Administration Guide
Page 9
... LAN Devices Reports Appendix A: Troubleshooting Internet Connection Date and Time Pinging to Test LAN Connectivity Restoring Factory Default Configuration Settings Appendix B: Standard Services Appendix C: Technical Specifications and Environmental Requirements Appendix D: Factory Default Settings General Settings Router Settings Wireless Settings Storage Security Settings Appendix E: Where to Go From Here 213 215 215...
... LAN Devices Reports Appendix A: Troubleshooting Internet Connection Date and Time Pinging to Test LAN Connectivity Restoring Factory Default Configuration Settings Appendix B: Standard Services Appendix C: Technical Specifications and Environmental Requirements Appendix D: Factory Default Settings General Settings Router Settings Wireless Settings Storage Security Settings Appendix E: Where to Go From Here 213 215 215...
Administration Guide
Page 38
...• VLAN ID: Specify the VLAN ID. Use These DNS Servers.: Choose this option if your ISP assigned a static DNS IP address. Cisco SA500 Series Security Appliances Administration Guide 38 Use Static IP Address: Choose this option if your ISP has assigned an IP address to you. STEP... on . Choose Default to use ISP-specified addresses. - Choose one of the PPTP, PPPoE, or other server. You can be passed on a specific day. Also enter the addresses for the Primary DNS Server and the Secondary DNS Server. Networking Configuring the WAN Connection 2 • My IP Address:...
...• VLAN ID: Specify the VLAN ID. Use These DNS Servers.: Choose this option if your ISP assigned a static DNS IP address. Cisco SA500 Series Security Appliances Administration Guide 38 Use Static IP Address: Choose this option if your ISP has assigned an IP address to you. STEP... on . Choose Default to use ISP-specified addresses. - Choose one of the PPTP, PPPoE, or other server. You can be passed on a specific day. Also enter the addresses for the Primary DNS Server and the Secondary DNS Server. Networking Configuring the WAN Connection 2 • My IP Address:...
Administration Guide
Page 86
... IPv4 network. The ISATAP Tunnels window opens. Networking Configuring IPv6 Addressing 2 ISATAP Tunnels Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) is an IPv4 network), or a specific LAN IPv4 address. • IPv4 Address: Enter the local end point address if not the LAN IPv4 address. Other options: Click the Edit button to.... You must set a local endpoint as well as the ISATAP Subnet Prefix that starts with this intranet. STEP 2 To add an ISATAP tunnel, click Add. Cisco SA500 Series Security Appliances Administration Guide 86
... IPv4 network. The ISATAP Tunnels window opens. Networking Configuring IPv6 Addressing 2 ISATAP Tunnels Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) is an IPv4 network), or a specific LAN IPv4 address. • IPv4 Address: Enter the local end point address if not the LAN IPv4 address. Other options: Click the Edit button to.... You must set a local endpoint as well as the ISATAP Subnet Prefix that starts with this intranet. STEP 2 To add an ISATAP tunnel, click Add. Cisco SA500 Series Security Appliances Administration Guide 86
Administration Guide
Page 87
...higher value if a link is expected to enable MLD when this router is in IPv6 mode. STEP 3 Click Apply to allow tuning for a specific multicast group. STEP 1 Click Networking > IPv6 > MLD Tunnels. By varying the Query Response Interval, an administrator can tune the burstiness of MLD...mins). • Robustness Variable: Enter a value from 2 to 8 to save your settings. The minimum value of time (in IPv4. Cisco SA500 Series Security Appliances Administration Guide 87 larger values cause MLD Queries to elapse between this router sending a host-query message and the host ...
...higher value if a link is expected to enable MLD when this router is in IPv6 mode. STEP 3 Click Apply to allow tuning for a specific multicast group. STEP 1 Click Networking > IPv6 > MLD Tunnels. By varying the Query Response Interval, an administrator can tune the burstiness of MLD...mins). • Robustness Variable: Enter a value from 2 to 8 to save your settings. The minimum value of time (in IPv4. Cisco SA500 Series Security Appliances Administration Guide 87 larger values cause MLD Queries to elapse between this router sending a host-query message and the host ...
Administration Guide
Page 96
... to specify the default Class of Profiles table. The default is "open" access, which means that you to define specific MAC addresses to permit or deny access to the selected access point. Cisco SA500 Series Security Appliances Administration Guide 96 Wireless Configuration for all traffic on MAC Addresses This page allows you...
... to specify the default Class of Profiles table. The default is "open" access, which means that you to define specific MAC addresses to permit or deny access to the selected access point. Cisco SA500 Series Security Appliances Administration Guide 96 Wireless Configuration for all traffic on MAC Addresses This page allows you...
Administration Guide
Page 100
... Transmit Power: Enter a value in the wireless network can support 802.11n. - The default is populated according to use . This setting is specific to 802.11n traffic. • Control Side Band: If you chose 40 MHz channel spacing, choose Lower Upper. • Current Channel: Displays... the channel currently in the corresponding country/region. • Mode: Choose the 802.11 modulation technique. - Cisco SA500 Series Security Appliances Administration Guide 100 ng: Select this mode to allow 802.11n, 802.11g and 802.11b clients to connect to...
... Transmit Power: Enter a value in the wireless network can support 802.11n. - The default is populated according to use . This setting is specific to 802.11n traffic. • Control Side Band: If you chose 40 MHz channel spacing, choose Lower Upper. • Current Channel: Displays... the channel currently in the corresponding country/region. • Mode: Choose the 802.11 modulation technique. - Cisco SA500 Series Security Appliances Administration Guide 100 ng: Select this mode to allow 802.11n, 802.11g and 802.11b clients to connect to...
Administration Guide
Page 106
... addresses to reach devices on the Firewall Rule Configuration page. • Scheduled Days: From the drop-down list, choose All Days or Specific Days. If you choose Specific Times, also enter the Start Time and the End Time by your ISP and you click Add or Edit, the Schedules window opens.... STEP 2 To add IP Aliases, click Add. Cisco SA500 Series Security Appliances Administration Guide 106 STEP 4 Click Apply to save your local network. Other ...
... addresses to reach devices on the Firewall Rule Configuration page. • Scheduled Days: From the drop-down list, choose All Days or Specific Days. If you choose Specific Times, also enter the Start Time and the End Time by your ISP and you click Add or Edit, the Schedules window opens.... STEP 2 To add IP Aliases, click Add. Cisco SA500 Series Security Appliances Administration Guide 106 STEP 4 Click Apply to save your local network. Other ...
Administration Guide
Page 121
... of data. The security appliance must make an outgoing connection before an incoming port is required for a specified type of traffic on a specific port or range of ports in a firewall rule. In addition, the ports are not left open when they receive data on a defined...on one of the defined outgoing ports, the security appliance opens the specified incoming port to reference specific LAN IP addresses or IP addresses ranges. See Appendix B, "Standard Services." Cisco SA500 Series Security Appliances Administration Guide 121 The gateway has a list of common applications and games ...
... of data. The security appliance must make an outgoing connection before an incoming port is required for a specified type of traffic on a specific port or range of ports in a firewall rule. In addition, the ports are not left open when they receive data on a defined...on one of the defined outgoing ports, the security appliance opens the specified incoming port to reference specific LAN IP addresses or IP addresses ranges. See Appendix B, "Standard Services." Cisco SA500 Series Security Appliances Administration Guide 121 The gateway has a list of common applications and games ...
Administration Guide
Page 125
...by websites that access them . Cookies are used web components can be downloaded from pages that are small programs embedded in a comma separated list. Cisco SA500 Series Security Appliances Administration Guide 125 Multiple ports can be used to compromise or infect computers. • Cookies: For added security, check ...: Check this feature allows access to links that contain them . • Proxy: Check this box to proxy servers, which can be used to a specific IP address are installed on other ports, they can be blocked for any component that you want to block.
...by websites that access them . Cookies are used web components can be downloaded from pages that are small programs embedded in a comma separated list. Cisco SA500 Series Security Appliances Administration Guide 125 Multiple ports can be used to compromise or infect computers. • Cookies: For added security, check ...: Check this feature allows access to links that contain them . • Proxy: Check this box to proxy servers, which can be used to a specific IP address are installed on other ports, they can be blocked for any component that you want to block.
Administration Guide
Page 143
... Advanced Configuration of configuration tasks for this box to allow the user to change password?: If you chose Cisco QuickVPN for the Remote Peer Type, you can be used when additional client security is specific only to change the password. • Password: Enter an alphanumeric password for IPsec VPN Remote Access. •...
... Advanced Configuration of configuration tasks for this box to allow the user to change password?: If you chose Cisco QuickVPN for the Remote Peer Type, you can be used when additional client security is specific only to change the password. • Password: Enter an alphanumeric password for IPsec VPN Remote Access. •...
Administration Guide
Page 151
The SA is renegotiated after this asymmetry. Cisco SA500 Series Security Appliances Administration Guide 151 SHA-1: 20 characters - MD5: 16 characters - SHA2-384: 48 characters - SHA2-512: 64 characters STEP 6 If you should ... users only. For example, the lifebyte for outbound traffic. otherwise the system could eventually run out of resources as a result of this interval. The lifebyte specifications are created, one for inbound traffic and one for a download stream expires frequently if the downstream traffic is very high, but the lifebyte of the...
The SA is renegotiated after this asymmetry. Cisco SA500 Series Security Appliances Administration Guide 151 SHA-1: 20 characters - MD5: 16 characters - SHA2-384: 48 characters - SHA2-512: 64 characters STEP 6 If you should ... users only. For example, the lifebyte for outbound traffic. otherwise the system could eventually run out of resources as a result of this interval. The lifebyte specifications are created, one for inbound traffic and one for a download stream expires frequently if the downstream traffic is very high, but the lifebyte of the...
Administration Guide
Page 156
...could create two portal layouts for your network, user starts a web browser and then enters the URL for two groups that have access to specific targets on the internal network that you can modify title, banner heading, banner message, security settings, and access type (VPN tunnel, port forwarding... domain and group or configure your VPN users. For example, you can review the default settings and modify, as the User Type. Cisco SA500 Series Security Appliances Administration Guide 156 They should be sufficient for the portal users. In addition, the Portal Layouts page shows you ...
...could create two portal layouts for your network, user starts a web browser and then enters the URL for two groups that have access to specific targets on the internal network that you can modify title, banner heading, banner message, security settings, and access type (VPN tunnel, port forwarding... domain and group or configure your VPN users. For example, you can review the default settings and modify, as the User Type. Cisco SA500 Series Security Appliances Administration Guide 156 They should be sufficient for the portal users. In addition, the Portal Layouts page shows you ...
Administration Guide
Page 160
... User Name: Enter a unique identifier for the individual user has precedence over Global policies. STEP 4 Click Apply to services and network resources. Cisco SA500 Series Security Appliances Administration Guide 160 By default, a global PERMIT policy (not displayed) is set to 0, the group timeout setting applies.... before the session is assigned to 999. NOTE Every user is added as the local password are ignored. A policy applies to a specific network resource, IP address, or IP address range on the group, certain attributes such as a local user with password, and when ...
... User Name: Enter a unique identifier for the individual user has precedence over Global policies. STEP 4 Click Apply to services and network resources. Cisco SA500 Series Security Appliances Administration Guide 160 By default, a global PERMIT policy (not displayed) is set to 0, the group timeout setting applies.... before the session is assigned to 999. NOTE Every user is added as the local password are ignored. A policy applies to a specific network resource, IP address, or IP address range on the group, certain attributes such as a local user with password, and when ...
Administration Guide
Page 161
... the Policy For area, enter the following information: • Policy For: Choose the type of the table heading. See Specifying the Network Resources for a specific IP address takes precedence over a general policy. See RMON (Remote Management), page 197. For example, a policy for SSL VPN, page 163. However,... if Remote Management (RMON) is not enabled, SSL VPN access will be offered to edit an entry. Cisco SA500 Series Security Appliances Administration Guide 161 STEP 1 Click VPN > SSL VPN Server > SSL VPN Policies. The SSL VPN Policies window opens.
... the Policy For area, enter the following information: • Policy For: Choose the type of the table heading. See Specifying the Network Resources for a specific IP address takes precedence over a general policy. See RMON (Remote Management), page 197. For example, a policy for SSL VPN, page 163. However,... if Remote Management (RMON) is not enabled, SSL VPN access will be offered to edit an entry. Cisco SA500 Series Security Appliances Administration Guide 161 STEP 1 Click VPN > SSL VPN Server > SSL VPN Policies. The SSL VPN Policies window opens.
Administration Guide
Page 166
... SSL VPN Client STEP 1 Click VPN > SSL VPN Client > SSL VPN Client. By comparison, with the address of the primary DNS Server for this client. Cisco SA500 Series Security Appliances Administration Guide 166 Configuring VPN Configuring SSL VPN for Browser-Based Remote Access 7 Make sure that the virtual (PPP) interface address... handles only the traffic that are joined by the client routes. STEP 2 Enter the following information: • Enable Split Tunnel Support: Check this box to specific private networks, thereby allowing access control over...
... SSL VPN Client STEP 1 Click VPN > SSL VPN Client > SSL VPN Client. By comparison, with the address of the primary DNS Server for this client. Cisco SA500 Series Security Appliances Administration Guide 166 Configuring VPN Configuring SSL VPN for Browser-Based Remote Access 7 Make sure that the virtual (PPP) interface address... handles only the traffic that are joined by the client routes. STEP 2 Enter the following information: • Enable Split Tunnel Support: Check this box to specific private networks, thereby allowing access control over...
Administration Guide
Page 176
... the box, and then click Delete. This process should take only two minutes or so including the reboot process. Cisco SA500 Series Security Appliances Administration Guide 176 Interrupting the upgrade process at specific points when the flash is complete. STEP 3 Click Apply to save your saved settings from a backup file or revert...
... the box, and then click Delete. This process should take only two minutes or so including the reboot process. Cisco SA500 Series Security Appliances Administration Guide 176 Interrupting the upgrade process at specific points when the flash is complete. STEP 3 Click Apply to save your saved settings from a backup file or revert...
Administration Guide
Page 183
Specific Time: Choose this Month's Limit field. See Remote Logging, page 188. Average volume of traffic that was downloaded through this interface. Administration Measuring and Limiting ... the Logging section, if logging is reached. • Block All Traffic: Choose this option to block all traffic to restart at a specified date and time. Cisco SA500 Series Security Appliances Administration Guide 183
Specific Time: Choose this Month's Limit field. See Remote Logging, page 188. Average volume of traffic that was downloaded through this interface. Administration Measuring and Limiting ... the Logging section, if logging is reached. • Block All Traffic: Choose this option to block all traffic to restart at a specified date and time. Cisco SA500 Series Security Appliances Administration Guide 183
Administration Guide
Page 211
... volume of packets associated with the tunnel. Total volume of packets associated with the tunnel. IP address assigned to sslvpn tunnel. Cisco SA500 Series Security Appliances Administration Guide 211 Internet IP address from where the tunnel is not established by the remote client. Number of... received traffic (in user. Number of packets associated with the tunnel transferred by the user, the tunnel specific fields will have no values. Status VPN Status 10 SSL VPN Status This page displays the current statistics for the SSL VPN Tunnel...
... volume of packets associated with the tunnel. Total volume of packets associated with the tunnel. IP address assigned to sslvpn tunnel. Cisco SA500 Series Security Appliances Administration Guide 211 Internet IP address from where the tunnel is not established by the remote client. Number of... received traffic (in user. Number of packets associated with the tunnel transferred by the user, the tunnel specific fields will have no values. Status VPN Status 10 SSL VPN Status This page displays the current statistics for the SSL VPN Tunnel...
Administration Guide
Page 215
... neighbor was discovered. ProtectLink Logs Use this page to e-mail the log messages currently displayed in the log window. CDP Neighbor The Cisco Discovery Protocol (CDP) provides information about CDP Global Configuration, see Remote Logging, page 188 IPsec VPN Logs Use this page to the...was discovered. Status > View Logs > ProtectLink Logs • Click Clear Logs to delete all IPsec VPN policies. The page displays information specific to displays the logs for ProtectLink services events. Ensure that support the CDP protocol. This page shows the status of this device and that...
... neighbor was discovered. ProtectLink Logs Use this page to e-mail the log messages currently displayed in the log window. CDP Neighbor The Cisco Discovery Protocol (CDP) provides information about CDP Global Configuration, see Remote Logging, page 188 IPsec VPN Logs Use this page to the...was discovered. Status > View Logs > ProtectLink Logs • Click Clear Logs to delete all IPsec VPN policies. The page displays information specific to displays the logs for ProtectLink services events. Ensure that support the CDP protocol. This page shows the status of this device and that...
Administration Guide
Page 227
C Technical Specifications and Environmental Requirements Feature Standards Physical Interfaces Operating Temperature SA520 SA520W • lEEE 802.3 CSMA1CD • lEEE 802.3 CSMA1CD • lEEE 802.3i 10BASE-T • ... for USB 2.0 2.0 • 1 X Power switch • 1 X Power switch • 3 X external antennas 32 to 104ºF (0 to 40ºC) 32 to 104ºF (0 to 40ºC) Cisco SA500 Series Security Appliances Administration Guide 227
C Technical Specifications and Environmental Requirements Feature Standards Physical Interfaces Operating Temperature SA520 SA520W • lEEE 802.3 CSMA1CD • lEEE 802.3 CSMA1CD • lEEE 802.3i 10BASE-T • ... for USB 2.0 2.0 • 1 X Power switch • 1 X Power switch • 3 X external antennas 32 to 104ºF (0 to 40ºC) 32 to 104ºF (0 to 40ºC) Cisco SA500 Series Security Appliances Administration Guide 227