Administration Guide
Page 5
... user interface ...18 Understanding left pane main menu options 19 Understanding right pane features ...19 Tips for using the SGMI ...20 Managing administrative access ...20 Setting the administration password 20 Configuring remote management ...21 Managing the security gateway using the serial console 23 Configuring a connection to the outside network About connecting to the outside network ...25 Network examples ...26 Understanding the Setup Wizard ...29 About dual-WAN port appliances ...30 Understanding connection types ...31 Configuring connectivity ...32 DHCP ...32 PPPoE ...32 Static...
... user interface ...18 Understanding left pane main menu options 19 Understanding right pane features ...19 Tips for using the SGMI ...20 Managing administrative access ...20 Setting the administration password 20 Configuring remote management ...21 Managing the security gateway using the serial console 23 Configuring a connection to the outside network About connecting to the outside network ...25 Network examples ...26 Understanding the Setup Wizard ...29 About dual-WAN port appliances ...30 Understanding connection types ...31 Configuring connectivity ...32 DHCP ...32 PPPoE ...32 Static...
Administration Guide
Page 12
... Notes This document provides a summary of new and changed product features, system requirements, and issues and workarounds. ■ Symantec™ Gateway Security 300/400 Series Wireless Implementation Guide This guide describes how to install and configure the wireless LAN card in the appliance to administer Symantec security gateways from the SESA environment using the controls provided in the Security Gateway Management Interface (SGMI). You join each local security gateway to -large enterprises and supported security services environments. It...
... Notes This document provides a summary of new and changed product features, system requirements, and issues and workarounds. ■ Symantec™ Gateway Security 300/400 Series Wireless Implementation Guide This guide describes how to install and configure the wireless LAN card in the appliance to administer Symantec security gateways from the SESA environment using the controls provided in the Security Gateway Management Interface (SGMI). You join each local security gateway to -large enterprises and supported security services environments. It...
Administration Guide
Page 18
... Tab key on your Web browser. Setting and changing the password periodically limits access to the SGMI to people who have remote access to the SGMI. See "Resetting the appliance" on page 104. ■ Connecting to the serial port Resetting the appliance through the serial console resets the password to the SGMI. See "Managing the security gateway using the Reset button resets the password to password, resets the LAN IP address to 192.168.0.1, and enables the DHCP server...
... Tab key on your Web browser. Setting and changing the password periodically limits access to the SGMI to people who have remote access to the SGMI. See "Resetting the appliance" on page 104. ■ Connecting to the serial port Resetting the appliance through the serial console resets the password to the SGMI. See "Managing the security gateway using the Reset button resets the password to password, resets the LAN IP address to 192.168.0.1, and enables the DHCP server...
Administration Guide
Page 28
... the Symantec Gateway Security 400 Series Installation Guide for more information Connection types Configure a connection type for each WAN See "Understanding connection types" on each WAN port. About dual-WAN port appliances Symantec Gateway Security 400 Series models 460 and 460R appliances have a static IP account through your business as a completely different connection. Table 3-1 WAN port configurations Configuration WAN port For more information. Optional network settings You can specify different configurations for See "Optional network settings" on port. See...
... the Symantec Gateway Security 400 Series Installation Guide for more information Connection types Configure a connection type for each WAN See "Understanding connection types" on each WAN port. About dual-WAN port appliances Symantec Gateway Security 400 Series models 460 and 460R appliances have a static IP account through your business as a completely different connection. Table 3-1 WAN port configurations Configuration WAN port For more information. Optional network settings You can specify different configurations for See "Optional network settings" on port. See...
Administration Guide
Page 35
... two basic types of dial-up account. See "PPTP tab field descriptions" on the Status tab, under WAN1 (External Port), the connection status is displayed. This is active. You can manually control the connection for troubleshooting connectivity. Then, you can configure a primary dial-up account and a backup dial-up accounts: analog and ISDN. On the appliance, you can use the SGMI to configure the dial...
... two basic types of dial-up account. See "PPTP tab field descriptions" on the Status tab, under WAN1 (External Port), the connection status is displayed. This is active. You can manually control the connection for troubleshooting connectivity. Then, you can configure a primary dial-up account and a backup dial-up accounts: analog and ISDN. On the appliance, you can use the SGMI to configure the dial...
Administration Guide
Page 42
... on a network with more than one directly connected router, you must specify to be routed. Routing helps the flow of routing: dynamic and static. The appliance supports two types of traffic when you specify. Configure dynamic or static routing to send traffic. Configuring routing If you install Symantec Gateway Security 400 Series appliances on both the internal (LAN) and external (WAN) interfaces. Contact your IT department for the router to which router to fit your needs. To add a route entry...
... on a network with more than one directly connected router, you must specify to be routed. Routing helps the flow of routing: dynamic and static. The appliance supports two types of traffic when you specify. Configure dynamic or static routing to send traffic. Configuring routing If you install Symantec Gateway Security 400 Series appliances on both the internal (LAN) and external (WAN) interfaces. Contact your IT department for the router to which router to fit your needs. To add a route entry...
Administration Guide
Page 50
... is enabled by default. Table 4-1 shows the default start and end IP addresses for each client connecting to the LAN must have a Web server on your site, you support 50 clients on your traffic characteristics. Class C networks have a mix of hosts. 50 Configuring internal connections Configuring the appliance as a DHCP server Configuring the appliance as a DHCP server Dynamic Host Configuration Protocol (DHCP) allocates local IP addresses to computers on the LAN without manually assigning each model. If you have a static...
... is enabled by default. Table 4-1 shows the default start and end IP addresses for each client connecting to the LAN must have a Web server on your site, you support 50 clients on your traffic characteristics. Class C networks have a mix of hosts. 50 Configuring internal connections Configuring the appliance as a DHCP server Configuring the appliance as a DHCP server Dynamic Host Configuration Protocol (DHCP) allocates local IP addresses to computers on the LAN without manually assigning each model. If you have a static...
Administration Guide
Page 97
... of the Setup Wizard. LiveUpdate only downloads and applies non-destructive firmware. Do not use the Preferred Time feature to schedule updates during the LiveUpdate upload). Run LiveUpdate as soon as a power outage during off hours. When LiveUpdate checks for firmware updates and none are two types of security available. Before performing an upgrade, make note of the configuration settings. All LiveUpdate packages posted by Symantec are...
... of the Setup Wizard. LiveUpdate only downloads and applies non-destructive firmware. Do not use the Preferred Time feature to schedule updates during the LiveUpdate upload). Run LiveUpdate as soon as a power outage during off hours. When LiveUpdate checks for firmware updates and none are two types of security available. Before performing an upgrade, make note of the configuration settings. All LiveUpdate packages posted by Symantec are...
Administration Guide
Page 100
...: ■ symcftpw utility Located on the Tools folder on the appliance. ■ Firmware file Download the latest firmware file from Symantec's Web site. Note: If the computer on the Status tab. Your current firmware version number is available in Norton Internet Security to put firmware on the CD-ROM included with your configuration. See "Setting the administration password" on models 420 and 440. Flashing the firmware Before you perform a manual firmware upgrade, ensure you...
...: ■ symcftpw utility Located on the Tools folder on the appliance. ■ Firmware file Download the latest firmware file from Symantec's Web site. Note: If the computer on the Status tab. Your current firmware version number is available in Norton Internet Security to put firmware on the CD-ROM included with your configuration. See "Setting the administration password" on models 420 and 440. Flashing the firmware Before you perform a manual firmware upgrade, ensure you...
Administration Guide
Page 101
... File text box, type a file name for reference in the Symantec Gateway Security 400 Series Installation Guide. LiveUpdate updates retain your hard drive. 5 Double-click the symcftpw icon. 6 In the Server IP text box, type the LAN IP address of models 460 and 460R. Use Figure 9-2 and Figure 9-3 for the firmware upgrade file. 8 Click Put. Before you can also change the address of the appliance. 2 Turn DIP switches 1 and 2 (4) to do so by Symantec Technical Support...
... File text box, type a file name for reference in the Symantec Gateway Security 400 Series Installation Guide. LiveUpdate updates retain your hard drive. 5 Double-click the symcftpw icon. 6 In the Server IP text box, type the LAN IP address of models 460 and 460R. Use Figure 9-2 and Figure 9-3 for the firmware upgrade file. 8 Click Put. Before you can also change the address of the appliance. 2 Turn DIP switches 1 and 2 (4) to do so by Symantec Technical Support...
Administration Guide
Page 118
... WAN port based on your local configuration. The default value is the factory setting. Displays the physical address (MAC) of the security gateway. Displays enabled or disabled, depending on whether the security gateway acts as set on the LAN tab. Media Access Control (MAC) address of the security gateway's LAN port. If DHCP Client is enabled, this is obtained when you start the security gateway. The default value is 255.255.255.0. If enabled, the security gateway uses DHCP to request an IP address, DNS server, and routing information from Dynamic...
... WAN port based on your local configuration. The default value is the factory setting. Displays the physical address (MAC) of the security gateway. Displays enabled or disabled, depending on whether the security gateway acts as set on the LAN tab. Media Access Control (MAC) address of the security gateway's LAN port. If DHCP Client is enabled, this is obtained when you start the security gateway. The default value is 255.255.255.0. If enabled, the security gateway uses DHCP to request an IP address, DNS server, and routing information from Dynamic...
Administration Guide
Page 129
... descriptions Static IP & DNS tab field descriptions Use the Static IP & DNS tab to configure the security gateway to connect to the Internet with an account that uses PPPoE for authentication. Netmask for resolving host and IP addresses. Table C-13 Static IP and DNS tab field descriptions Section WAN IP (Single WAN port models) WAN 1 IP, WAN 2 IP (Dual WAN port models) Field IP Address Netmask Default Gateway Domain Name Servers DNS 1, DNS 2, DNS 3 Description Static IP address for which you configure how the WAN port uses PPPoE. The security gateway...
... descriptions Static IP & DNS tab field descriptions Use the Static IP & DNS tab to configure the security gateway to connect to the Internet with an account that uses PPPoE for authentication. Netmask for resolving host and IP addresses. Table C-13 Static IP and DNS tab field descriptions Section WAN IP (Single WAN port models) WAN 1 IP, WAN 2 IP (Dual WAN port models) Field IP Address Netmask Default Gateway Domain Name Servers DNS 1, DNS 2, DNS 3 Description Static IP address for which you configure how the WAN port uses PPPoE. The security gateway...
Administration Guide
Page 167
..., the appliance starts a failover sequence, using DNS requests, to an existing connection. application server A server that lets clients use in the pattern of a group of packets, that is running. See also RADIUS. administrator 1. The administrator may also update security settings on a network and configuring them. allow list Also called a "white list." Authentication occurs through a security gateway interface or secure tunnel. An active session refers to a backup connection. The sending device transmits a start bit and...
..., the appliance starts a failover sequence, using DNS requests, to an existing connection. application server A server that lets clients use in the pattern of a group of packets, that is running. See also RADIUS. administrator 1. The administrator may also update security settings on a network and configuring them. allow list Also called a "white list." Authentication occurs through a security gateway interface or secure tunnel. An active session refers to a backup connection. The sending device transmits a start bit and...
Administration Guide
Page 168
... a user or other hardware component that is used to connect peripheral devices to each end. Protection from servers all local printers may be any Ethernet-enabled device like a printer or scanner. A network condition in transferring information. Symantec Gateway Security 400 Series appliances offer broadcast storm protection to the data speed in a client/server relationship with the computer that enables remote communications and data transfer between computers by launching a multitude of service attacks...
... a user or other hardware component that is used to connect peripheral devices to each end. Protection from servers all local printers may be any Ethernet-enabled device like a printer or scanner. A network condition in transferring information. Symantec Gateway Security 400 Series appliances offer broadcast storm protection to the data speed in a client/server relationship with the computer that enables remote communications and data transfer between computers by launching a multitude of service attacks...
Administration Guide
Page 173
..., a credit card number) that supports PPTP on the LAN. See MAC address. A defined security gateway rule that are traveling across a network. The system compares the code against a stored list of a logical connection. Some ISPs use software tools called shared secret. Messages are configured to match specific protocols or services (like FTP or Web) and you may have various types of DSL modem providers, PPPoE supports the protocol layers and authentication widely used in other peripheral devices...
..., a credit card number) that supports PPTP on the LAN. See MAC address. A defined security gateway rule that are traveling across a network. The system compares the code against a stored list of a logical connection. Some ISPs use software tools called shared secret. Messages are configured to match specific protocols or services (like FTP or Web) and you may have various types of DSL modem providers, PPPoE supports the protocol layers and authentication widely used in other peripheral devices...
Administration Guide
Page 175
... as clients) that request specific services. Common examples are assuming more fundamental part of doing business, computer and information security are Web servers and mail servers. A Web browser that can choose to use a secure protocol, such as the point of decryption and encryption for personal computer serial communications. See also notification. A location for security purposes. Hardware or software that provides services to its managed clients. Refers to different types of network...
... as clients) that request specific services. Common examples are assuming more fundamental part of doing business, computer and information security are Web servers and mail servers. A Web browser that can choose to use a secure protocol, such as the point of decryption and encryption for personal computer serial communications. See also notification. A location for security purposes. Hardware or software that provides services to its managed clients. Refers to different types of network...
Administration Guide
Page 183
Global IKE Policy 66 global policy settings, client-to PPTP account 35 upgrading firmware 100 manually reset password 19 Maximum Transmission Unit (MTU) 39 menu tabs 17 modem connectivity 36 monitoring antivirus server status 85 DHCP usage 51 dial-up accounts 38 monitoring VPN tunnel status 80 N NAT mode 62 Nestea 89 network access,planning 53 network connections 29 network security best practices 13 network settings optional 46 network traffic control 53 network traffic control,advanced 81 Newtear 89 Index 183 See load balancing...
Global IKE Policy 66 global policy settings, client-to PPTP account 35 upgrading firmware 100 manually reset password 19 Maximum Transmission Unit (MTU) 39 menu tabs 17 modem connectivity 36 monitoring antivirus server status 85 DHCP usage 51 dial-up accounts 38 monitoring VPN tunnel status 80 N NAT mode 62 Nestea 89 network access,planning 53 network connections 29 network security best practices 13 network settings optional 46 network traffic control 53 network traffic control,advanced 81 Newtear 89 Index 183 See load balancing...
Administration Guide
Page 185
... remote management 19 W WAN port configuration 23, 28 configuring MTU 39 connection 23 WAN/ISP advanced settings 43 configuring idle renew 38 WAN/ISP multiple IP addresses 30 WAN/ISP settings 17 Advanced 39, 43, 44, 46, 136 Analog/ISDN 36 DHCP 30 Dial-up Backup & Analog/ISDN 37, 130 Dynamic DNS 40, 41, 133 Main Setup 45, 128 PPPoE 31, 129 PPTP 34, 132 Routing 42, 134 Static IP & DNS 33, 129 Winnuke 90 Wireless settings 17 wizards...
... remote management 19 W WAN port configuration 23, 28 configuring MTU 39 connection 23 WAN/ISP advanced settings 43 configuring idle renew 38 WAN/ISP multiple IP addresses 30 WAN/ISP settings 17 Advanced 39, 43, 44, 46, 136 Analog/ISDN 36 DHCP 30 Dial-up Backup & Analog/ISDN 37, 130 Dynamic DNS 40, 41, 133 Main Setup 45, 128 PPPoE 31, 129 PPTP 34, 132 Routing 42, 134 Static IP & DNS 33, 129 Winnuke 90 Wireless settings 17 wizards...
Installation Guide
Page 8
Lists the product specifications, safeguard instructions, and certifications. Tells you how to find more information The Symantec Gateway Security 400 Series functionality is described in the following manuals: ■ Symantec™ Gateway Security 400 Series Quick Start Card This card briefly describes how to physically install and connect the appliance. ■ Symantec™ Gateway Security 400 Series Getting Started Guide This guide lists the tasks the user will want to perform after the initial setup to...
Lists the product specifications, safeguard instructions, and certifications. Tells you how to find more information The Symantec Gateway Security 400 Series functionality is described in the following manuals: ■ Symantec™ Gateway Security 400 Series Quick Start Card This card briefly describes how to physically install and connect the appliance. ■ Symantec™ Gateway Security 400 Series Getting Started Guide This guide lists the tasks the user will want to perform after the initial setup to...
Installation Guide
Page 17
... user names and passwords. You can configure the appliance to connect only when an Internet request is made from a client to a server by creating a tunnel over Ethernet (PPPoE) is a new connection, you can change the appliance to verify connectivity. By default, all settings are associated with your ISP charges on the LAN (for connection time. These are called PPPoE sessions. DSL PPPoE PPTP Running the Setup Wizard 17 Understanding connection types If you are using the security gateway...
... user names and passwords. You can configure the appliance to connect only when an Internet request is made from a client to a server by creating a tunnel over Ethernet (PPPoE) is a new connection, you can change the appliance to verify connectivity. By default, all settings are associated with your ISP charges on the LAN (for connection time. These are called PPPoE sessions. DSL PPPoE PPTP Running the Setup Wizard 17 Understanding connection types If you are using the security gateway...