managing the security gateway using the serial console 9 After the terminal session has been established, on the rear panel of the appliance, quickly press the reset button. 10 At the Select? prompt, do one of the following: Local IP Address Type 1 to change
  • Symantec 460R | Administration Guide - Page 23
    the configuration procedure. See the Symantec Gateway Security 400 Series Installation Guide for worksheets to help you plan the configuration process. Symantec Gateway Security 400 Series models 420 and 440 have one WAN port to configure. Models 460 and 460R appliances have two WAN ports that
  • Symantec 460R | Administration Guide - Page 24
    deployed in your network. Figure 3-1 shows a network diagram of a Symantec Gateway Security 400 Series connected to the Internet. The termination point type. This is a device that may be provided by your Internet Service Provider (ISP), or a network switch. The computer used for appliance
  • Symantec 460R | Administration Guide - Page 25
    of the larger internal network from unauthorized internal users. Enclave traffic from the protected network passes through the Symantec Gateway Security 400 Series appliance and through the Symantec Gateway Security 5400 Series appliance to the Internet. Figure 3-2 Connection to an intranet
  • Symantec 460R | Administration Guide - Page 26
    . For details on managing with the Symantec management console, see the Symantec Event Manager and Advanced Manager for Security Gateways (Group 2) v2.1 Administrator's Guide. Figure 3-3 Parallel networks Symantec Gateway Security 400 Series Symantec Gateway Security 400 Series SGMI Protected
  • Symantec 460R | Administration Guide - Page 27
    3-4 shows the addition of wireless clients, connecting to the Symantec wireless LAN card using VPN tunnels. In this scenario, each the WAN port (called WAN 1 on model 460/460R) is connected to an active network, the Setup Wizard guides you through configuring LiveUpdate and setting the administrator
  • Symantec 460R | Administration Guide - Page 28
    Setup window, click Run Setup Wizard. See the Symantec Gateway Security 400 Series Installation Guide for more information. Note: To change the language appliances Symantec Gateway Security 400 Series models 460 and 460R appliances have two WAN ports, WAN 1 and WAN 2. Models 460 and 460R support
  • Symantec 460R | Administration Guide - Page 29
    connected to a terminal adaptor. Table 3-2 and Table 3-3 describe the supported connection types. including the following information: ■ The Connection type column on the Main Setup tab or in the Setup Wizard. ■ The Services column defines the types of accounts or protocols that are associated with
  • Symantec 460R | Administration Guide - Page 30
    Connection Type, click DHCP. ■ Click Save. 3 For models 460 and 460R, do the following: ■ To select a connection type for connect or disconnect your PPPoE account manually or automatically. This is useful to three sessions for each WAN port on models 460 and 460R. LAN hosts are bound to a session on
  • Symantec 460R | Administration Guide - Page 31
    Setup tab, under Connection Type, click PPPoE. ■ Click Save. 3 For models 460 and 460R, do the following: ■ In the right pane, on the Main Setup tab, manually to your PPTP account" on page 35. 9 From the Service drop-down list, select a PPPoE service. You must click Query Services to select a service
  • Symantec 460R | Administration Guide - Page 32
    connect or disconnect from your PPPoE account. For models 460 and 460R, you can manually control the connection for either WAN port. This is useful to troubleshoot the connection to the ISP. To manually control your PPPoE account You can manually control your PPPoE account through the SGMI. See
  • Symantec 460R | Administration Guide - Page 33
    requests to the specified DNS server for name resolution. The appliance supports up to three DNS servers. When you specify multiple DNS servers , and up to three, domain name servers. ■ Click Save. 5 For models 460 and 460R, do the following: ■ Under WAN1 (External), in the Connection Type drop-down
  • Symantec 460R | Administration Guide - Page 34
    creating a tunnel over a TCP/IP-based network. Symantec Gateway Security 400 Series appliances act as a PPTP access tab, under Connection Type, click PPTP. ■ Click Save. 3 For models 460 and 460R, do the following: ■ Under WAN1 (External), in the Connection Type drop- Manual Control, click Connect.
  • Symantec 460R | Administration Guide - Page 35
    connect to or disconnect from your PPTP account. For models 460 and 460R, you can manually control the connection for either WAN port. This is helpful for troubleshooting connectivity. To manually connect to your PPTP account For models 420 and 440, you can connect or disconnect to your PPTP
  • Symantec 460R | Administration Guide - Page 36
    serial port on the rear panel of the models 460 and 460R appliances. Figure 3-5 Rear panel of Symantec Gateway Security models 420 and 440 appliances Serial port Figure 3-6 Rear panel of Symantec Gateway Security models 460 and 460R appliances Serial port Before configuring the appliance to use
  • Symantec 460R | Administration Guide - Page 37
    , type the IP address or fully-qualified domain name of the site to check connectivity. 3 Under Modem Settings, click Save. Controlling your dial-up account manually You can force the appliance to connect or disconnect from your dial-up account. This is helpful for verifying connectivity. To
  • Symantec 460R | Administration Guide - Page 38
    WAN/ISP. 2 In the right pane, on the Dial-up Backup & Analog/ISDN tab, under Manual Control, click Dial. 3 In the left pane, click Logging/Monitoring. 4 In the right pane, selected DHCP as your connection type, you can instruct the appliance to send a renew request, which tells the ISP to allocate
  • Symantec 460R | Administration Guide - Page 39
    requested by Symantec Technical Support. To configure advanced DHCP settings You can configure the idle renew time and manually force a DHCP Advanced tab, under Optional Connection settings, click Force Renew. 3 For models 460 and 460R, do one of the following: ■ To renew WAN1, on the Advanced tab
  • Symantec 460R | Administration Guide - Page 40
    dynamic DNS completely. See the Symantec Gateway Security 400 Series Release Notes for the list of supported services. When you create an account with 440, you can configure the WAN port to use dynamic DNS. For models 460 and 460R, you can configure WAN1, WAN2, or both ports to use dynamic DNS.
  • Symantec 460R | Administration Guide - Page 41
    the appliance sends its current IP address, host name, and domain to the service. Do this only if requested by Symantec Technical Support. For models 420 and 440, you can force a dynamic DNS update for the WAN port. For models 460 and 460R, you can force a dynamic DNS update for WAN1, WAN2, or both
  • Symantec 460R | Administration Guide - Page 42
    , click Disable. 3 For models 460 and 460R, do the following: ■ On the Dynamic DNS tab, under Service Type, in the WAN Port drop-down list, select the WAN port to disable. ■ Click Disable. 4 Click Save. Configuring routing If you install Symantec Gateway Security 400 Series appliances on a network
  • Symantec 460R | Administration Guide - Page 43
    optional network settings, which identify the appliance to a network. Note: Models 420 and 440 appliances have one WAN port, and do not support high availability, load balancing, and bandwidth aggregation. High availability On dual-WAN port appliances, you can configure each WAN port to failover
  • Symantec 460R | Administration Guide - Page 44
    high availability mode. The options are Normal, Off, and Backup. The default for WAN 2 is Backup. 3 Click Save. Load balancing Symantec Gateway Security 400 Series models 460 and 460R appliances each have two WAN ports. On these appliances, you can configure HA/LB between the two WAN ports. You can
  • Symantec 460R | Administration Guide - Page 45
    to the serial port, which is connected to a modem. On model 460 or 460R, if one of the WAN ports fails, the security gateway fails over to on page 35 to configure failover for a dial-up account. See "Connecting manually to your PPPoE account" on page 32 to configure a echo request for accounts
  • Symantec 460R | Administration Guide - Page 46
    (DHCP) services. You can clone your computer's adapter address to connect to your ISP with the Symantec Gateway Security 400 Series appliances. This is called MAC cloning or masking. For models 420 and 440, you configure the settings for the WAN port. For models 460 and 460R
  • Symantec 460R | Administration Guide - Page 47
    Configuring a connection to the outside network 47 Configuring advanced WAN/ISP settings 3 For models 460 and 460R, do the following: ■ To configure WAN1 or WAN 2, in the right pane, on the Main Setup tab, under Optional Network Settings, under WAN1 (External) or
  • Symantec 460R | Administration Guide - Page 48
    48 Configuring a connection to the outside network Configuring advanced WAN/ISP settings
  • Symantec 460R | Administration Guide - Page 49
    assignments Configuring LAN IP settings LAN settings let you configure your Symantec Gateway Security 400 Series appliance to work in a new or IP address. Note: Models 420 and 440 have four LAN ports, while models 460 and 460R have eight LAN ports. For each port, you must specify the port settings
  • Symantec 460R | Administration Guide - Page 50
    to computers on the LAN without manually assigning each computer its own IP support may vary depending on your traffic characteristics. Table 4-1 Default DHCP IP address ranges Model 420, 440 460, 460R may want to assign static IP addresses to some services. For example, if you have a Web server
  • Symantec 460R | Administration Guide - Page 51
    wireless connection using VPN technology. See the Symantec Gateway Security 300/400 Series Wireless Implementation Guide. Once a port assignment is set, engine unless it was specifically designated for it. This option does not support client VPN tunnels terminating at the LAN. When a LAN port is
  • Symantec 460R | Administration Guide - Page 52
    52 Configuring internal connections Configuring port assignments 2 In the right pane, on the Port Assignments tab, under Physical LAN Ports, from the Port numbers dropdown list, select a port assignment. 3 Click Save. The appliance reboots when the port settings are saved. To restore port assignment
  • Symantec 460R | Administration Guide - Page 53
    to configure. See Appendix A in the Symantec Gateway Security 400 Series Installation Guide. Before configuring the security gateway's firewall privileges? ■ What types of services do you want to make available to internal users? ■ What standard application services do you want to make available
  • Symantec 460R | Administration Guide - Page 54
    : To find the MAC address of a Microsoft Windows-based computer, at a DOS prompt, type ipconfig /all and look for the physical address. On models 460 and 460R, you can restrict the computer to use only one of the WAN ports. This is useful if you have two broadband accounts, one on each
  • Symantec 460R | Administration Guide - Page 55
    page 54. You can configure the following properties for a computer group: ■ Antivirus policy enforcement See "How antivirus policy enforcement (AVpe) works" on page 81. ■ Content filtering See "Advanced network traffic control" on page 81. ■ Access control See "Defining inbound access" on page 56.
  • Symantec 460R | Administration Guide - Page 56
    : ■ Warn Only ■ Block Connections 4 To enable content filtering, check Enable Content Filtering, and then select one of the following: ■ Use Allow security gateway supports a maximum of 25 inbound rules. When creating inbound rules, you must specify the applications server, the service, protocols,
  • Symantec 460R | Administration Guide - Page 57
    to the computer group, all other traffic is denied unless there is a specific rule to let it pass. Following are the predefined outbound services: ■ DNS ■ FTP ■ HTTP ■ HTTPS ■ Mail (SMTP) ■ Mail (POP3) ■ RADIUS Auth ■ Telnet ■ VPN IPSec ■ VPN PPTP ■ LiveUpdate ■ SESA Server ■ SESA Agent ■ RealAudio1
  • Symantec 460R | Administration Guide - Page 58
    outbound rule enabled for FTP service for computer group 2 would allow the members of group 2 outbound FTP service. If computer group 1 no longer need it. You can also temporarily disable outbound access for troubleshooting or controlling traffic. See "Outbound Rules tab field descriptions" on page
  • Symantec 460R | Administration Guide - Page 59
    traffic is selected from the list of predefined services and custom services. Note: On models 460 and 460R, FTP application servers must be bound to a are two types of protocols used by services: TCP and UDP. The port range specifies which port filter can communicate on the appliance. For protocols
  • Symantec 460R | Administration Guide - Page 60
    port number. Redirect only applies to inbound rules. If you are creating a service for an outbound rule, leave the Redirect to Port(s) text boxes blank. host. Certain applications with two-way communication (such as games and video conferencing) need ports open in the firewall. Normally, you open
  • Symantec 460R | Administration Guide - Page 61
    Network traffic control 61 Configuring special applications incoming port range for that computer. Once the communication is done, the appliance starts listening again so that another computer can trigger the ports to be opened for it. Port triggers can be used very quickly (milliseconds), but for
  • Symantec 460R | Administration Guide - Page 62
    control Configuring advanced options Configuring advanced options Symantec Gateway Security 400 Series has several If you experience time-outs when using your mail (SMTP) service, enabling the IDENT port may correct this problem. To enable the IDENT Port See "Advanced tab field descriptions"
  • Symantec 460R | Administration Guide - Page 63
    each of which results in still more responses. This filter triggers when 63% of the WAN buffers are problems connecting from behind the security gateway, use the None setting. The following list includes the supported IPsec types: ■ 1 SPI ADI - Assured Digital ■ 2 SPI (default) Standard (Symantec
  • Symantec 460R | Administration Guide - Page 64
    IP Address text boxes, type the IP address of the host you want to expose. 4 In the Bind with WAN Port drop-down list (models 460 and 460R only), select the WAN port the exposed host is bound to. The default is WAN port 1. 5 In the Session drop-down list, select the
  • Symantec 460R | Administration Guide - Page 65
    Security 400 Series appliances support three types of VPN tunnels: gateway-togateway, client-to-gateway, and wireless client-to-gateway. To configure wireless client-to-gateway tunnels, see the Symantec Gateway Security 300/400 Series Wireless Implementation Guide. Securing your network connections
  • Symantec 460R | Administration Guide - Page 66
    renegotiation is referred to as quick mode renegotiation. Note: Symantec Gateway Security 400 Series does not support VPN tunnel compression. To create a gateway-to-gateway tunnel between a Symantec Gateway Security 400 Series appliance and a remote Symantec Gateway Security 5400 Series appliance or
  • Symantec 460R | Administration Guide - Page 67
    defined policy, or you can create your own using the VPN Policies tab. VPN policies group together common characteristics for tunnels, and allow rapid setup of additional tunnels with the same characteristics. The security gateway also includes a handful of commonly used VPN policies for both static
  • Symantec 460R | Administration Guide - Page 68
    authentication are not defined on the security gateway; they are defined on a RADIUS authentication server. You must configure the appliance to support remote administration of users with extended authentication. Defined users These users authenticate using a client ID (user name) and pre-shared key
  • Symantec 460R | Administration Guide - Page 69
    gateway uses for authentication should the primary server become unavailable. Authentication Port (UDP) Type the port on the RADIUS server on which the RADIUS service runs. Shared Secret or Key Type the RADIUS server key. 4 Click Save. 5 On the Client Tunnels tab, in the VPN Group drop-down list
  • Symantec 460R | Administration Guide - Page 70
    resources on each network available to the other. This type of tunnel is LAN-to-LAN, instead of user-to-LAN. The appliance supports gateway-to-gateway tunnel configurations. A gateway-to-gateway configuration is created when two security gateways are connected, through an internal network, or the
  • Symantec 460R | Administration Guide - Page 71
    on the appliance's LAN or WLAN ports. Supported gateway-to-gateway VPN tunnels The Symantec Gateway Security 400 Series appliance lets you configure Phase 1 Rekey). Static gateway-to-gateway configurations require you to manually enter tunnel parameters at each security gateway. Both ends must have
  • Symantec 460R | Administration Guide - Page 72
    problems if the remote security gateway tries to rekey first. Creating VPN tunnels to Symantec Gateway Security 5400 Series clusters To create a VPN tunnel to a Symantec Tunnels between Symantec Gateway 400 Series and Symantec Gateway Security 5400 Series appliances are supported in high-
  • Symantec 460R | Administration Guide - Page 73
    PPPoE ISP account, skip this step. 6 For models 460 and 460R, on the Local Endpoint drop-down list, select an defining a global tunnel to Symantec Enterprise Firewall or Symantec Gateway Security 5400 Series Policy (Phase 1 negotiation). You must manually type all of the information necessary to
  • Symantec 460R | Administration Guide - Page 74
    of the VPN. In addition, a Security Parameter Index (SPI) is manually typed and included with every packet transmitted between security gateways. The SPI is indicates the set of keys that belongs to each packet. Static tunnels support up to five remote subnets or a global tunnel can be enforced.
  • Symantec 460R | Administration Guide - Page 75
    have a multi-session PPPoE ISP account, skip this step. 5 For models 460 and 460R, on the Local Endpoint drop-down list, select the endpoint for the tunnel box, type the gateway address to be the gateway address of the Symantec Enterprise VPN. 12 Next to NetBIOS Broadcast, click Disable. 13 Next to
  • Symantec 460R | Administration Guide - Page 76
    a Symantec security gateway. Understanding Client-to-Gateway VPN tunnels Symantec Gateway Security 400 Series models 460 and 460R support client to secure their connections. See Symantec Gateway Security 300/400 Series Wireless Implementation Guide. When Symantec Client VPN begins to negotiate a
  • Symantec 460R | Administration Guide - Page 77
    WAN port, it is decrypted and sent out on the LAN. The appliance does not support the transmission of decrypted VPN traffic on the WAN port. This means that, if a global tunnel is defined between two Symantec Gateway Security 400 Series appliances, traffic is only allowed to pass between the LAN of
  • Symantec 460R | Administration Guide - Page 78
    name of the secondary DNS server. Domain Name System or Service (DNS) is an Internet service that translates domain names into IP addresses. 6 Optionally, in Group Binding name. The RADIUS Group Binding name must match the filter ID parameter returned from the RADIUS server. 11 To enable Antivirus
  • Symantec 460R | Administration Guide - Page 79
    -to-gateway VPN tunnels ■ To log a warning to the Symantec Gateway Security log that a user is connecting that is not they are not compliant with the AVpe policy, click Block Connections. 12 To enable content filtering, do the following: ■ Under VPN Network Parameters, in the Primary DNS text box
  • Symantec 460R | Administration Guide - Page 80
    80 Establishing secure VPN connections Monitoring VPN tunnel status Table 6-10 Client configuration information (Continued) Information Value RADIUS shared secret (user with extended authentication) (Optional) Phase 1 ID (Optional) Monitoring VPN tunnel status The VPN Status window lets you
  • Symantec 460R | Administration Guide - Page 81
    . For example, to restrict your users from seeing gambling sites, you configure content filtering to deny access to gambling URLs that you specify. AVpe monitors the AV configuration of supported Symantec connected policy masters and client workstations attempting to gain access to your corporate
  • Symantec 460R | Administration Guide - Page 82
    78. If content filtering and antivirus policy enforcement are enabled at the same time, content filtering takes precedence over antivirus or clients with a non-supported AV client in a computer group where AVpe is disabled. ■ If you plan to use Symantec AntiVirus Corporate Edition servers, obtain
  • Symantec 460R | Administration Guide - Page 83
    to query the antivirus server for updated virus definitions. 5 To force a manual update, click Query Master. 6 Under Policy Validation, next to Verify AV check a client's antivirus configuration to ensure it uses a supported Symantec antivirus product with the latest product scan engine. ■ Any
  • Symantec 460R | Administration Guide - Page 84
    84 Advanced network traffic control Configuring AVpe 7 To enable the appliance to validate whether a client is using the latest virus definitions, check Verify Latest Virus Definitions. 8 In the Query Clients Every text box, type an interval (in minutes) for the appliance to query clients to
  • Symantec 460R | Administration Guide - Page 85
    , you must configure each client before it can be validated using AVpe. Each client that you want to validate with AVpe must have a supported Symantec antivirus product installed in unmanaged mode. When you uninstall the client software, the registry keys that are created by this procedure are also
  • Symantec 460R | Administration Guide - Page 86
    with AVpe enabled, with connections blocked. Retry steps 1 through 4 above. About content filtering Symantec Gateway Security 400 Series supports basic content filtering for outbound traffic. You use content filtering to restrict the content to which clients have access. For example, to restrict
  • Symantec 460R | Administration Guide - Page 87
    list for specific sites. For example, to allow traffic to any Symantec site, add symantec.com to the allow list. This allows traffic to liveupdate.symantec.com, www.symantec.com, fileshare.symantec.com, and so on. Content filtering applies to all outbound traffic, not just HTTP (Web) traffic. To
  • Symantec 460R | Administration Guide - Page 88
    on either the allow or deny list. To view a list of URLs on the allow or deny list See "Content Filtering field descriptions" on page 157. 1 In the left pane, click Content Filtering. 2 Under Select List, under List Type, do one of the following: ■ To view the URLs on the Deny list
  • Symantec 460R | Administration Guide - Page 89
    , the security gateway still blocks any connection attempt to an unauthorized service for inbound connections, but the Trojan horse lookup is disabled and ). Matching packets are considered intrusion attempts and dropped. The Symantec Gateway Security 400 Series has signatures for, and can detect
  • Symantec 460R | Administration Guide - Page 90
    90 Preventing attacks Setting protection preferences ■ Teardrop ■ Winnuke ■ HTML buffer overflow ■ TCP/UDP flood protection Trojan horse notification Any attempt to connect to a blocked port that is commonly used by Trojan horse programs is logged and classified as a possible attack. The log
  • Symantec 460R | Administration Guide - Page 91
    tools, such as NMAP, use invalid TCP flag combinations to detect a firewall on a network or map the security policy implemented on the firewall. Symantec Gateway Security 400 Series blocks and logs any traffic with illegal flag combinations for traffic that is not being denied by the security policy
  • Symantec 460R | Administration Guide - Page 92
    92 Preventing attacks Enabling advanced protection settings
  • Symantec 460R | Administration Guide - Page 93
    sequences Managing logging The firewall, IDS, IPS, VPN, content filtering, and AVpe features log messages when certain events occur. You view the log messages through the SGMI, or forward them to external services. Log messages are maintained until the appliance is restarted. On all appliances
  • Symantec 460R | Administration Guide - Page 94
    ) ■ WAN Link up (connected) ■ WAN Link down (disconnected) A GET is a request from the SNMP server for status information from the Symantec Gateway Security 400 Series appliance. The appliance supports all SNMP v1 MIBS (information variables) using GETs. A TRAP collects status information set from
  • Symantec 460R | Administration Guide - Page 95
    ■ Verifying communication between the SNMP server and the Symantec Gateway Security 400 Series appliance. Before you begin problem or attack. If you select Debug information, performance may be affected by the number of messages that are created. You should select this option only for troubleshooting
  • Symantec 460R | Administration Guide - Page 96
    . Models 460 and 460R have a WAN 2 section for the second WAN port status. The information on the View Log tab is current when you click it. Conditions may change while you are viewing the screen. Refresh updates the View Log tab to display the most current messages. You can manually
  • Symantec 460R | Administration Guide - Page 97
    set of instructions that are coded Symantec Technical Support and applying it using the symcftpw tool. By default, LiveUpdate checks for updates at the end of the Setup Wizard. You may disable this feature. See the Symantec Gateway Security 400 Series Installation Guide. Warning: Performing a manual
  • Symantec 460R | Administration Guide - Page 98
    restarted, LiveUpdate checks for updates. Also, if you change the appliance from manual updates to automatic, LiveUpdate checks for updates at the next time you LiveUpdate Administration Utility and instructions for installation are available on the Symantec Technical Support Web page http://www
  • Symantec 460R | Administration Guide - Page 99
    SGMI Protected devices Internal LiveUpdate server Table 9-1 Location 1 2 3 LiveUpdate server configurations Description Symantec LiveUpdate server: http://liveupdate.symantec.com. This is the standard Symantec corporate LiveUpdate site which broadcasts firmware availability. It is the default
  • Symantec 460R | Administration Guide - Page 100
    you do not configure LiveUpdate to automatically download and apply firmware upgrades; or if you are instructed to manually perform an upgrade by Symantec Technical Support, you should check the Symantec Web for the latest version of the firmware. Your current firmware version number is available on
  • Symantec 460R | Administration Guide - Page 101
    a firmware update If manually flashing the firmware does not work, you can force the firmware on to the appliance. Do this only if flashing firmware as instructed in "Flashing the firmware" on page 100 does not work, or if you are instructed to do so by Symantec Technical Support. Use Figure 9-2 and
  • Symantec 460R | Administration Guide - Page 102
    firmware update. The last update shows the date and time (if an NTP service is available) of the last LiveUpdate check. This check may or may version of the firmware on the appliance if you plan to contact Symantec Technical Support. See "Status tab field descriptions" on page 118. To view
  • Symantec 460R | Administration Guide - Page 103
    significantly. Note: You should not use a configuration backup file from an older version of the firmware to restore your settings unless instructed to do so by Symantec Technical Support. The backup file is created in the same folder on your hard drive where you put the symcftpw application. In the
  • Symantec 460R | Administration Guide - Page 104
    panel of models 420 and 440 and Figure 9-5 shows the rear panel of models 460 and 460R. These figures are for reference only; the full description of each feature is available in the Symantec Gateway Security 400 Series Installation Guide. Figure 9-4 Model 420 or 440 rear panel Figure 9-5 Model
  • Symantec 460R | Administration Guide - Page 105
    400 Series Installation Guide. Figure 9-6 Symantec Gateway Security 400 Series appliance front panel Table 9-2 describes each LED. Table 9-2 LEDs Location Symbol Feature 1 Power Description Illuminates when the appliance is turned on. 2 Error Illuminates if there is a problem with the
  • Symantec 460R | Administration Guide - Page 106
    thrice Solid off Solid off Both flashing alternately Appliance status Normal operation. Transmitting/receiving Data from LAN. ■ MAC address not assigned. ■ Firmware problem. Appliance is ready for a forced download. ■ Appliance detected an error and cannot recover. Configuration mode. Hardware
  • Symantec 460R | Administration Guide - Page 107
    system events information in the log. Debug mode gives more detailed information in the status log that is useful for Symantec Technical Support or for troubleshooting. The default user mode provides general information about actions taken defined by the security policy. Warning: Enabling debug mode
  • Symantec 460R | Administration Guide - Page 108
    you either have an ISP link problem or a routing problem. 3 If you can PING Symantec Technical Support. Accessing troubleshooting information Use the following procedure to access troubleshooting information from the Symantec Knowledge Base. To access troubleshooting information 1 Go to www.symantec
  • Symantec 460R | Administration Guide - Page 109
    109 Accessing troubleshooting information 6 Click your specific product name and model. 7 On the knowledge base page for your appliance model, do any of the following: ■ On the Hot
  • Symantec 460R | Administration Guide - Page 110
    110 Troubleshooting Accessing troubleshooting information
  • Symantec 460R | Administration Guide - Page 111
    part of the Appliance. B make copies of the printed documentation which accompanies the Appliance as necessary to support Your authorized use of the Appliance; and C after written notice to Symantec and in connection with a transfer of the Appliance, transfer the Software on a permanent basis to
  • Symantec 460R | Administration Guide - Page 112
    filtering entered into a support agreement that includes Symantec warrants that the hardware component of the Appliance (the "Hardware") shall be free from defects in material and workmanship under normal use and service instructions or manuals; (vii) Your failure to implement, or to allow Symantec
  • Symantec 460R | Administration Guide - Page 113
    AGREEMENT requested RMA as long as we determine that You meet the conditions for warranty service. The allegedly defective Appliance, or component thereof, shall be returned to Symantec, securely and properly packaged, freight and insurance prepaid, with the RMA number prominently displayed on
  • Symantec 460R | Administration Guide - Page 114
    this Agreement, or if You desire to contact Symantec for any reason, please write: (i) Symantec Customer Service, 555 International Way, Springfield, OR 97477, USA, or (ii) Symantec Customer Service Center, PO BOX 5689, Dublin 15, Ireland. SYMANTEC GATEWAY SECURITY APPLIANCE (300/400 SERIES) CLIENT
  • Symantec 460R | Administration Guide - Page 115
    ON HOME COMPUTERS THAT MAY BE CONTAINED IN THE EULA SHALL NOT APPLY TO THE RIGHTS GRANTED UNDER THIS CERTIFICATE. 1. GRANT OF LICENSE. Symantec grants to Licensee a nonexclusive, nontransferable license to install and use the quantity of each title of the Software and the related user documentation
  • Symantec 460R | Administration Guide - Page 116
    116 Licensing SYMANTEC GATEWAY SECURITY APPLIANCE (300/400 SERIES) CLIENT-TO-GATEWAY VPN ADDITIVE LICENSE AND 8.0 MEDIA KIT
  • Symantec 460R | Administration Guide - Page 117
    descriptions ■ Content Filtering field descriptions Logging/Monitoring field descriptions The security gateway provides configurable system logging features and tabs for viewing the system logs and monitoring system status. It also has built-in testing tools for troubleshooting and connectivity
  • Symantec 460R | Administration Guide - Page 118
    118 Field descriptions Logging/Monitoring field descriptions Status tab field descriptions The Status tab shows the current conditions and settings of the security gateway. Table C-1 Status tab field descriptions Section WAN (External Port) (Single WAN port models) WAN 1 (External Port) (Dual
  • Symantec 460R | Administration Guide - Page 119
    Displays the factory firmware version or the firmware version from the most recent LiveUpdate or manual update. Displays the factory version or the most recent update. Displays the model number of of the packet. Displays the protocol name or number or additional troubleshooting information.
  • Symantec 460R | Administration Guide - Page 120
    outbound rules antivirus policy enforcement (AVpe), and content filtering. Connections Logs all connections allowed by inbound rules. useful for troubleshooting. Only use this option when you are troubleshooting a problem, and then disable it after you have solved the problem. NTP Server
  • Symantec 460R | Administration Guide - Page 121
    Broadcast Debug Level Forward WAN packets to LAN Enables forwarding of WAN packets to LAN. This is useful to check the WAN packets for troubleshooting without having to set up additional equipment. Testing Tools Target Host IP address or fully qualified domain name of host you are testing with
  • Symantec 460R | Administration Guide - Page 122
    specified SESA Manager. Click here to temporarily leave SESA management while leaving the SESA configuration intact. Click here to reconnect to the Symantec Management Console. A message warns that any configuration changes made while in local management mode may be overwritten. Click here to remove
  • Symantec 460R | Administration Guide - Page 123
    Field descriptions 123 Administration field descriptions Table C-6 Advanced Management tab field descriptions (Continued) Section Field Description Local SESA Agent Status Refresh Click Refresh to refresh the Local SESA Agent Status. Get Configuration Click Get Configuration to download
  • Symantec 460R | Administration Guide - Page 124
    address or fully qualified domain name of the LiveUpdate server from which to get firmware updates. The default address is http:// liveupdate.symantec.com. Enable Scheduler Enables the LiveUpdate scheduler. This lets you schedule times for the security gateway to automatically check for firmware
  • Symantec 460R | Administration Guide - Page 125
    Field descriptions 125 LAN field descriptions Table C-9 LiveUpdate tab field descriptions (Continued) Section Field Description Optional Settings Status HTTP Proxy Server Proxy Server Address Port User Name Password Last Update Last Update Version Enables the security gateway to contact the
  • Symantec 460R | Administration Guide - Page 126
    126 Field descriptions LAN field descriptions Table C-10 Section DHCP DHCP Table LAN IP & DHCP tab field descriptions (Continued) Field Description DHCP Server Clicking Enable makes the security gateway act as a DHCP server. To use another DHCP server, or if the clients use static IP addresses
  • Symantec 460R | Administration Guide - Page 127
    capabilities of the switch function on the security gateway, in addition to support for LAN-side global tunnels directly to the wireless interface. The security gateway and the client. WAN/ISP field descriptions The Symantec Gateway Security 300/400 Series WAN/ISP functionality provides connections
  • Symantec 460R | Administration Guide - Page 128
    ) WAN1 (External) or WAN2 (External) (Dual WAN port models) Optional Network Settings Fields Description Connection Type The following connection types are supported: ■ DHCP (Auto IP) Your ISP assigns you an IP address automatically each time you connect. ■ PPPoE Point-to-Point Protocol over
  • Symantec 460R | Administration Guide - Page 129
    Field descriptions 129 WAN/ISP field descriptions Static IP & DNS tab field descriptions Use the Static IP & DNS tab to configure the security gateway to connect to the Internet with a static IP address and DNS servers, or to connect to your intranet. Table C-13 Static IP and DNS tab field
  • Symantec 460R | Administration Guide - Page 130
    C-14 PPPoE tab field descriptions (Continued) Section Field Description Connection Choose Service User Information Manual Control Connect on Demand Idle Time-out Static IP Address Query Services Service User Name Password Verify Password Connect Disconnect Lets the security gateway create
  • Symantec 460R | Administration Guide - Page 131
    field descriptions (Continued) Section ISP Account Information Modem Settings Manual Control Field User Name Password Verify Password IP Address modem to connect to the dial-up account. If the security gateway is having trouble connecting, lower the line speed. The type of line for your account.
  • Symantec 460R | Administration Guide - Page 132
    132 Field descriptions WAN/ISP field descriptions Table C-15 Section Analog Status Dial-up or ISDN tab field descriptions (Continued) Field Port Status Physical Link PPP Link PPP IP Address Phone Line Speed Description Describes the status of the serial port on the security gateway where the
  • Symantec 460R | Administration Guide - Page 133
    Field Description Connection User Information Manual Control Connect on Demand Idle service. Options include: ■ TZO A dynamic DNS service. ■ Standard There are many standard dynamic DNS services. See the Symantec Gateway Security 300/400 Series Release Notes for the list of supported services
  • Symantec 460R | Administration Guide - Page 134
    mail exchanger you specify in the Mail Exchanger text box is used first; if it fails, the backup mail exchanger (supplied by the dynamic DNS service) takes its place. Mail exchangers specify the server that you want to handle email sent to a given domain name. For example, you have two domains
  • Symantec 460R | Administration Guide - Page 135
    Field descriptions 135 WAN/ISP field descriptions Table C-18 Routing tab field descriptions (Continued) Section Static Routes Field Route Entry Destination IP Netmask Gateway Interface Routing Table List Metric Destination Mask Gateway Interface Metric Description Select an entry from the
  • Symantec 460R | Administration Guide - Page 136
    136 Field descriptions WAN/ISP field descriptions Advanced tab field descriptions Use the Advanced tab to configure optional connection settings and the DNS gateway. Table C-19 Advanced tab field descriptions Section Load Balancing Optional Connection Settings PPP Settings DNS Gateway Field
  • Symantec 460R | Administration Guide - Page 137
    137 Firewall field descriptions Firewall field descriptions The Symantec Gateway Security 300/400 Series includes firewall technology Inbound Rules field descriptions ■ Outbound Rules tab field descriptions ■ Services tab field descriptions ■ Special Applications tab field descriptions ■ Advanced
  • Symantec 460R | Administration Guide - Page 138
    ■ Session 3 ■ Session 4 ■ Session 5 Only select a session if your ISP service includes multiple PPPoE sessions. Host List Host Name Name of the host (a computer on your client is allowed access to the Symantec Antivirus CE Server or LiveUpdate server to bring their virus definitions into
  • Symantec 460R | Administration Guide - Page 139
    the security gateway allows or blocks access to URLs contained in the Content Filtering allow and deny lists. For each group, options include: ■ Use Deny Rules List Field Rule Name Enable Rule Application Server Service Enabled? Name Service Description Select an inbound rule to edit or delete.
  • Symantec 460R | Administration Guide - Page 140
    be used in the outbound and inbound firewall rules on the Services tab. Table C-24 Services tab field descriptions Section Services Field Application Description Select an application for services to edit or delete. Supported applications include: ■ DNS ■ FTP ■ HTTP ■ HTTPS ■ Mail (SMTP) ■ Mail
  • Symantec 460R | Administration Guide - Page 141
    in the Application drop-down list. Name Name of the service. Protocol Protocol associated with the service. Listen on Start Port First port in the range on descriptions Certain applications with two-way communication (games, video or teleconferencing) require dynamic ports on the security
  • Symantec 460R | Administration Guide - Page 142
    142 Field descriptions Firewall field descriptions Table C-25 Special Applications tab field descriptions (Continued) Section Special Application Settings Special Application List Field Description Name Name of the special application. Enable Enables the special application for all computer
  • Symantec 460R | Administration Guide - Page 143
    in many responses, each of which results in still more responses. This filter triggers when 63% of the WAN buffers are taken up by broadcast packets instructed by Symantec Technical Support to change it. The None setting lets VPN clients be used in exposed host mode if they are having problems
  • Symantec 460R | Administration Guide - Page 144
    are used to allow a single user or a remote network access to the protected resources of another network. The Symantec Gateway Security 300/400 Series security gateways support two types of VPN tunnels: Gateway-to-Gateway and Client-to-Gateway. This section contains the following topics: ■ Dynamic
  • Symantec 460R | Administration Guide - Page 145
    VPN software typically negotiates in aggressive mode. The default value is Main Mode. Select a policy that dictates authentication, encryption, and timeout settings. The list contains Symantec pre-defined policies and any policies you created on the VPN Policies tab.
  • Symantec 460R | Administration Guide - Page 146
    and file sharing on a Microsoft Windows computer. A Windows Internet Naming Service (WINS) host is needed to accept the traffic. NetBIOS broadcast is the previously-defined VPN Gateway. This lets the Main office's firewall filter traffic before sending the request to the Internet. This provides your
  • Symantec 460R | Administration Guide - Page 147
    Field descriptions 147 VPN field descriptions Table C-27 Dynamic Tunnels field descriptions (Continued) Section Remote Security Gateway Field Gateway Address ID Type Phase 1 ID Pre-Shared Key Remote Subnet IP Mask Description IP address or fully qualified domain name of the remote gateway (the
  • Symantec 460R | Administration Guide - Page 148
    148 Field descriptions VPN field descriptions Static Tunnels tab field descriptions The Static Tunnels tab lets you configure static Gateway-to-Gateway VPN tunnels for the security gateway. Table C-28 Static Tunnel tab field descriptions Section IPSec Security Association Field VPN Tunnel
  • Symantec 460R | Administration Guide - Page 149
    previously-defined VPN gateway. This lets the Main office's firewall filter traffic before sending the request to the Internet. This provides your Primary WINS IP address of the primary WINS server. Windows Internet Naming Service (WINS) is a system that determines the IP address associated with a
  • Symantec 460R | Administration Guide - Page 150
    user must be a member of that group on the RADIUS Server. The filter ID returned from RADIUS must match this value to authenticate the user. When characters for this value is 31. It must match the remote Client ID in Symantec Client VPN software. You can add up to 50 client users. ISAKMP (IKE)
  • Symantec 460R | Administration Guide - Page 151
    policy to update or delete. You cannot delete Symantec predefined policies. Options include: ■ ike_default_crypto ■ do not need to select an encryption type. The AES options are not supported for IKE. Time, in minutes, before phase 2 renegotiation of new encryption and authentication keys
  • Symantec 460R | Administration Guide - Page 152
    152 Field descriptions VPN field descriptions Table C-31 Section VPN policies field descriptions (Continued) Field Data Volume Limit Inactivity Time-out Perfect Forward Secrecy Description Maximum number of kilobytes allowed through a tunnel before a rekey is required. The default value is
  • Symantec 460R | Administration Guide - Page 153
    value is 31 alphanumeric characters. VPN Policy VPN policy for VPN client tunnels for phase 2 tunnel negotiation. The list shows pre-defined Symantec policies and any policies you created on the VPN Policies tab. Enable Dynamic VPN Lets undefined VPN clients connect to the security gateway for
  • Symantec 460R | Administration Guide - Page 154
    154 Field descriptions IDS/IPS field descriptions IDS/IPS field descriptions The Symantec Gateway Security 300/400 Series provides intrusion detection and intrusion prevention (IDS/IPS). The IDS/IPS functions are enabled by default, and provide atomic packet
  • Symantec 460R | Administration Guide - Page 155
    Field descriptions 155 IDS/IPS field descriptions Table C-34 Section Protection List IDS Protection tab field descriptions (Continued) Field Description Attack Name Block and Warn Block/Don't Warn WAN WLAN/LAN Name of the IDS signatures. Displays Y for yes or N for no. Indicates if the Block
  • Symantec 460R | Administration Guide - Page 156
    virus definitions. Verify AV Client is Active When enabled, this field lets you verify that Symantec antivirus software is installed and active on a client's workstation. Options include: ■ Latest Product have the latest virus definitions applied. The default setting is 480 minutes (8 hours).
  • Symantec 460R | Administration Guide - Page 157
    the scan engine in the Symantec antivirus product that the client is using. Version of the client's most recent virus definitions. Content Filtering field descriptions The security gateway supports basic content filtering for outbound traffic. You use content filtering to restrict the content to
  • Symantec 460R | Administration Guide - Page 158
    Type a URL to add to the deny or allow list and then click Add. For example, www.symantec.com or myadultsite.com/mypics/me.html. The maximum length of a URL is 128 characters. Each filtering list can hold up to 100 entries. You add URLs one at a time. You must use a fully
  • Symantec 460R | Administration Guide - Page 159
    the following topics: ■ About joining SESA ■ Preparing to join SESA ■ Trusted certificates ■ Joining Symantec Gateway Security 400 Series to SESA ■ Logging on to the Symantec Management Console ■ Troubleshooting problems when joining SESA ■ Leaving SESA About joining SESA To join SESA, you use the
  • Symantec 460R | Administration Guide - Page 160
    procedures. SESA integration requires Public Key Infrastructure (PKI) services. SESA requires X.509 v3 certificate validation as part of Authority (CA). See the Symantec Event Manager and Advanced Manager for Security Gateways (Group 2) v2.1 Administrator's Guide for details. When SESA is
  • Symantec 460R | Administration Guide - Page 161
    join SESA: ■ SESA Manager IP address or fully qualified domain name ■ SESA logon name ■ SESA password Determining your options for joining SESA For Symantec Gateway Security 400 Series appliances, there are two options for joining a security gateway to SESA. The option that you use depends on the
  • Symantec 460R | Administration Guide - Page 162
    Join a security gateway to SESA for the purpose of logging and reporting events only. To join SESA Use one of the following procedures to join Symantec Gateway Security 400 Series appliances to SESA. To join the local security gateway to SESA using the default organizational unit 1 In the SGMI, in
  • Symantec 460R | Administration Guide - Page 163
    the right pane, on the Advanced Management tab, under Centralized management, click Centralized Monitoring (Alerting, Logging, and Reporting). 3 Under Symantec Enterprise Security Architecture (SESA) Registration, do the following: Management Server Type the IP address or the fully-qualified domain
  • Symantec 460R | Administration Guide - Page 164
    Logging on to the Symantec Management Console Once your security gateway joins SESA, you log on to the Symantec Management Console to begin managing box, type the SESA administrator's password. 5 Click Log On. Troubleshooting problems when joining SESA If the Join SESA procedure fails, verify the
  • Symantec 460R | Administration Guide - Page 165
    local management permanently 1 In the SGMI, in the left pane, click Administration. 2 In the right pane, on the Advanced Management tab, under Symantec Enterprise Security Architecture (SESA) Registration, click Leave SESA. If you want to return to SESA management after clicking Leave SESA, you must
  • Symantec 460R | Administration Guide - Page 166
    166 Joining security gateways to SESA Leaving SESA
  • Symantec 460R | Administration Guide - Page 167
    to escalate a single event or a group of events and to draw more attention to the events. alert threshold A setting on a rule that instructs the security gateway to monitor suspicious activity based on access attempts and time intervals. You can customize or disable the default threshold according
  • Symantec 460R | Administration Guide - Page 168
    filtering data rate data transfer data transmission data-driven attack denial of service 600 bps has twice the bandwidth of a modem that works at 28,800 bps. See also bps. An attack that uses multiple methods to transmit and spread. The damage caused by blended threats can be rapid . Symantec Gateway
  • Symantec 460R | Administration Guide - Page 169
    This eliminates having to manually assign IP addresses and host names, for example, symantec.com. Domain entities are board system (BBS), or an online service to one's own computer. See bus or star topology and supports data transfer rates of 100 filter events selectively before forwarding.
  • Symantec 460R | Administration Guide - Page 170
    So, for example, if you are running multiple services (Telnet, Web, FTP, and so on) -level domain name, so www.sesa.symantec.com is also an FQDN. FTP the main office firewalls can filter it before going to the Internet files (text, graphic images, sound, video, and other multimedia files) on the
  • Symantec 460R | Administration Guide - Page 171
    layer of network communication. IPSec provides two choices of security service: Authentication Header (AH), which essentially allows authentication of the sender of data, and Encapsulating Security Payload (ESP), which supports both the authentication of the sender and encryption of data as
  • Symantec 460R | Administration Guide - Page 172
    a large number of connection requests to a computer on the network, indicating an attempt either to break into a system or cause a denial of service attack. Unlike other intrusion detection systems, a NIDS is able to monitor numerous computers at once. NNTP (Network News Transfer Protocol) The
  • Symantec 460R | Administration Guide - Page 173
    in which attackers use software tools called port scanners to find services currently running on target systems. This is done by scanning the Internet. Remote users can access their corporate networks using any gateway that supports PPTP on its servers. Some ISPs use PPTP as an authentication method
  • Symantec 460R | Administration Guide - Page 174
    server group. When you perform a task at the server group level in Symantec System Center, the task runs on the primary server. The primary server from one coverage area to another without leaving the network or interruption of service. See also cell. The memory that is stored on the hard drive
  • Symantec 460R | Administration Guide - Page 175
    service level agreement services A logical statement that lets you respond to an event based on predetermined criteria. To execute a program or script. A computer that is running Symantec data transfer rate that both modems can support. pcAnywhere uses the asynchronous communications standard for
  • Symantec 460R | Administration Guide - Page 176
    product Any of the Symantec or non-Symantec security products from which instructions for the computer to perform a particular task. A series of instructions that performs a particular task is called a program. Software instructs VPN tunnel that has manually entered authentication and encryption
  • Symantec 460R | Administration Guide - Page 177
    also leased line. Symantec management console A a number of connection requests very rapidly and then fail to respond to get established. In general, this problem depends on the operating system providing together to accomplish a task or provide a service. For example, a computer system includes
  • Symantec 460R | Administration Guide - Page 178
    involves the requesting computer instructing the remote computer to See also content filtering. user authentication authorized to use the services being requested. The user Symantec AntiVirus Corporate Edition, the administrator must regularly distribute updated virus definitions files to Symantec
  • Symantec 460R | Administration Guide - Page 179
    Web has grown in popularity, its capabilities have expanded to include the exchange of video, audio, animation, and other specialized documents. The World Wide Web is also a system of Internet servers that support specially formatted documents. Another important aspect of the World Wide Web is the
  • Symantec 460R | Administration Guide - Page 180
    180 Glossary
  • Symantec 460R | Administration Guide - Page 181
    change administrator password 19 appliance LAN IP address 49 SGMI language 28 Channel Service Unit (CSU) 29 Client Tunnels tab 78, 84, 88, 149 Client gateway tunnels, global policy settings 79 clusters creating tunnels to Symantec Gateway 5400 Series clusters 72 command buttons 17 compression, tunnel
  • Symantec 460R | Administration Guide - Page 182
    managing lists 87 overview 10 WAN 79 Content Filtering settings 17, 87, 88, 157 creating manually 37 monitoring status 38 verifying connectivity 38 Dial-up Backup & Analog/ISDN tab 36, 130 Digital Service 60 gateway-to-gateway supported VPN tunnels 71 gateway-to-gateway tunnels 70 dynamic
  • Symantec 460R | Administration Guide - Page 183
    tab 94, 95 Logging/Monitoring settings 17 Log Settings 94, 95 Status 118 Troubleshooting 121 View Log 96, 119 M MAC cloning 46 MAC masking 46 Main content filtering lists 87 using the serial console 21 manual dial-up accounts 37 manually connect to PPTP account 35 upgrading firmware 100 manually
  • Symantec 460R | Administration Guide - Page 184
    validation 91 protection preferences configuring protection preferences settings 90 settings 90 Q Query Services 130 question mark 16 R rear panel 420 and 440 appliance 36 460 and 460R 36 redirecting services 59 remote gateway administrator, sharing information 75 remote management 19 resetting the
  • Symantec 460R | Administration Guide - Page 185
    support 109 testing connectivity 45 TFTP 20, 100 time-outs, SMTP 62 traffic flow inbound access 56 outbound access 57 Trojan horse protection 90 Troubleshooting 107 Troubleshooting 97 upgrading firmware Norton Internet Security 100 V verifying PPPoE connectivity 32 video conferencing 60 View Log
  • Symantec 460R | Administration Guide - Page 186
    186 Index
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
Symantec™ Gateway Security
400 Series
Administrator’s Guide
Supported models:
Models 420, 440, 460, and 460R