UTM User Manual
Contents
1. External Service port 202 i he Internal Address 10_host2 Y Internal Service port1202 v Comments Info Figure 60 Add Destination NAT Rule Port Forwarding Destination NAT teins Enable Order interface External Address External Service internal Address internal Service YM av eto 190 168 0 76 10 best wrt 8 x 10 hot Port Forwarding AV eto 192 168 0 76 Figure 61 Port Forwarding Destination NAT www allo com Version 2 0 50 UTM User Manual Q a LO 6 1 7 Source NAT Navigate through Policies gt Firewall gt Source NAT It changes the source address in IP header of a packet and also changes the source port in the TCP UDP headers The typical usage is to change the private address port into a public address port for packets leaving your network Masquerading is a special form of Source NAT where the source address is unknown at the time the rule is added to the tables in the kernel If you want to allow hosts with private address behind your firewall to access the Internet then external address is variable DHCP Masquerading will modify the source IP address and port of the packet to be the primary IP address assigned to the outgoing interface Add Source NAT Rule Enable Interface ethO v Source Address YPN_Network v C Negate Destination Address ANY v C Negate Destination Service http wi Negate External Ad2. Count 24 Packet Trace Result PING 192 168 0 36 192 168 0 36 from 192 168 0 36 eth0 56 84 bytes of data 64 bytes from 192 168 0 36 icmp_seq 1 t1 64 time 0 259 ms 64 bytes from 192 168 0 36 icmp_seg 2 ttl 64 time 0 151 ms 192 168 0 36 ping statistics 2 packets transmitted 2 received 0 packet loss time 999ms tt minfavg maxmdey 0 161 0 205 0 259 0 054 ms Figure 109 Ping 8 3 Trace Route Navigate through Diagnostics gt Traceroute The administrator can troubleshoot the network connectivity issues with running a trace route from the UTM device The administrator needs to enter the IP address which the route needs to be traced from the UTM appliance hop count and click the Trace route button to run the task The trace route results will be displayed in the text area once the trace route task is complete www allo com Version 2 0 87 UTM User Manual Q a LO Diagnostics Trace Route Ping gt Trace Route Host 192 168 0 36 DNS Lookup lena mf Use ICMP Packet Trace L Result traceroute to 192 168 0 36 192 168 0 36 4 hops max 46 byte packets 1 pe deepthi 192 168 0 36 0 395 ms 0 300 ms 0 303 ms Trace x Clear Figure 110 Trace Route 8 4 DNS Lookup Navigate through Diagnostics gt DNS Lookup To look up a DNS address 1 Locate the Perform a DNS Lookup section on the Diagnostics screen In the DNS Server Nam
3. External Address HTTP_SERVERS Y External Service dns wal Comments Info CES x Cancel Figure 64 Add Static NAT Rule www allo com Version 2 0 52 UTM User Manual Q a LO Static NAT A tems T hto 4 of 4 CREED Enable Order Interface Internal Address Internal Service External Address External Service Comments Info AY ehd 10 hosti port1202 10 host72 port 1203 E X AV ho 10 host port1202 192 168 0 76 port1232 E Xx AY thd ANY Smtp SMTP_SERWERS http x Static NAT O AV eho DNS SERVER port1204 HTTP SERVERS dns ex A 2 tems Tosco 6 CIEN Web Prox Y Artivirus Users Figure 65 Static NAT 6 1 9 QOS Settings Navigate through Policies gt Firewall gt QOS Settings Quality of Service In relation to leased lines QOS is a contractual guarantee of uptime and bandwidth Firewall DSCP Mapping PriorityO O Priority 1 8 Priority 2 16 Priority 3 24 Priority 4 32 Priority 5 40 Priority 6 48 gt QOS Settings Priority 7 56 Web Prox y Antiwirus Users Figure 66 DSCP Mapping 6 2 IPS Navigate through Policies gt IPS Intrusion Prevention System IPS can detect and block attacks before damage has been done It performs in line inspection of network traffic in real time manner The inspection identifies attacks using known vulnerabilities of commonly used software products and protocols The attack patterns
4. Interfaces Static Routes Virtual IPs VLAN Config Destination Netmask Gateway Metric Interface Comments Info Zones 192 168 1 1 255 255 255 255 eth1 WAN Load Balancing 192 168 1 2 255 255 255 255 22 ethO Route to Management Vlan FF X Routing Add gt Static Routes DNS DHCP Server Dynamic DNS PPPoE Profiles Figure 29 Static Routes 4 7 DNS Navigate through Network gt DNS Domain Name System DNS is a service translates domain names into IP addresses In UTM user can configure Primary DNS Secondary DNS and Tertiary DNS by giving either DNS server IP or name Interfaces Virtual IPs WAN Load Balancing Primary 192 168 0 5 VLAN Config Secondary 1921680254 S gt DNS Tertiary 192 168 0 8 Routing DHCP Server Dynamic DNS PPPoE Profiles Figure 30 DNS 4 8 DHCP Server Navigate through Network gt DHCP Server It is used to configure automatic dynamic and static IP leasing to DHCP requests received from network hosts We can configure Dynamic Host Configuration Protocol DHCP for each LAN and VLAN interfaces We need to specify interface name start address end address network mask and gateway And also specify primary DNS mandatory secondary DNS WINS and Domain www allo com Version 2 0 28 UTM User Manual Q a LO Add DHCP Server Settings Interface Comments Default DHCP Start Address 10 0 0 2 End Address 10 0 0 11 Network Mask 255 25
5. 176 Ground Floor EPIP Industrial Area Kundalahalli KR Puram Hobali Whitefield Bangalore 560066 Email globalsales allo com indiasales allo com Phone 91 80 67080808
6. Dest Port Protocol Status Flow Tx Bytes Tx Packet 192 168 0 148 1948 10 0 0 7 5901 top ESTABLISHED 290324 6815 12673220 11607 x System Log 10 0 05 35851 54 93 28 184 80 t ESTABLISHED HTTP 736 4 473 3 IPS Alerts ds x 192 168 0 198 4232 192 168 10 112 10443 t ESTABLISHED 1206 5 321 4 SSLVPN Client Status x 10 0 0 2 2804 109 74 196 143 80 top ESTABLISHED HTTP 262 3 s8 2 xX SSLVPN P2P Status IPSec Status Services Status Figure 99 Connections Information 7 3 3 Bandwidth Usage per IP Navigate through Status Info gt Firewall gt Bandwidth Usage per IP It shows bandwidth usage per IP with Upstream amp Downstream of both TCP amp UDP statuses S www allo com Version 2 0 80 UTM User Manual Q a LO Interfaces Bandwidth Usage Per IP DHCP Leases Firewall IP Address Downstream Usage Upstream Usage TCP Downstream Usage TCP Upstream Usage UDP Downstream Usage UDP Upstream Usage 192 168 10 254 OK DK DK OK OK DK 10 0 0 2 OK OK OK OK OK OK 10 0 0 4 OK OK OK OK OK OK Bandwidth Usage Per IP 10 0 0 5 OK DK DK DK DK OK 10 0 0 6 System Log 192 168 0 148 IPS Alerts SSLYPN Client Status SSLYVPN P2P Status IPSec Status Services Status Figure 100 Bandwidth Usage per IP 7 4 System Log Navigate through Status Info gt System Log System logs shows logs with messages of particular module and logs time stamps User can download the System Logs User also Upda
7. UTM User Manual O allo Add Bandwidth Control Profile Firewall PRIORITY A PRIORITY gt Bandwidth Control IPS VPN Web Proxy Antivirus Users NAT ID Type Minimum Rate Maximum Rate Figure 58 Add Bandwidth Control profile Rate Bandwidth Control Priority Mini mum Rate Maximum Rate 7 6 x Figure 59 Bandwidth Control NAT Network Address Translation translates the source IP address of a device on one to represent a significantly lar network interface usually the Internal to a different IP address as it leaves another interface usually the interface connected to the ISP and the Internet This enables a single public address ger number of private addresses UTM NAT Supports following types i Static NAT ii Source NAT www allo com iii Dynamic NAT Port Forwarding Version 2 0 49 UTM User Manual Q a LO 6 1 6 Port Forwarding Destination NAT Navigate through Policies gt Firewall gt Port Forwarding lt changes the destination address in IP header of a packet and also changes the destination port in the TCP UDP headers The typical usage is to redirect incoming packets with a destination of a public address port to a private IP address port inside your network It is used to forward incoming connection requests to internal network hosts Add Destination NAT Rule Enable Interface etho v External Address 192 168_0 76 Y
8. UTM User Manual Q a LO result the IP address of at least one of the tunnel endpoints needs to be known in advance in order for the other tunnel endpoint to establish or reestablish the VPN tunnel This private network used as a public network to connect remote sites or users together The VPN uses virtual connections routed through the Internet from the business s private network to the remote site or employee 6 3 1 SSLVPN Server Settings Navigate through Policies gt VPN gt SSLVPN Server Settings It allows users to remotely access restricted network resources via a secure and authenticated pathway By encrypting all network traffic and giving the appearance that the user is on the local network regardless of geographic location This protocol achieves a higher level of compatibility with client platforms and configurations for remote networks and firewalls providing a more reliable connection It allows access to administrative systems critical infrastructure and sensitive information maintained by system administrators SSL VPN access can be granted to system administrators as well as vendors and other external collaborators SSLVPN Server Settings Erabi O Dkabk SSLVPN Server Settings Port 1194 Protocol UD w Pretrede piersi aES 125 666 128bt Se mer Certificate Devika VP HS mer se Compressor Erabk O Dkabk Mar cikit 10 Web Proxy Sate rteatio Mock O Password Certicat O Two factor
9. Unified Threat Manager User Manual UTM User Manual Q a LO Copy Right Copyright O 2014 Allo All rights reserved No part of this publication may be copied distributed transmitted transcribed stored in a retrieval system or translated into any human or computer language without the prior written permission of Allo com This document has been prepared for use by professional and properly trained personnel and the customer assumes full responsibility when using it Proprietary Rights The information in this document is Confidential to Allo and is legally privileged The information and this document are intended solely for the addressee Use of this document by anyone else for any other purpose is unauthorized If you are not the intended recipient any disclosure copying or distribution of this information is prohibited and unlawful Disclaimer Information in this document is subject to change without notice and should not be construed as a commitment on the part of allo com And does not assume any responsibility or make any warranty against errors It may appear in this document and disclaims any implied warranty of merchantability or fitness for a particular purpose SSeS SSS ae www allo com Version 2 0 2 UTM User Manual Q a LO About this manual This manual describes the allo product application and explains how to work and use it major features lt serves as a means to describe the user int
10. 10 0 0 7 5901 192 168 0 109 43358 192 168 0 109 43358 203 84 220 80 443 203 84 220 80 443 192 168 0 109 192 168 0 109 hb i ll M M tl M h tl te lll tl h IM Figure 102 IPS Alerts 7 6 SSLVPN Client Status Navigate through Status Info gt SSLVPN Client Status It read the client connection details which is connected to the SSLVPN Server Gateway It shows connected VPN clients to the VPN server with the client username Client real address and Client virtual address Connected Since Byte it has received and sent SSLVPN client status gives you an idea about the user who connected to the VPN server the IP address for both real customers and Virtual customers Also the duration of the connection received and transferred bytes www allo com Version 2 0 82 UTM User Manual Q a LO Interfaces SSLVPN Client Status DHCP Leases did Set Page Refresh Interval 15 Rp Update Refresh System Log Username Client Real Address Client Virtual Address Connected Since Bytes Received Bytes Sent IPS Alerts vpnelient 192 168 0 128 40242 10 8 0 6 Fri Oct 17 08 52 17 2014 4323 4513 Disconnect gt SSLYPN Client Status z SSLYPN P2P Status IPSec Status Services Status Figure 103 SSLVPN Client Status 7 7 SSLVPN P2P Status Navigate through Status Info gt SSLVPN P2P Status It shows the list of SSLVPN P2P gateways connecting Interfaces SSLVPN P2P Status DHCP Leases Fir
11. 6 1 3 User Policies Navigate through Policies gt Firewall gt User Policies UTM allows user to configure their own User Policies according to their need in firewall Create User Policy f w Enable User Policy UserfUser Groups testing1 vw Comments Info Default Policy from admin group Dr Max Reply Size 10000 KB Max Request Size 10000 KB All Blocked Video test_ip Images ED e Figure 53 Create User Policy www allo com Version 2 0 45 UTM User Manual Q a LO Firewall User Policies Enable Order User User Groups Comments Info gt User Policies AV testing2 Default policy for admin group f x M AV testing Default Policy from admin group Add IPS VPN Web Proxy Antivirus Users Figure 54 User Policies 6 1 4 Management Access Navigate through Policies gt Firewall gt Management access Management Access rules define the rules that traffic must meet to happen through an interface When you define rules for outgoing traffic i e LAN Management Access profile they are utilized to the traffic before any other policies are enforced When you define rules for incoming traffic i e WAN Management Access profile they are applied to the traffic before any other policies are applied AAA TI www allo com Version 2 0 46 UTM User Manual Q a LO Add Management Access Enable Disable V Zones Mgmt vlan
12. Web Filter Objects Address Objects 3 Service Groups P Search a Xx Items i to 3 of 3 QUID Service Objects Name Type Comments de Wet Filter Objects Video URI Video web sites x test_ip IP ADDRESS xX Images URI Images website F x e Add Figure 46 Web Filter objects AAA EEE a www allo com Version 2 0 38 UTM User Manual Q a LO 6 Policies 6 1 Firewall Navigate through Policies gt Firewall It filters the inbound and outbound traffic on a network allowing safe amp secure traffic to pass while blocking insecure traffic A firewall is used to maintain a network secure The primary objective is to control the incoming and outgoing network traffic by analyzing the data packets and determining whether it should be allowed through or not based on a configured rule set A network s firewall builds a bridge between an internal network that is assumed to be securing trusted and another network usually an external Untrusted network such as the Internet that is not assumed to be secure and trusted 6 1 1 Firewall Settings Navigate through Policies gt Firewall gt Firewall Settings Firewall Settings allows user to configure TCP connection timeout TCP Session timeout TCP UDP connection Flood Detect Rate in Global firewall Settings Firewall Settings gt Firewall Settings Firewall Mode Routed v 2 Apply Allow ICMP Request from WAN Check IP
13. 22 00 00 2015 A Trust nQual 03 CA out El iti Dec 31 23 59 59 2028 44ACertificateServices cA GMT E diia Apr 13 16 24 22 2028 pr Y ACEDICOMRoot cA ApS El sais Apr 2 21 42 02 2030 r 742 ACRajzCertic maraS 4 CA Sur Jun 4 17 26 39 2029 AOLMemberCA CA MT i azi Sep 22 11 22 02 2030 ActalisAuthenticationRootCA CA SMT E May 30 10 38 31 2020 AddTrustClass1 CARoot CA OMT El May 30 10 45 38 2020 AddTrustExternalC ARoot CA pine E Copyright 201 2 201 6 Unified Threat Manager VYeb Panel All Rights Reserved Figure 15 Built in Certificates 3 7 2 Local Certificates Local which user uploaded certificates in PKCS12 format contains root certificate server certificate and server key Challenge password is the password for extracting uploaded PKCS12 file and New Certificate Name is the name for uploaded certificate Host Config Local Certificates Admin User SSH tems 0 toocoto ICO Web User Interface Certificate Type Expires Time tems 0 toO of0 grop SNMP Challenge Password eeeee Certificates New Certificate Name Shield SSL Proxy Import Certificates DeviceRootCA cer gt Local Import Logging Maintenance Figure 16 Local Certificates www allo com Version 2 0 20 UTM User Manual Q a LO 3 8 Logging Navigate through Device Settings gt Logging Configuring logging server address to where the log information has to be sent like Firewall alerts I
14. Antivirus Client Routes Urari IP Address Netmaik Commsnts nto ooo 55 355 355 e 10200 2552552550 f x Add DHS Primary 1080 1 Secondary Domal Siib Tineort 00 Ib second TumelaTramo O Ebe Dkadk Rove cleat clkatdirecty Figure 73 SSLVPN Server Settings Enable To enable SSLVPN Port Client can use this port to connect www allo com Version 2 0 58 UTM User Manual Q a LO Protocol Sever and client to use protocol UDP TCP Preferred Cipher Suite Cipher used for encrypting of data b w client and server Server Certificate Certificates used server for the connection Compression Enable disable of compressed data Authentication Mode Server and client can communicate in 3 modes Password where Client and Server authentication is done using user name and password User credentials are configured in Users pages Certificate Authentication is performed by using credentials Two factors Authentication is done in both password and certificate mode Max Clients Maximum number of clients that SSLVPN server can connect Client Routes Network on the server side which is accessible for all clients connected Add Client Route IP Address 10 2 0 0 Netmask 255 255 255 0 Comments Info Figure 74 Add Client Route Session Timeout If no traffic b w SSLVPN server and customer Then the client gets disconnected after the Session Tunnel All Traffic Enab
15. DENICO TOUS nta 35 DE SONICS O Oia ias 36 As CCE A A nn NEEE N 37 PONCI S sti dietetica 39 A A o A 39 CLLRS Wa SC ULI Sonia E ooo oleada 39 ama ello lia rep E A E EE A TE E O EEA E OERE E 40 CL Usar PONCIO aa o E E E E A E A EE 45 6 1 4 Management ACCESS iaa OE EEE EENES 46 So Ban awWIdta CONTRO PA A E E EE E A E E E 47 6 1 6 Port Forwarding Destination NAT oonnnnnnnnccccnnccncnnnnncnnnonononanananacnnnnnnonononononono non onnnnananos 50 AA san cueeeceaareenac E E E E E 51 AA nn E E A E A E A E E 52 MRSS Oe gt an e r A e oo O E VE E P A 53 EREA oae EPE A E A e o AP E A coeestaauecnseastes 53 OLIS S UN a ue o OA 54 AE SSS e E 55 B25 CUSTOM N E a E E E E 56 www allo com Version 2 0 5 Q allo UTM User Manual 63 1 SOV PIN Server SSIES arre rara 58 63 2 SSLVPN Client PEON S siesena ran ror EE E TEETAN EE EEEE 60 A o A 61 ARS o sateen seideesas se netecuaiesiartacuens E 63 Bo IP SOC Sec 2 E E E E E E AE iro 64 TEA a T E O E E E E E 65 CANED PTO e o E E E 70 CALP COE O tias 71 01 2 WEP DIOCKINE DAS oria E E AA 73 643 User UTICA OR oasis EDE EE n EEE E EEEE E O 73 6 4 4 Web Cache Management usisni a 74 A e A Gu O 75 PP yA AET sete nome teaeet aio swenee ances 75 6 SLANU A ES RO un peas ouseseats 76 2 A Pe o o 76 so UL TOUD A e a O TN EE E EA E EO 71 Fet Into Ma OM a eaa EN E E E E N E E A 78 UM NOT Ee E E E T E E E T T T T E T T saan 78 O A E T A E EEE E E E EE EAEE EEE E 78 FFEN r E E E o O O E A E Mabn
16. Denied lt h lt p gt lt blockquote lt p 4ccess control configuration prevents your request from being allowed at this time Please contact your service provider if you feel this is incorrect lt p lt p gt Your cache administrator is lt a href mailto w296 4 gt 9w lt a gt lt p gt lt br gt lt div gt lt hr gt lt div id footer gt lt p Generated T by h 963 p gt lt I c gt lt div gt lt body gt lt html gt Figure 89 Web filter blocking page Error page selection It specifies the error page to be displayed when user accesses are denied sites It has Default and Custom By default an error page will be displayed from web proxy standard error page depending on the language selected in Error language in where as in custom error page will be displayed upon the user entered text in the text area Error language in It specifies in which language the error page should be exhibited It will be enabled only in Default error page selection 6 4 3 User Authentication Navigate through Policies gt Web Proxy gt User Authentication Authentication interval It specifies how long the authentication scheme should be valid for the users After the specific interval of time the user is again prompted for authentication Interval range is 10 1440 mins www allo com Version 2 0 73 UTM User Manual Q a LO Firewall User Authentication IPS YPN Authentication Interval 600 in
17. Its ONS ONS Traffic Wan Eaten vpnelient vpnelient 10 0 0 0 24 10 8 0 6 disable disable F x Ed gt SSLVPH Client Profiles testing testing 10 0 0 0 24 10 8 06 disable disable O xXx E Add Web Proxy Antivirus Users Figure 76 SSLVPN Client Profiles 6 3 3 SSLVPN P2P Policies Navigate through Policies gt VPN gt SSLVPN P2P Policies SSLVPN P2P tunnel provides a good communication channel between two gateway VPN firewalls Create SSLVPN P2P Policies Enable Disable v Name sslypn_p2pt Description sslypn p2p Protocol udp Y Mode OPP Server Client Local Gateway Local Tunnel Address Local Port Remote GateWVay 192 168 0 123 Remote Tunnel Address Remote Port Preferred Ciphersuite DES CBC 64 bit vi ES x Cancel Figure 77 Create SSLVPN P2P Policies Protocol and Mode Protocol used to communicate between 2 VPN gateways Protocol UDP www allo com Version 2 0 61 UTM User Manual Q a LO Tunnel can be created in all the 3 modes Mode p2p is selected on 1 gateway then p2p gateway has to select on the remote gateway Mode Server is selected on 1 gateway then the Client has to be configured on the remote gateway Protocol TCP Tunnel can be created in all the 2 modes Mode Server is selected on first gateway then the Client has to be configured on the remote gateway Local Gateway gateway IP of first gateway Local Tunnel Address Virtual tunnel IP Local P
18. Spoofing O Enable Multicast Enable Syn Cookies Flood Detect Rate TCP Connection Flood DetectRate 600 fsecond UDP Connection Flood Detect Rate 550 fsecond ICMP Flood Detect Rate 150 fsecond Ping Flood Detect Rate 200 fsecond Web Proxy TCP Connection Timeout 220 in seconds Antivirus E 3 TCF Session Timeout 360 in seconds Users Figure 47 Firewall Settings www allo com Version 2 0 39 UTM User Manual Q a LO UTM Firewall works in two modes l Routed ll Transparent Routed Mode UTM firewall having LAN Private trusted 8 WAN Public Untrusted networks Routed mode allows traffic coming from private network LAN to Public network WAN without much inspection It will filter and do the deep inspection on whatever the traffic coming from WAN to LAN If any malicious traffic coming from WAN Public network to LAN then UTM Firewall and IPS Intrusion Prevention System will simply drop the particular packet Transparent Mode There are no LAN amp WAN networks it works in bridge mode Transparent mode is typically used to apply the features such as Security Profiles etc on a private network where the UTM unit will be behind an existing firewall or router The characteristics of transparent mode are e The UTM device is invisible to the network e All of its interfaces are on the same subnet and having the IP addresses which are in same network 6 1 2 Firewall Policies Navigate throu
19. TCP_UDP and ICMP Port It specifies the port for protocols like TCP and UDP Eg 22 ICMP type It specifies the type of icmp to be used for the service object Eg Type 0 Echo Reply Service Objects Search El El tems to 20 of 88 QUO Service Objects Protocol Port ICMP Type Information ANY http ports http ports Email Sery Secured SM ftp ports P ix v tems T lto 20 of 88 O Figure 44 Service Objects 5 5 Web Filter objects Navigate through Policy Objects gt Web Filter Objects It narrows down the list of objects which are used in Web Filtering for blocking specific sites using the URL IP Address Keyword and Categories Create Web Filter Objects Add Update Remove Remove Al Comment Ib mages webs te Figure 45 Create Web Filter Objects www allo com Version 2 0 37 UTM User Manual Q a LO Name unique name for web filter objects It ranges from 3 32 characters Eg Videos URL It specifies the URL list which is used in web filtering for blocking the sites mentioned Eg www allo com IP address It specifies the IP addresses of sites to be blocked using web filtering Eg IP address of www google com is 173 194 117 114 Keyword It specifies a list of keywords which are used to block sites based on the keywords listed Eg Face to block Facebook site Categories It specifies a list of categories like ads blog etc Eg Ads Address Groups
20. Y Addresses Mgmt_Network vw Services ANY v 4 Description Figure 55 Add Management Access Management Access Enable Zones Addresses Services Description M LAN LAN NETWORK ANY Policy to E Xx gt Management Access v LAN Mamt Network ANY Pix WAN ANY ANY x Mgmt vlan Mgmt Network ANY x Add IPS VPN Web Proxy Antivirus Users Figure 56 Management Access 6 1 5 Bandwidth control Navigate through Policies gt Firewall gt Bandwidth Control UTM Bandwidth control is designed to minimize the impact caused when the connection is under heavy load Using Bandwidth Control we can assign a specific minimum or maximum bandwidth for each computer which means they have less impact on each other In UTM user can create BW profile in 2 ways www allo com Version 2 0 47 UTM User Manual Q a LO i Priority ii Rate i Priority In Priority type user can select any one of following priority value to configure their BW profile They are o 0 Realtime O 1 Highest O 2 High O 3 Medium High o 4Medium o 5Medium Low O 6 Low O 7 Lowest Add Bandwidth Control Profile D 200 Type Priority Y Priority 6 Low Figure 57 Add Bandwidth Control Profile ii Rate In Rate user can configure BW Bandwidth control profile by ID Min amp Max Download Rate and Min amp Max Upload Rate Rates are in kbps only www allo com Version 2 0 48
21. address hostname lease Start and end time and the expires in MAC IP Address It shows MAC address of connected host IP to DHCP Server and IP address obtained from DHCP server Expires In It demonstrates the length of time over which IP address will lose from DHCP host www allo com Version 2 0 78 UTM User Manual Interfaces gt DHCP Leases Firewall System Log IPS Aerts SSLYPN Client Status SSLVPN P2P Status IPSec Status Services Status DHCP Leases Set Page Refresh Interval 120 Network jetht Y Mac Address 00 17 f7 00 9a 2 00 17 f7 00 8b le 00 13 d3 a7 01 39 00 13 d4 04 02 78 D0 0c 29 d7 fe f5 90 fb a6 18 76 3c 00 17 f7 00 9c a0 D0 17 f7 00 1b 1a IZIRAZAZ AL AZ J IP Address Host Name 10 0 0 9 10 0 0 8 10 0 0 7 10 0 0 6 10 0 0 5 10 0 0 4 vinoth testing 10 0 0 3 10 0 0 2 10 0 0 113 siddappa 2014 12 17 15 23 54 2014 12 29 09 58 14 2014 12 29 09 57 55 2014 12 17 15 47 59 2014 12 17 15 48 48 na 2014 12 17 12 19 45 2014 12 29 09 57 03 na amp Update Jl Refresh 2014 12 17 15 28 54 2014 12 29 10 03 14 2014 12 29 10 02 55 2014 12 17 15 52 59 2014 12 17 15 53 48 na 2019 12 17 12 24 45 2014 12 29 10 02 03 na C allo Search Lease Status expired offline active expired expired static expired offline static offline Figure 97 DHCP Leases 7 3 Firewall 7 3 1 Connection St
22. addresses of the original packet and hides that information from the unprotected network Create IPSec Policy Policy Settings Enable Disable Name Test Mode Y iont O Transport P2P O Road Warrior Local Gateway 192 168 0 103 Local Network 0 0 0 0 Remote Gateway 192 168 0 123 Remote Netwok 0 0 0 0 Description Figure 83 Policy Settings Enable Disable If checked then this policy is deployed Name Enter the Policy name to create IPSec Policy Mode User can select different modes p2p Road warrior depending on these 2 tunnels and transport can be selected Local gateway Gateway IP of the device Local network Network behind the gateway need to be accessed Eg 192 168 0 0 24 aS SS SSS a www allo com Version 2 0 66 UTM User Manual Q a LO Remote gateway user can configure the Remote gateway IP Remote network Remote gateway to be accessed Eg 192 168 1 0 24 IKE Internet Key Exchange To implement a VPN solution with encryption periodic changing of session encryption keys is necessary Failure to change these keys makes the VPN susceptible to brute force decryption attacks IPSec solves the problem with the IKE protocol which makes use of two other protocols to authenticate a crypto peer and to generate keys IKE uses a mathematical algorithm called a Diffie Hellman exchange to generate symmetrical session keys to be used by two crypto peers IKE also manages the negotiation o
23. can use AH ESP mode AH Authentication Header The AH protocol IP protocol 51 forms the other part of IPSec It does not encrypt data in the usual sense by hiding the data but it adds a tamper evident seal to the data It also protects the non mutable fields in the IP header carrying the data which includes the address fields of the IP header The AH protocol should not be used alone when there is a requirement for data confidentiality ESP Encapsulating Security Protocol www allo com Version 2 0 68 UTM User Manual Q a LO The ESP header IP protocol 50 forms the core of the IPSec protocol This protocol in conjunction with an agreed upon set of security Parameters or transform set protects data by rendering it indecipherable This protocol encrypts the data portion of the packet only and uses other protections HMAC for other protections data integrity anti replay and man in the middle Optionally it can also provide for authentication of the protected data Encryption Algorithm User can select the available encryption methods Authentication Algorithm User can select the available authentication algorithm Lifetime User can configure the lifetime for the configured IPSec tunnel If the lifetime configure expires the tunnel become inactive Network This should be configured if in Policy Settings gt Road warrior mode is selected Create IPSec Policy Enable Disable Client IP Pool Max Clie
24. eth LIN F 10 0 0 1 00 0F B7 10 67 9D es 1 Mart etht a0g2 Mgmt 49246844 00 0F 87 10 67 9D a Disk Usage E 11 AA Firewall Status Connections 3 Copyright 2012 2016 Unified Threat Manager Web Panel Al Rights Reserved Figure 6 Dashboard AAA II www allo com Version 2 0 14 UTM User Manual Q a LO 3 Device Settings 3 1 Host Config Navigate through Device Settings gt Host Config Configuring hostname and domain name of the device Host Config Name utm Domain shield com ED Ee Figure 7 Host Config 3 2 Admin User Navigate through Device Settings gt Admin User The user allows for configuring web Ul administrator username and password User can change the web Ul username and password Admin User gt Admin User SSH Username admin Web User Interface Old Password TETT f New Password TELT Time Confirm Password eeeee SNMP Certificates Cancel Logging Maintenance Figure 8 Admin user AAA EEEEETETETTETToTTTT a www allo com Version 2 0 15 O allo UTM User Manual 3 3 SSH Navigate through Device Settings gt SSH Secure SHell SSH is a network protocol for secure data communication remote command line login remote command execution and other secure network services between two networked computers It connects via a secure channel over an insecure network a server and a client running SSH server and SSH Client programs respec
25. making the administration of the UTM unit easier and more intuitive as well as easier to change By configuring these objects with their future use in mind as well as building in accurate descriptions the firewall will become almost self documenting That way months later when a situation changes you can take a look at a policy that needs to change and use a different firewall object to adapt to the new situation rather than build everything new from the ground up to accommodate the change 5 1 Address Groups Navigate through Policy Objects gt Address Groups Address Objects are grouped together to create some policies called as Address Groups Policies can apply to created group itself If you have a number of addresses or address ranges that will commonly be treated the same or require the same security policies you can put them into address groups rather than entering multiple individual addresses in each policy refers to them It saves user time It specifies the group of address objects which includes network address host address address range of hosts etc Group Name It specifies the unique address group name which can be used in Policies like Firewall Policies User Policies etc it ranges from 5 32 characters Eg LAN GROUP www allo com Version 2 0 32 UTM User Manual Q a LO Add Address Group Group Name WPN_Netvwork Address Groups ANY LAN_NETYVYORK VPN_Netvvork Mamt_Netvv
26. used in SSLVPN Authentication and in User Policies for proxy authentication 6 6 1 User Groups Navigate through Policies gt Users gt User Groups We can create user groups as set of users It provides a list of users in the system in which we can configure which user can be selected from the group Create User Groups Group Name Testing Group Value testing testingl testing2 Comments M eo Figure 95 Create User Groups User Group Name Is specifies the user group name which is used in system scheme max 16 characters These user groups are used in SSLVPN Authentication and in User Policies for proxy authentication www allo com Version 2 0 77 UTM User Manual Q a LO 7 Status Information 7 1 Interfaces Navigate through Status Info gt Interfaces UTM Interfaces demonstrate interface s name IP address and their Link status User can Set Update and refresh the interface Page gt Interfaces Interfaces DHCP Leases Firewalt Set Page Refresh Interval 15 W Update f Refresh System Log Name IP Address Link Status IPS Alerts eth 192 168 0 36 UP SSLVPN Client Status eth 10 0 0 1 UP SSLVPN P2P Status eth1 4092 192 168 1 1 UP IPSec Status 127 0 0 1 UP Services Status 11 68 01 LIP Figure 96 Interfaces 7 2 DHCP leases Navigate through Status Info gt DHCP Leases It is used to view all current DHCP leases including IP address MAC
27. 5 255 0 Gateway Primary DNS Secondary DNS Conflict Time in seconds Decline time 3600 in seconds Offer Time in seconds hiax Lease 254 MAC Address IP Address Host Name Enable GS Figure 31 Add DHCP Server Settings Conflict time 60 3600 Decline time 60 3600 Offer time 60 3600 and Max lease 1 125 We can configure static mapping by adding the MAC address of a client the IP address assign to clients hostname to the client and whether to enable this rule or not interfaces DHCP Server Virtual IPs VLAN Config interface WLAN Comments Zones eth1 Default DHCP WAN Load Balancing eth1 4092 Default DHCP g Xx Routing Add DNS gt DHCP Server Dynamic DNS PPPoE Profiles Figure 32 DHCP Server www allo com Version 2 0 29 UTM User Manual Q a LO 4 9 Dynamic DNS Navigate through Network gt Dynamic DNS It is used to configure access to third party dynamic DNS service providers Add DDNS Enable this DDNS Profile w Profile Name dns Provider dyndns v User Name admin Password eeecscecees Cl Show password Domain Name www domain net Service Type Dynamic Y Update period 65 inseconds TES Figure 33 Add DDNS If another Dynamic DNS Profile has been enabled on the WAN interface already you can enable only one Dynamic DNS profile on the WAN interface at a time interfaces Dynamic DNS Vir
28. IPS Alerts Navigate through Status Info gt IPS Alerts It shows alerts generated by the IPS engine with signature ID Signature category and alert message IPS alert shows its Time Stamp information at which alert got triggered Source IP amp Port Destination IP amp Port and Type of protocol whether it is TCP or UDP The user can search particular alert using Search field User can set amp Update refreshes interval and Download IPS alert for further analysis Interfaces IPS Alerts DHCP Leases Firewall Set Page Refresh Interval 15 Gh Update Refresh System Log Download Ips Alert logs 4 Download Ips alert logs IPS Alerts y Search SSLVPN Client Status Category Message Src IP Dst IP Protocol SSLVPN P2P Status IPSec Status Services Status 10 17 14 37 56 482773 10 17 14 37 56 482773 10 17 14 37 56 48 1652 10 17 14 37 56 48 1652 1000000 1010000 1000000 1010000 192 168 0 109 192 168 0 109 192 168 0 109 192 168 0 109 10 0 0 7 10 0 0 7 43358 43358 5904 5901 10 17 14 37 56 478986 1000000 10 17 14 37 56 478486 1010000 10 17 14 37 54 801840 1000000 10 17 14 37 54 801840 1010000 10 17 14 37 54 800742 1000000 10 17 14 37 54 800742 1010000 10 17 14 37 54 798449 1000000 10 17 14 37 54 798449 1010000 10 17 14 37 54 608006 1000000 10 17 14 37 54 608006 1010000 192 168 0 109 43358 192 168 0 109 43858 192 168 0 109 43358 192 168 0 109 43358 10 0 0 7 5901
29. PS alerts VPN alerts etc Host Config L a Admin User 099 Ng SSH Log entries limit 1024 Web User Interface Remote Logging O True False Time Remote Server SNMP Send FW Alerts O True False Certificates Send IPS Alerts O True False Send VPN Alerts O True False gt Logging Send System Alerts O True False Maintenance Send WWebFilter Alerts True False Log Level LOG_SYSLOG 1 Y Log Priority LOG_CRIT M x Cancel Figure 17 Logging 3 9 Maintenance Navigate through Device Settings gt Maintenance This section consists of two parts Administration and Firmware 3 9 1 Administration Navigate through Device Settings gt Maintenance gt Administration It includes restart services which restart all the services in device like IPS VPN etc restart appliance which reboots the device To shut down appliance which turns off the device configuration backup includes www allo com Version 2 0 21 UTM User Manual Q a LO eBackup configuration which provides facility to take back up of current configuration settings eRestore configuration which provides facility to restore the configuration which is provided Host Config Administration Admin User SSH Restart The Services Web User Interface Restart Services idin Restart The Appliance A Restart Appliance Shutdown The Appliance Logging Shutdown Appliance Maintenance l l gt Admini
30. SNMP traps on their own to alert an SNMP manager when they experience a problem a SSS TT EEE a www allo com Version 2 0 18 UTM User Manual Q a LO Create Trap Servers List IP Address 192 168 0 103 Port 160 Community String abc 234 SNMP Version EEN x Cancel Figure 13 Create Trap Servers List Host Conti g SNMP Admin User SSH Enable Disable Web User Interface System Name Shield Time System Location Bangalore gt SNMP System Contact admin shield com Certificates Access Control List Logging Community String 192 168 0 100 255 255 255 0 adeg 123 ROCOMMUNITY Maintenance 192 168 0 103 255 255 255 0 abe 1234 ROCOMMUNITY Add Tap Serwers List Community String SNMP Version 192 168 0 109 adeg 123 192 168 0 103 abe 1234 Add Figure 14 SNMP 3 7 Certificates Navigate through Device Settings gt Certificates In this section includes two sections 3 7 1Built in certificates Built In which includes default root certificates about 200 www allo com Version 2 0 19 UTM User Manual Q a LO Host Config Built in Certificates Admin User SSH tems to 20 of 200 RED Web User Interface Certificate type Expires Time i Sep 14 04 25 12 2024 DeviceRootCA ROOT CA Eep alel gt SNMP i Sep 14 04 25 20 2024 Device WPNServer SERVER BRT A Dd Certificates i Sep 14 04 25 29 2024 ShieldSSLProxy SERVER A 3 gt Built in Aug 17
31. adanseeeaasieanees 79 Jea t COMMOTION Stati TCS iaa 79 EVA A E E E E A E EE E E T 80 133 Bandwidth Usage pEr IP srta cena Nea SEn rainei 80 Te SV e E A o PO II N E A E A TT 81 PAPS A yr o E A E E E E 82 ARA E A 82 TD SIN RAS eos 83 APP o yA 83 ei 84 Bs DISENO SES ciar teve icasda 86 SSS Sa a www allo com Version 2 0 6 O allo UTM User Manual SONS LOOKUP aE eee E eer ee eee ee eee eee 88 e COU WF CS iasceis O E Un A A E A A A A 89 9 REDON Sais 90 FEY e a UU E 90 SS SS E E cei 90 A I E E E O o A 90 A io ra E OR PI E E 90 9 22 rajo ollo pag USA Cossiran enea EEE aTa E eiae 91 SREE SE icc E EEE EA 92 AE UPS AO REDO eii 92 Frequently Asked Questions FAQS ccscsscsscsssscsccsscsccccsscsceccsscsceccescsceccssesceccssesceccssescecceces 93 A ts ers rat O a In III 95 cn a www allo com Version 2 0 7 UTM User Manual Q a LO 1 Introduction 1 1 Overview Shield UTM Appliances is the Unified Threat Management solution that target the security needs for Home SOHO users The appliance provides the integrated Firewall Intrusion Prevention SSLVPN functionalities Unified threat management UTM is an emerging trend in the network security market UTM appliances have evolved from traditional firewall VPN products into a solution with many additional capabilities UTM solutions also provide integrated management monitoring and logging capabilities to streamline deployment and maintenance UTM appliances c
32. alid host address Eg 10 0 0 5 In range of addresses user has to specify start and end address Eg Start IP 10 0 0 5 End IP 10 0 0 8 In Mac address user has to specify a valid Mac address in format Eg 11 22 33 44 55 66 Create Address Object Object Mame Mamt_Network Object Type IP Host yA IP Address 192 168 0 103 Comments iinfo any Figure 39 Create Address Object Address Objects gt Address Objects Service Groups Search B E tens 1 to20 of 89 grop Service Objects Name Type Value Comments Info nc ANY IP HOST 0 0 0 0 ANY 4 X 3 LAN_NETWORK IP NETWORK 10 0 0 0 24 Internal network ox VPN_Network IP NETWORK 11 8 0 0 24 VPN Network X Mamt_Network IP NETVYORK 192 168 1 0 24 Management vlan nets f x DNS_SERVERS IP HOST 10 0 0 1 DNS Servers x _ SMTP_SERVERS IP HOST 10 0 0 5 SMTP Servers sg X g tems 1 to20 of89 QUID a Add Figure 40 Address Objects www allo com Version 2 0 34 UTM User Manual Q a LO 5 3 Service Groups Navigate through Policy Objects gt Service Groups Like Address Objects services can also be bundled into Service groups for ease of administration Ex TCP_Services HTTP FTP SMTP UDP_SERVICES DNS TFTP It designates the group of service targets which includes services like ssh http SMTP etc Group Name It specifies the unique group name which can be used in Policies like Firewall Policies Use
33. atistics Navigate through Status Info gt Firewall gt Connection Statistics It shows UTM Firewall s Rx Tx packets their packet errors packets dropped values and packet collisions User can Set Update and refresh Page It shows list of interface names of UTM e g ethO eth1 AE AAA IN www allo com Version 2 0 79 UTM User Manual Q a LO Interfaces Connection Statistics DHCP Leases Firewall Set Page Refresh Interval 60 Gh Update f Refresh gt Connection Statistics interface Rx Rx Packet Rx Packet Rx Packet Tx Tx Packet Tx Packet Tx Packet Packet Error Dropped Collision Packet Error Dropped Collision lo 1573 0 0 0 1573 0 0 0 System Lo ve s ethO 1751056 0 0 0 22775 0 0 0 IPS Alerts eth 11806 0 0 0 14889 0 0 0 SSLVPN Client Status ethi 4092 0 0 0 0 6 0 0 0 SSLVPN P2P Status tund 0 0 0 0 0 0 0 0 IPSec Status Services Status Figure 98 Connection Statistics 7 3 2 Connection info Navigate through Status Info gt Firewall gt Connection Info The Connection information page shows source IP Source port destination IP and port Connection status Flow Tx Rx packets with size in bytes It also shows connection Status Flow The user can search particular log and even delete the unwanted connection log Interfaces Connections Info DHCP Leases a Set Page Refresh Interval 60 Gh Update SP Refresh Search gt Connections Info Src Port Dest IP
34. b Proxy Enable Disable O Proxy Mode Transparent W Port 3128 gt Proxy Configuration Enable Logging File y v Enable HTTPS Proxy HTTPS Proxy Port 3129 Certificate to be used for proxy signing ShieldSSLProxy Ww A Ep z f Artivirus SSL Control Users Auto SSL SSL TLSv1 Enable Caching EJ Cache Size Proxy Hostname Y Use device hostname Append Domain Name shield com Proxy Admin Email webadmin shield com Authentication x Cancel Figure 88 Web Proxy Proxy Mode We have two modes Transparent and Explicit eTransparent proxy A transparent proxy server is also a caching server but the server is configured in such a way that it eliminates the client side browser side configuration Typically the proxy server resides at the gateway and intercepts the WWW requests port 80 443 etc from the clients and fetches the content for the first time and subsequently replies from its local cache The name Transparent is due to the fact that the client doesn t know that there is a proxy server which mediates their requests eExplicit proxy A regular caching proxy server is a server which listens on a separate port e g 3128 and the clients browsers are configured to send requests for connecting to that port So the proxy server receives the request fetches the content and stores a copy for future use So next time when another client requests for the same webpage the proxy server just replies to the req
35. ce Status It shows UTM important services running Stopped status with description The user can restart the stopped running status and user can set and update refresh interval The service status page indicates service name description name of services and connection status www allo com Version 2 0 84 UTM User Manual Firewall System Log SSLYPN Client Status SSLYPN P2P Status IPSec Status Services Status Set Page Refresh Interval 15 Service IPS SSLWPN IPSEC SNMP SSH WEB NTP DNS SYSLOG DHCP FIRMWARE WEBPROXY SYSSTAT RADIUSD Services Status Description Intrusion Prevention SSLVPN Service IPSec Service SNMP Service SSH Service Web Service Time synchronization Service ONS Forwarder Service Syslog Service DHCP Service Firmware Monitor Service Web Proxy Service System Statistics Reporting Service Radius Authentication Service Figure 106 Service Status Version 2 0 E Update Refresh Stopped Running Running Stopped Running Running Running Running Running Running Running Stopped Running Running C allo Restart Restart Restart Restart S Restat Restart Restart Restat Restart Restart Restart _ Restart Restart Restart S www allo com 85 UTM User Manual Q a LO 8 Diagnost
36. d when the proxy is in explicit mode Authentication schemes eDigest authentication scheme In this scheme the user is authenticated based username and password added in Users Policies gt Users and the admin has to configure User policies Policies gt Firewall gt User Policies to block allow users based on web filter objects and web filter options AAA A www allo com Version 2 0 72 UTM User Manual Q a LO 6 4 2 Web filter blocking page Navigate through Policies gt Web Proxy gt Web filter blocking page Firewall Webfilter Blocking Page IPS VPN Error Page Selection Custom y Web Proxy Error language in lt IDOCTYPE html PUBLIC AMW3CIDTD HTML 4 01EN http arar w3 org TRhtmid strict dtd gt lt himl lt head gt lt meta http equiy Content Type content text bhtml charset utt 8 gt lt title ERROR The requested URL could not be retrieved fitle gt lt style type texticss gt lt I l body lang fa gt Webfilter Blocking Page direction rtl font size 100 font family Tahoma Roya sans serif float right lang he direction rtl gt lt style gt lt head lt body id c gt lt div id t tles gt lt h1 ERRORs h1 gt lt h2 gt The requested URL could not be retrieved h2 lt div gt lt hr gt lt div id content gt lt p Following error was encountered while trying to retrieve the URL lt a href 96U Us as lt p gt lt blockquote id error gt lt p gt lt b gt Access
37. dress ANY v External Service ANY w Comments Info x Cancel Figure 62 Add Source NAT Rule UTM Source NAT changes the source address in the IP header of a packet It may also change the source port in the TCP UDP headers The typical usage is to change the private address port into a public address port for packets leaving your network User can configure SNAT by making use of interface Source amp Destination address Source amp Destination port and External Address port AAA AAA www allo com Version 2 0 51 UTM User Manual Q a LO Source NAT Enable Order interface Source Address Dertination Address Destination Service External Address External Service Commenti v Av eto LAN NETWORI ANY ANY ANY ANY Soc M s A X AV eto VPN Network ANY ith ANY ANY ex Add Figure 63 Source NAT 6 1 8 Static NAT Navigate through Policies gt Firewall gt Static NAT UTM Static NAT changes the source address in the IP header of a packet It also changes the destination address in the IP header of a packet which is coming from the public network User can configure Static NAT by making use of the interface internal address amp port External Address amp port service In Static NAT one internal IP address is always mapped to the same public IP address Add Static NAT Rule Enable Interface eth0 v Internal Address DNS_SERVERS Y Internal Service porti204 v
38. ds it in the graph of CPU usage vs time in seconds CPU Usage during last 1 min Percentage of Usage vs time in sec gt System Usage Firewall WebrFilter IPS Memory Usage during last 1 min Percentage of Usage vs time in sec 106 80 60 Figure 113 System Usage 9 2 Firewall A real time view of the firewall logs with some filtering options 9 2 1 Internet Usage Navigate through Reports gt Firewall gt Internet usage It shows the internet usage of IP in graph format And also shows top 25 IP connections and their usage of Upstream amp Downstream in KB www allo com Version 2 0 90 UTM User Manual Q a LO S yste m Top 25 connections Ho of Connections per IP Firewall Internet Usage Web Filter IPS o gt Internet Usage Downstream Usage in KB per IP Figure 114 Internet Usage 9 2 2 Bandwidth Usage Navigate through Reports gt Firewall gt Bandwidth usage It shows WAN bandwidth usage in graphs System WAN Bandwidth Usage during last 1 min Percentage of Usage vs time in sec Firewall 108 80 gt Bandwidth Usage 60 WebfFilter 40 IPS Figure 115 Bandwidth Usage www allo com Version 2 0 91 UTM User Manual Q a LO 9 3 Web filter Navigate through Reports gt Web filter It displays the web filter log viewer running in real time mode User can refresh reports and go to web filters main page S yst em WebFilter Reports Fir
39. e 2 letter code State or Province Name full name Locality Name eq city Organization Name eg company Organizational Unit Name eq section Common Name eg YOUR name Email Address IN karnataka Bangalore cem RED testing testing G gmail com t Generate Close Figure 79 Regenerate Client Certificate www allo com Version 2 0 63 UTM User Manual Q a LO Firewall Clients Certificates Generate Client Certificates Click here to generate download the certificate for the clients Certificate testing P 9 x testing 13 X gt Client Certificates Web Proxy Antivirus Users Figure 80 Clients Certificates 6 3 5 IPSec Settings Navigate through Policies gt VPN gt IPSec Settings The IPSec provides a method to manage authentication and data protection between multiple crypto peers engaging in secure data transfer It includes the Internet Security Association and Key Management Protocol ISAKMP Oakley and two IPSec IPSec protocols Encapsulating Security Protocol ESP and Authentication Header AH IPSec uses symmetrical encryption algorithms for data protection Symmetrical encryption algorithms are more efficient and easier to implement in hardware These algorithms need a secure method of key exchange to ensure data protection Internet Key Exchange IKE ISAKMP Oakley protocols provide this capability If this is enabled then IPSec policies are appli
40. e field enter a server name Click the Lookup button The results of the lookup action are displayed in a new screen To return to the Diagnostics screen click back on the browser menu bar Diagnostics DNS Lookup Ping Trace Route DNS Server 4 492 168 0 5 gt DNS Lookup DNS Server 2 DNS Sener Lookup Name or IP ww google com Result Sener 192 168 0 5 Address 1 192 168 0 5 server cemsol local Name wwgoogle com Address 1 2404 5800 4009 304 1011 bom03s02 in x11 1e100 net Address 2 74 125 236 148 bom03s02 in f20 1e100 net Address 3 74 125 236 145 bom03502 in 117 1e100 net Address 4 74 125 236 14 bom03 02 in 116 1e100 net Address 5 74 125 236 146 bom03s02 in f18 1e100 net Figure 111 DNS Lookup www allo com Version 2 0 88 UTM User Manual Q a LO 8 5 Packet Trace Navigate through Diagnostics gt Packet Trace It gives detailed information about the trace of packets in UTM with description message and time stamp User can download the packet trace for further analysis Download Firewall Logs Download Firewall Packet Trace Logs Figure 112 Packet Trace AAA EEETETETETTTToTTTTTTL a www allo com Version 2 0 89 UTM User Manual Q a LO 9 Reports 9 1 System It provides Simple logging information for the internal system services 9 1 1System usage Navigate through Reports gt System gt System usage It shows the CPU usage of device during last 1 minute and recor
41. e of Contents PAO OU UNS MANU optan cian 3 DOCUMent CONVENTION e eee cen er een nee ree eee rn ee er re re eee er 3 SCO OGIO HAO IA O Meson EE 3 RR A rn PI EE 8 O AR Po o 8 L2 a e OI 9 LEI Men SEB U CLUE anno a ias 10 SAP o oa 10 EA A on crap E 10 1 4 Initial Setup ConfiguratiON oocccccnccnnononononacononaronnonacononarononaronnonrononarononanonnonnnnnenaranenanons 11 14 1 Connecting the Fal Wall Bss 11 1 4 2 NetWork DePIO Me usas 12 LAS COomectUTNPIrW losa canso apics adas 13 0 AA E O O 14 Be DEVICES SETI urea 15 SL HOST COMO diera 15 SZ PIMA E A 15 y A o E EE A E E 16 3 4 Web User Interface cssccccccssssseeccccscsssecccescnsssaccccscasssescesscasseescessoaseeescessnasseseeesouaseases 16 te WMS e e e E T 17 SO IU rea 18 SE alero PAR O EAE oo A 19 Sl BUM Cert iCal ocios 19 Ao ts A E E E E 20 Bi OS BNE no a Un E II A 21 Be Manten ande cuota deco cai de E E init spedads 21 0 A o In E EEE E E E EE 21 IO A A A o A 22 a o E ENER 23 ra WINS Wl OS OPERA ROO nn II asaseemeesata moe 23 www allo com Version 2 0 4 UTM User Manual Q a LO oe e e senegssatesarvedaeateateseacut ene atesachs 23 o VEAN COMM sra 24 AA LOMO E E E E E E E T T E E E 25 IO WANTON BIAC E ae E E E EEE E NE 26 AO ROUNO O E E 27 TOLERO CS aa E EE E E E E 27 AF DNS ceee E E E E E E 28 A PP e A 28 AS DINAMICO NS bie 30 o o A II 31 PONV ODOTE ra io oo E 32 ojo Eolo O arn ert ee un 32 SLAA iO DI Sri ita 33 eS
42. ed www allo com Version 2 0 64 UTM User Manual Q a LO Firewall IPSec Settings Enable Disable gt IPSec Settings Figure 81 IPSec Settings Click on the save button the message will prompt your IPSec Settings are saved successfully Message v IPSec Settings saved successfully Ok Figure 82 Save the IPSec Settings 6 3 6 IPSec Policies Navigate through Policies gt VPN gt IPSec Policies Policy settings tab IPSec Modes IPSec has the following two modes of forwarding data across a network e Tunnel mode e Transport mode Each differs in its application as well as the amount of overhead added to the passenger packet These modes are described in more detail in the next two sections Tunnel Mode www allo com Version 2 0 65 O allo It works by encapsulating and protecting an entire IP packet Because tunnel mode encapsulates UTM User Manual or hides the IP header of the pre encrypted packet a new IP header is added so that the packet can be successfully forwarded The encrypting devices themselves own the IP addresses used in this new header It can be configured with either or both IPSec protocols ESP and AH Tunnel mode results in additional packet expansion of approximately 20 bytes because of the new IP header Tunnel mode is widely considered more secure and flexible than transport mode IPSec tunnel mode encrypts the source and destination IP
43. erface and how to use it to accomplish common tasks This manual also describes the underlying assumptions and users make the underlying data model Document Conventions In this manual certain words are represented in different fonts typefaces sizes and weights This highlighting is systematic different words are represented in the same style to indicate their inclusion in a specific category Additionally this document has different strategies to draw User attention to certain pieces of information In order of how critical the information is to your system these items are marked as a note tip important caution or warning Icon Purpose MN Note ais Tip Best Practice dd Important Caution A Warning e Bold indicates the name of the menu items options dialog boxes windows and functions e The color blue with underline is used to indicate cross references and hyperlinks e Numbered Paragraphs Numbered paragraphs are used to indicate tasks that need to be carried out Text in paragraphs without numbering represents ordinary information e The Courier font indicates a command sequence file type URL Folder File name e g www allo com Support Information Every effort has been made to ensure the accuracy of the document If you have comments questions or ideas regarding the document contact online support http support allo com www allo com Version 2 0 3 UTM User Manual Q a LO Tabl
44. es Application Control The online threat to productivity and security in your organization has evolved beyond simple web traffic Problematic applications such as Bit Torrent Skype and TOR can compromise available bandwidth and expose you to inappropriate and illegal activity Using protocols are not identified by conventional web filters these types of applications are difficult to stop Shield UTM allows you to stop this traffic at the gateway itself www allo com Version 2 0 42 UTM User Manual Q a LO Edit Policy Settings Enable Source Address LAN_NETWORK Y Application Control Enable Application Control _ Block Proxy C Block Java Block Activex Block Cookies All Blocked fi 00ba0 A 100ba0 2 aim IIL 7 J am aimwebcontent 3 almwebcontent A applejuice 7 applejuice ares ares armagetron lt armagetron F audiogalaxy audiogalaxy battlefield1942 lt _ battlefield1 942 battlefield21 42 Y hattlefield2 v E Figure 50 Application Control Web Filtering A Web filter is a program that can screen an incoming Web page to determine whether some or all of it should not be displayed to the user The filter checks the origin or content of a Web page against a set of rules provided by company or person who has installed the Web filter It allows an enterprise or individual user to block out pages from Web sites that are likely to i
45. es defining the Internet UDP is a communications protocol that offers a limited amount of service when messages are exchanged between computers in a network that uses the Internet Protocol IP UDP is an alternative to the Transmission Control Protocol TCP and together with IP is sometimes referred to as UDP IP TCP IP is the suite of communications protocols used to connect hosts on the Internet TCP IP uses several protocols the two main ones being TCP and IP A VLAN has the same attributes as a physical local area network LAN but it allows for end stations to be grouped together more easily even if they are not on the same network switch VLAN membership can be configured through software instead of physically relocating devices or connections It is a group of computers and associated devices that share a common communications line or wireless link Typically connected devices share the resources of a single processor or server within a small geographic area It s a geographically dispersed telecommunications network The term distinguishes a broader telecommunication structure from a local area network LAN A virtual IP address VIP or VIPA is an IP address that doesn t correspond to an actual physical network interface port Uses for VIPs include Network Address Translation especially One to many NAT fault tolerance and mobility Version 2 0 98 Thank you for choosing allo Adarsh Eco Place
46. ewall Web Filter Refresh Reports Web Filter Reports Main Page WebFilter Index Top sites Site 4 Users Denied Accesses Period 2014 Oct 08 Top 100 sites NUM ACCESSED SITE CONNECT BYTES TIME USERS __4 safebrowsing cache google com 5 14848 __ 2 satebrowsing clients google com 1 1298 o al _ 3luwwugoogle co in 1 769 0 00 02 41 dlumuwgoogle com 873 0 00 04 4 Figure 116 Web filter 9 4 IPS Alert Reports Navigate through Reports gt IPS Alert Reports It shows top 25 signatures hit per IP in the graph It also shows top 25 signature categories per IP amp Top IP source alerts a EE SSS TN EEEETETETETTETETETTTTTTTTTT a www allo com Version 2 0 92 O allo UTM User Manual Frequently Asked Questions FAQs What are unified threat management UTM devices It s an approach for security management that allows an administrator to monitor and manage a wide variety of security related applications and infrastructure components through a single management console UTM devices combine an Intrusion Prevention System IPS Web filtering Firewall and antivirus into a single hardware platform What is Network Security How UTM gives security to Network Network Security consists of the providers and policies adopted by a network administrator to prevent and monitor unauthorized access misuse modification or denial of a computer network and network accessible res
47. ewall Set Page Refresh Interval 15 Update f Refresh System Log Local Gateway Remote Gateway TX Bytes RX Bytes Update Bytes IPS Alerts 192 168 0 103 192 168 0 123 o 540 Fri Oct 17 14 24 49 2014 SSLVPN Client Status gt SSLVPH P2P Status IPSec Status Services Status Figure 104 SSLVPN P2P Status 7 8 IPSec Status Navigate through Status Info gt IPSec Status IPSec Status shows the list of clients connected to IPSec with IP destination of the Local gateway the IP address of remote gateway transport type mode of connection and connection state In UTM an algorithm is a mathematical procedure that manipulates data to encrypt and decrypt it Created On designates the time at which connection established and byte transacted counts in bytes www allo com Version 2 0 83 UTM User Manual Q a LO Interfaces IPSec Status DHCP Leases Firewall Set Page Refresh Interval 15 S Update Refresh System Log Local Gateway Remote Gateway Transport Mode Algorithm Created On Bytes Transacted IPS Alerts 192 168 0 103 192 168 0 123 esp transport 3des cbchmac md mature Oct 17 14 19 01 2014 B4bytes Disconnect SSLYPN Client Status 192 168 0 123 192 168 0 103 esp transport 3des cbeshmac md5 mature Oct 17 14 19 01 2014 fd bytes Disconnect SSLYPN P2P Status E gt IPSec Status Figure 105 IPSec Settings 7 9 Service Status Navigate through Status Info gt Servi
48. f other security parameters such as the data to be protected the strength of the keys the hash methods used and whether the packets are protected from anti replay ISAKMP normally uses UDP port 500 as both the source and destination port Create IPSec Policy Policy Settings IKE IPSec Network Advanced Exchange Mode main v IKE Fragmentation Enable Disable Esp Fragmentation 5 bytes Lifetime 5 in minutes Encryption Algorithm DES v Hash Algorithm MDS vw Authentication PreSharedKey v Preshared key arar Ushow password DH Group 4 vw J Figure 84 Create IPSec Policy IKE Exchange Mode Main and aggressive mode is sustained IKE Fragmentation User can either enable or disable the Fragmentation ESP fragmentation User can configure the ESP fragmentation Lifetime Time after the renegotiation of phase 2 happens Encryption Algorithm Encryption algorithm used during phase 1 negotiation E www allo com Version 2 0 67 UTM User Manual Q a LO Hash Algorithm User can select either MD5 or SHA1 algorithm from the dropdown menu Authentication Supports 4 types of authentication and depending of authentication selected need to configure the field IPSec Create IPSec Policy Transport Encryption Algorithm CAST128 AESI28 pu Authentication Algorithm SHA1 AUTH_NONE Lifetime in minutes Enable PFS PFS Group Figure 85 Create IPSec Policy IPSec Transport
49. fig Value Comments Info gt Zones eth1 LAN Zone WAN Load Balancing WAN ethO WAN Zone SS x xX Xx Routing Mamt vlan eth1 4092 Management vlan zone DNS Add DHCP Server Dynamic DNS PPPoE Profiles Figure 26 Zones 4 5 WAN Load Balancing Navigate through Network gt WAN Load Balancing UTM has the ability to balance traffic across two WAN links without using complex routing protocols It uses following 4 techniques to balance load across two WAN e Active Failover e Round Robin e Spill over e Weight based User can make use of any above Load balancing technique for managing their network traffic www allo com Version 2 0 26 UTM User Manual Q a LO Interfaces WAN Load Balancing Virtual IPs VLAN Config Primary WAN ethO v Zones Secondary WAN ethO v PWAN Load Balancing Balai None Y Routing ONS Dynamic ONS PPPoE Profiles Figure 27 Web Load Balancing 4 6 Routing 4 6 1 Static Routes Navigate through Network gt Routing gt Static Routes We configure routes to the destination network by specifying destination address net mask and metric value 0 31 Gateway is optional Create Route Destination 192 168 1 2 Netmask 255 955 255 255 Gateway Metric q Interface eth m Comments Into Route to Management vlan J Ce ee Figure 28 Routing www allo com Version 2 0 27 UTM User Manual Q a LO
50. gh Policies gt Firewall gt Firewall Policies e The default policy configuration of the UTM Firewall allows all connections from LAN to WAN e To check Modify Navigate to Policies gt Firewall Policies gt LAN gt Edit gt Policy Setting gt You can see here Destination Zone WAN Action Allow Direction OUTBOUND www allo com Version 2 0 40 Q allo UTM User Manual Edit Firewall Policy Enable FWPolicy Source Zone LAN i Comments Info Policy Settings Enable Order Service Source Address Destination Zone Destination Address Action Direction AV any LAN_NETWORK WAN ANY Allow T P R Add Figure 48 Edit Firewall Policy Click Edit button user can edit the preconfigured firewall rules according to user network structure Policy Rules User can configure policy rules by making use of created address objects and Service objects For example if user wants to block SSH from host 192 168 0 25 then user has to create address object for 192 168 0 25 and service object SSH AAA II www allo com Version 2 0 41 UTM User Manual Q a LO Create Policy Settings Enable Source Address RajPC Policy Rules Destination Zone WAN Y Destination Address ANY v C Negate Service ssh Y C Negate Direction OUTBOUND Action Allow Deny Bandwidth Control Profile None Y Enable Log ivi Figure 49 Create Policy Rul
51. h as the Internet FTP is built on client server architecture and uses separate control and data connections between the client and the server Version 2 0 96 UTM User Manual File Protocol TFTP Trivial Transfer SMTP Simple Mail Transfer Protocol SSL Secure Socket Layer IP Internet Protocol MAC Media Access Control ICMP Control Internet Message Protocol IMAP Message Internet Access Protocol POP3 Post office Protocol version 3 www allo com C allo Definition It s a simple lock step file transfer protocol which allows a client to get from or put a file onto a remote host One of its primary uses is in the early stages of nodes booting from a Local Area Network A protocol for sending e mail messages between servers Most e mail systems that send mail over the Internet use SMTP to send messages from one server to another the messages can then be retrieved with an e mail client using either POP or IMAP It is the standard security technology for establishing an encrypted link between a web server and a browser This link ensures that all data passed between the web server and browsers remain private and integral It is a set of rules governing the format of data sent over the Internet or other network The Internet Protocol IP is the method or protocol by which data is sent from one computer to another on the internet Each computer known as a host on the Internet ha
52. ics 8 1 Diagnostics Report The diagnostics page will allow the administrator to gather the troubleshooting logs which will help allo Support team in debugging any issues faced with UTM deployment setup To run the utility on the device the administrator needs to click the Run diagnostics button The device will run the diagnostics task in the backend and display the results once the task is complete The administrator can download the reports by clicking the Get Report button and send the report to allo Support team Note You can submit through support ticket http support allo com gt Diagnostics Diagnostics Report Ping Trace Route Run Diagnostics Get Report DNS Lookup Result Packet Trace Hostname utm Figure 107 Diagnostics Report Download Diagnostics File x e Download Diagnostics Figure 108 Download Diagnostics File www allo com Version 2 0 86 UTM User Manual Q a LO 8 2 Ping Navigate through Diagnostics gt Ping The administrator can troubleshoot the network connectivity issues with running ping from the UTM device The administrator needs to enter the IP address that needs to be pinged from the UTM appliance ping count and click the Ping button to run the task The ping results will be displayed in the text area once the ping task is complete Ping gt Ping Trace Route Host 192 168 0 36 DNS Lookup Interface ethd y
53. ions 1800 Per Second PA www allo com Version 2 0 9 UTM User Manual Q a LO Notification LEDs On the front panel of the UTM 1 3 Equipment Structure 1 3 1 UTM Rear View Power Reset e USB Console LAN 3 LAN 2 Figure 1 UTM Rear View 1 3 2 UTM Front View alllo ANI O LAN 1 00 ee De PU cep 9 6 2 e o rewer Figure 2 UTM Front View www allo com Version 2 0 10 UTM User Manual Q a LO 1 4 Initial Setup Configuration 1 4 1 Connecting the Hardware Ethernet Cable Hardware Reset Button Power Adapter Console Cable Figure 3 Connecting the Hardware www allo com Version 2 0 11 UTM User Manual Q a LO 1 4 2 Network Deployment internet ISP Router UTM Firewall Switch Local Area Network 10 0 0 0 24 Figure 4 Network Deployment Default Configuration Ethernet Port IP Address LAN 0 3 gt Schl EON ENE 2 AS AS NO ON Management VLAN 192 168 L L 2550 2353 23360 Accessible via Ports www allo com Version 2 0 12 UTM User Manual Q a LO Management Service Default Credentials Web UI admin admin 1 4 3 Connect UTM Firewall e Connect the appliance to the power socket using the power cable e Connect the PC to one of the LAN ports of the Appliance e Your PC will get an IP address from 10 0 0 0 24 subnet e You can access the Configuration management WebUl from the browser on the PC w
54. ith the URL http 10 0 0 1 or http 192 168 1 1 e The recommended browsers for accessing UTM 1 0 WebUI is Mozilla Firefox Internet Explorer 8 and above e Accept the Self signed SSL Certificate and Login to the UTM appliance using default Web UI credentials ALL MUCUS nified Threat Z Manager 2 y EST Figure 5 UTM Login page e WebUI is running on the secure http server Accessing http 10 0 0 1 or http 192 168 1 1 will redirect to https 10 0 0 1 or https 192 168 1 1 www allo com Version 2 0 13 C allo UTM User Manual 2 Dashboard On logging into the UTM WebuUl the dashboard will be shown The user can visit the dashboard page from the any configuration page in the UTM Webul by clicking the UTM Product Icon that appears in the left corner of the Top panel The Dashboard shows memory usage CPU usage uptime of the device a list of all interfaces with their IP address and status etc IGNORE CHANGES Y Unified Threat K 0 LA g 3 Q E El N in NY Manager ny Device Settings Network Policy Objects Policies Status Info Diagnostics Reports System Summary System Summary System Status Firmware Version Q Version 1 2 0 UTM1_2 dev WK38_Sun_21Sep2014 1725_50xx_bld Up Time 1 day Memory Usage Network Status Le 59 Interface Zone Status Device IP LAN MAC Gateway eth WAN fT 192 188 0 103 00 0F B 10 67 30 192 168 0 254 CPU Usage Perera
55. l Users Figure 67 IPS Settings www allo com Version 2 0 54 UTM User Manual Q a LO 6 2 2 Signature Settings Navigate through Policies gt IPS gt Signature Settings UTM user can change signature policy actions by selecting edit Buttons He can change policy action to Prevent Inspect Disable in GUI UTM user can have flexibility to change policy actions by following ways e ByID e By Category e By Severity By ID Firewall IPS Signature Settings IPS f Reset Signature Settings gt Signature Settings VPN Lookup Signature ID a 3 items to 5 of 5 Eor Web Proxy Category Name Signature Name Policy Action Severity TOS successtul user EXPLOIT KIT Possible exploit kit post compromise activity StrRewerse o PREVENT SEVERE EXPLOIT KI mere successful user EXPLOIT KIT Crimepack exploit kit postexploit download request o PREVENT SEVERE EXPLOIT KI successful user EXPLOIT KIT Possible exploit kit post compromise activity taskkill o PREVENT SEVERE EXPLOIT KI successful user EXPLOIT KIT Phoenix exploit kit post compromise behavior o PREVENT SEVERE EXPLOIT KI successful user INDICATOR COMPROMISE successful cross site scripting forced download attempt PREVENT SEVERE INDICATOR J Figure 68 Signature Setting by ID By Category AAA TN EEEETETETEToETToEToT a www allo com Version 2 0 55 UTM User Manual Firewall IPS gt Signature Settings VPN Web Proxy An
56. l location VLANs have the same attributes as a physical LAN but allow you to group end stations even if they are not located physically on the same LAN segment The user can configure Virtual Local Area Network VLAN by providing information like Tag ID which specifies unique tag id for each VLAN interface name to be selected VLAN routing IP address and net mask for VLAN whether to enable DHCP for VLAN By default management VLAN is added to the device www allo com Version 2 0 24 UTM User Manual Q a LO Create VLAN Tag ID 4093 Interface ethO v VLAN Routing M IPAddress 192 168 1 1 Metmask 255 255 255 0 Enable DHCP Serv True 3 False Comments Into Management vlan ES f x Cancel Figure 23 Create VLAN Interfaces VLAN Config Virtual IPs gt VLAN Config Tag ID interface VLAN Routing Comments Info Zones 4092 eth O Management Vian WAN Load Balancing e Add Routing DNS DHCP Server Dynamic DNS PPPoE Profiles Figure 24 VLAN Config 4 4 Zones Navigate through Network gt Zones UTM zones are used to create any area that is separated from another It allows user to create their individual LAN and WAN Zone according to their network environment naturally www allo com Version 2 0 25 C allo UTM User Manual Create Zone Comments Info LAN Zone Figure 25 Create Zone interfaces Virtual IPs VLAN Con
57. le Disable all the traffic from client side need to be passed via SSLVPN server Route client to client directly If checked then client connected with SSLVPN server can communicate with each other www allo com Version 2 0 59 UTM User Manual Q a LO 6 3 2 SSLVPN Client Profiles Navigate through Policies gt VPN gt SSLVPN Client Profiles The Customer demands to be plugged in and configured here Configure SSLVPN Client Profile User Name testing Common Name testing Remote Nets Push Nets 10 0 0 0 24 Static IP 10 8 0 6 Primary DNS secondary DNS Allow Deny Enable access via Secondary Wan MMM Enable Tunnel all traffice Figure 75 Configure SSLVPN Client Profile User Name Select the username to be configured The user is added in Users tab Remote Nets Clients side network to be accessed via server side Push Nets Server side network to be accessed from configured user Static IP Assigning IP to the user Allo Deny if checked the this user is authenticated Enable access via Secondary WAN If the dual WAN is enabled then the customer can relate with any of the one side applied in multiple WANs Enable Tunnel all traffic if checked all the traffic for this user is sent via SSLVPN server www allo com Version 2 0 60 UTM User Manual Q a LO Firewall SSLVPN Client Profiles User Common Remote i Static Primary Secondary Tunnel Via Secondary y Name Name Nets UE
58. malware of various flavors Currently the malware that is most common in the Internet in descending order is Trojan horses viruses worms adware back door exploits spyware and other variations UTM antivirus filter works by inspecting the traffic that is transmitted through it Enable It specifies whether to enable Antivirus on the device or not It will be applied to all the firewall policies when this option in enabled www allo com Version 2 0 75 UTM User Manual Q a LO 6 5 1 Anti Virus Settings Navigate through Policies gt Antivirus gt Antivirus Settings Firewall F Antivirus Settings IPS VPN Enable Disable Web Proxy Antivirus ES x Cancel 3 Antivirus Settings Figure 93 Anti Virus Settings 6 6 Users Navigate through Policies gt Users In this section we can create users to system by configuring username and password Create User Info Username Testing 2 Password eeeeseeees CI Show password Confirm Password eeseseeseseses Enable Disable Comments Info x Cancel Figure 94 Create User Information Username It specifies the username 5 32 characters Password It specifies the password for the current user Password must be about 8 32 characters with at least one numeric and one special character Enable Disable it specifies whether to allow or deny the user www allo com Version 2 0 76 UTM User Manual Q a LO These users are
59. mins 2 User Authentication Antivirus Users Figure 90 User Authentication 6 4 4 Web Cache Management Navigate through Policies gt Web Proxy gt Web Cache Management Clear web cache It specifies to clear the web cache contents present on secondary device Firewall Web Cache Management IPS VPN Clear Web Cache Web Proxy x Cancel gt Web Cache Management Figure 91 Web Cache Management www allo com Version 2 0 74 UTM User Manual Q a LO 6 4 5 External Proxy Navigate through Policies gt Web Proxy gt External Proxy Firewall External Proxy IPS VPN Use External Proxy Web Proxy Proxy IP HTTP Port 3128 Enable HTTPS Port HTTPS Port 3129 ml Save x Cancel gt External Proxy Figure 92 External Proxy Use External Proxy It specifies to use the external proxy which is running on a remote system Proxy IP It specifies the remote system IP address where the proxy is running Eg 10 0 0 5 HTTP Port It specifies the HTTP port of external proxy on the remote system Enable HTTPS Port It specifies whether to enable HTTPS proxy form external proxy HTTPS Port This will be used when we enable HTTPS Port option It specifies the HTTPS port of external proxy 6 5 Anti Virus Navigate through Policies gt Antivirus Anti virus is computer software Program used to prevent detect and remove malicious software Internet can be a dangerous place filled with
60. nclude objectionable advertising pornographic content Spyware Viruses and other objectionable content Vendors of Web filters claim that their products will reduce recreational Internet surfing among employees and secure networks from Web based threats www allo com Version 2 0 43 UTM User Manual Q a LO Create Policy Settings Enable Source Address _LAN_NETWORK Y Web Filtering Enable Web Filtering V Use External Proxy AllowSSL V Enable logging Max Reply Size 10000 KB Max Request Size 250000 KB All Blocked Video z Video Pam lt E lt lt Figure 51 Web Filtering The Web filter works primarily by looking at the destination location request for a HTTP S request made by the sending computer If the URL is on a list that you have configured to list unwanted sites the connection will be disallowed If the site is part of a category then user can configured to deny connections to the session User can also configure the content filter to check for specific key strings of data on the actual web site and if any of those strings of data appear the connection will not be allowed www allo com Version 2 0 44 UTM User Manual Q a LO Firewall Policies Firewall Policies Enable Order Zone Comments Info O defaults Web Prox y Antivirus ABS Rs Ss eS Mm Users MY AAA MAA IA ee Be x S XxXXxXXXXXXXX O Figure 52 Firewall Policies
61. not identified by conventional web filters these types of applications are difficult to stop Shield UTM allows you to stop this traffic at the gateway itself What user authentication methods are supported by shield UTM PAP Password Authentication Protocol Il CHAP Challenge Authentication Protocol lI RADIUS Authentication etc www allo com Version 2 0 94 UTM User Manual Glossary Term BPS Bit per Second SSH Secure SHell HTTP Hyper Text Transport Protocol HTTPS Hyper Text Transport Protocol over Secure Socket Layer VPN Virtual Private Networks IPSec Protocol Internet Security SSLVPN Socket Layer Virtual Secure Private Network NTP Network Timing Protocol SNMP Simple www allo com O allo Definition The bit sec is a common measure of data speed for computer modems and transmission carriers It works on TCP protocol amp Port number is 22 sometimes known as Secure Socket Shell It is a UNIX based command interface and protocol for securely getting access to a remote computer It works on TCP protocol Port number is 80 The Hypertext Transfer Protocol HTTP is an application protocol for distributed collaborative hypermedia information systems HTTP is the foundation of data communication for the World Wide Web Hypertext is structured text that uses logical links hyperlinks between nodes containing text It stands for Hypertext Transfer Pro
62. nt Client Routes DNS WIN Pfs Group Figure 86 Create IPSec Policy Network Client IP Pool User can assign IP Pool for clients E g 10 0 0 3 10 0 0 35 Client Routes User can specify the client routes E g 10 0 0 0 255 255 255 0 Sa SS SSS EEES www allo com Version 2 0 69 O allo UTM User Manual DNS User can configure the DNS server for IPSec Policy E g 10 0 0 1 WIN User can configure the WIN server for IPSec Policy E g 10 0 0 254 Pfs Group User can select the Pfs group value from the dropdown menu Advanced Create IPSec Policy Advanced Enable compression deflate v Nat Traversal off vO Enable Dead Peer Detection DPD Delay 60 in seconds DPD Retry 60 in seconds DPD Maxtfail 70 in seconds J Figure 87 Create IPSec Policy Advanced Enable compression deflate is a compression algorithm used to compress traffic Nat Traversal This feature can be enabling or disable by selecting viable options 6 4 Web Proxy Navigate through Policies gt Web Proxy Web proxy is a caching proxy for the Web supporting HTTP HTTPS It reduces bandwidth and improves response times by caching and reusing frequently requested web pages Web proxy has extensive access controls and makes a great server accelerator AAA II www allo com Version 2 0 70 UTM User Manual Q a LO 6 4 1 Proxy Configuration Navigate through Policies gt Web Proxy gt Proxy Configuration We
63. o Definition Devices that typically support SNMP include routers switches servers workstations printers modem racks and more DNS is the Internet s equivalent of a phone book They maintain a directory of domain names and translate them to Internet Protocol IP addresses This is necessary because although domain names are easy for people to remember computers or machines access websites based on IP addresses It is a specification for connecting multiple computer users on an Ethernet local area network to a remote site through common customer premises equipment which is the telephone company s term for a modem and similar devices It s an authentication protocol that uses a password PAP is used by Point to Point Protocol to validate users before allowing them access to server resources Almost all network operating system remote servers support PAP In computing it authenticates a user or network host to an authenticating entity This is a signaling communications protocol widely used for controlling multimedia communication sessions such as voice and video calls over Internet Protocol IP networks It is a standardized network protocol used on Internet Protocol IP networks for dynamically distributing network configuration parameters such as IP addresses for interfaces and services This is a standard network protocol used to transfer computer files from one host to another host over a TCP based network suc
64. o add signatures Export Signatures and preview signatures www allo com Version 2 0 56 UTM User Manual Q a LO When adding any new signatures user just makes use of available options to customize their signatures ADD Custom Signature Signature Id 1000000 Signature Name Gmail_detected Severity SEVERE W Direction toDest v Action Inspect v Alert Description Gmail_detected Reference Signature Type GENERAL Signature Attributes Source Address v ANY Source Port ANY resol ANY DestinatiomPort ANY Protocol Type TCP e Flow None vw None None None tio E _ ___ _ A F No Case F Rawbytes Depth Offset ES Figure 71 Add Custom Signature Firewall Custom Signatures IPS Signature ID Signature Name Policy Action Severity Signature Type Direction 1010000 yahoo_detected Q Inspect SEVERE GENERAL toDest zzz Yahoo detected f x g Custom Signatures 1000000 Gmail_detected Q Inspect SEVERE GENERAL toDest Gmail detected VPN Web Proxy Add y Export Preview Antivirus Users Figure 72 Custom Signatures 6 3 VPN Navigate through Policies gt VPN A virtual private network VPN tunnel provides a secure communication channel either between two gateway VPN firewalls or between a remote VPN client and gateway VPN firewall As a www allo com Version 2 0 57
65. ombine firewall gateway anti virus and intrusion detection and prevention capabilities into a single Platform UTM is designed protect users from blended threats while reducing complexity The Unified Threat Management UTM Appliance connects your local area network LAN to the Internet through one or two external broadband access devices such as cable mode ms or DSL modems Dual wide area network WAN ports allow you to increase the effective data rate to the Internet by utilizing both WAN ports to carry session traffic or to maintain a backup connection in case of failure of your primary Internet connection As a complete security solution the UTM combines a powerful flexible firewall with a content scan engine that protect your network from denial of service DoS attacks unwanted traffic traffic with objectionable content spam phishing and Web borne threats such as spyware viruses and other malware threats The UTM provides advanced IPSec and SSL VPN technologies for secure and simple remote connections The use of Gigabit Ethernet LAN and WAN ports ensures extremely high data transfer speeds The UTM is a plug and play device that can be installed and configured within minutes SSeS SSS a www allo com Version 2 0 8 UTM User Manual Q a LO 1 2 Technical Specifications No of Interfaces Two 1Gbps WAN port four 1Gbps LAN ports 1 console interface 1 USB port Maximum No of Connections Maximum No of New Connect
66. ork DNS_SERYERS PE SMTP_SERYERS HTTP_SERWERS gt gt SQL_SERYERS TELNET_SERYERS lt SSH_SERVERS FTP_SERVERS lt lt SIP_SERVERS AlM_SER VERS 10_network 10_host v mA CES x Cancel Figure 37 Add Address Group Address Groups Address Groups Address Objects Service Groups Service Objects LAN_GROUP Web Filter Objects 10_host_grp VPN_Network amp Add Figure 38 Address Groups 5 2 Address objects Navigate through Policy Objects gt Address Objects Address Objects defines sources and destinations of network traffic and are used when creating policies When properly set up these Address objects can be used with great flexibility to make the configuration of firewall Web filtering policies simpler and more intuitive The UTM policies verify and check the IP addresses contained in packet headers with a security policy s source and destination addresses to determine if the security policy matches the traffic www allo com Version 2 0 33 UTM User Manual Q a LO It determines the network address host address range of addresses and Mac address of the server Address object name specifies the unique name for address object which used in Policies etc it ranges from 3 32 characters Eg LAN_NETWORK In network address user has to define the IP address and net mask Eg IP address 10 0 0 0 Net mask 255 255 255 0 In host address user has to specify a v
67. ort Port used to connect Remote Gateway Gateway IP of the 209 gateway to which it has to relate Remote Tunnel Address virtual tunnel IP to be connects of the remote gateway Remote Port Port used to connect to the remote gateway Preferred Cipher Suite Cipher to be used in encryption b w gateways Authentication Pre shared key Pre Shared Key dialog is enabled Press generate button to generate the key Use the generate key on the remote gateway Certificate Certificate Use the same certificate on both gateways Compression enable disable of compression of data Remote Nets remote gateway network to be accessed from 1 gateway side Inactive Timeout If no traffic b w two gateways at this time Communication is terminated b w gateway Notify On Exit If one side of the gateway terminates then it notifies the remote side This is applicable for the UDP protocol www allo com Version 2 0 62 UTM User Manual C allo Firewall SSLVPN P2P Policies Enable Disable Policy Name sslvpn_p2p1 gt SSLVPH P2P Policies L s Web Proxy Antivirus Users Remote Gateway 192 168 0 123 Description sslvpn p2p Figure 78 SSLVPN P2P Policies 6 3 4 Client Certificates Navigate through Policies gt VPN gt Client Certificates The user can generate certificates signed by Device RootCa Common name should match with SSLPVN client profile user name Regenerate Client Certificate Country Nam
68. ources UTM gives security to internal network by making use of Firewall IPS Intrusion Prevention System VPN Connectivity Layer 7 filtering Web filtering NAT etc What is Proxy What application proxies are included A proxy server is a hardware or software system that acts as an intermediary between an endpoint device and another server from that device is requesting a service UTM supports HTTP SSH Proxies What are the advantages of Unified Threat Management Unified Threat Management is a cost effective solution to integrate multiple features into a single appliance i Easy to Configure ii Less time used for maintenance iii Better Performance iV Effective Cost AAA TN EET a www allo com Version 2 0 93 O allo UTM User Manual What does Unified Threat Management include Unified Threat Management is a cost effective solution to integrate multiple features into a single appliance It includes following features i Firewall ii IPS Intrusion Prevention System iii NAT Network Address Translation iv Web Filtering v VPN SSLVPN and IPSec VPN vi Layer 7 Filtering vii Anti Virus What is Layer 7 Application Control The online threat to productivity and security in your organization has evolved beyond simple Web traffic Problematic applications such as Bit Torrent Skype and TOP can compromise available bandwidth and expose you to inappropriate and illegal activity Protocols are
69. r Policies etc It ranges from 3 32 characters Eg WEB_SERVICES Create Service Group Group Name web Services Service Groups ayy a http https E ed Figure 41 Create Service Group www allo com Version 2 0 35 UTM User Manual Q a LO Address Groups Service Groups Address Objects gt Service Groups Service Objects Web Services Web Filter Objects d Add Figure 42 Service Groups 5 4 Service objects Navigate through Policy Objects gt Service Objects TCP IP suite is having a number of different services and Protocols These protocols amp Services using port number from 1 65535 port numbers Each port number is having its own service For example HTTP having port number 80 TCP SMTP having port number 25 TCP DNS having port number 53 UDP etc Using port number we can create services and configure Firewall NAT Web Filtering policies etc It specifies the services like SSH http SMTP SIP etc Object name specifies the unique name for service object which used in Policies etc and it ranges from 3 32 characters Eg Http Create Service Object Object Name Protocol TCP v Port 26 Comments Info Email Serv Figure 43 Create Service Object www allo com Version 2 0 36 UTM User Manual Q a LO Protocol It specifies which protocol to be used for the service object Protocols like TCP UDP
70. s at least one IP address that uniquely identifies it from all other computers on the Internet Media Access Control layer is one of two sub layers of the Data Link Control layer and is concerned with sharing the physical connection to the network among several computers This is one of the main protocols of the Internet Protocol Suite It is used by network devices like routers to send error messages indicating for example that a requested service is not available or that a host or router could not be reached It is a protocol for e mail retrieval and storage This standard protocol for retrieving e mail The POP3 protocol controls the connection between a POP3 e mail client and a server where e mail is stored The POP3 service uses the POP3 protocol for retrieving e mail from a Version 2 0 97 UTM User Manual TCP Control Protocol Transmission UDP datagram protocol User TCP IP Transmission Control Protocol Internet Protocol VLAN Virtual Local Area Network LAN Network Local Area WAN Wide Area Network VIP Virtual Internet Protocol www allo com O allo Definition mail server to a POP3 e mail client It is a standard that defines how to establish and maintain a network conversation via which application programs can exchange data TCP works with the Internet Protocol IP which defines how computers send packets of data to each other Together TCP and IP are the basic rul
71. stration Configuration Backup Backup Configuration 2 Import Config Restore Configuration No file selected 2 Apply Figure 18 Administration 3 9 2 Firmware Navigate through Device Settings gt Maintenance gt Firmware It includes factory reset it resets the device to default configuration settings Huploads firmware which provides the facility to upload the latest firmware build and install it on the device the firmware last update shows the last firmware update information Host Config Firmware Admin User SSH Factory Reset Web User Interface f Factory Reset Time Upload Firmware Upload Firmware No file selected gt Install Uploaded Firmware Firmware Update Status SNMP Certificates Logging Last Firmware Update Installation of new firmware on Mon Sep 22 15 13 54 IST 2014 SUCCESS Maintenance gt Firmware Figure 19 Firmware www allo com Version 2 0 22 UTM User Manual Q a LO 4 Network Settings 4 1 Interfaces Navigate through Network gt Interfaces In this section we can configure interfaces like WAN ethO LAN eth1 and whether the interface can be in DHCP mode or Static mode By default WAN interface has IP address 10 1 0 1 255 255 255 0 which is in Static mode and LAN interface has IP address 10 0 0 1 255 255 255 0 which has DHCP running on this interface We can configure gateway to the interfaces only in Static mode And also Maxim
72. t of all time zones NTP synchronizes for every specified update interval Host Config Time Admin User SSH Sync with NTP True False MTP Sync Status Web User Interface NTP Servers gt Time server O asia pool ntp org Server 2 Certificates Server 3 Logging Update Interval in seconds Maintenance Time 09 48 am Oct 12014 f Refresh Time Zone GMT 05 30 New Delhi 5j E Figure 11 Time www allo com Version 2 0 17 O allo UTM User Manual 3 6SNMP Navigate through Device Settings gt SNMP Simple Network Management Protocol SNMP is an application layer protocol for managing devices on IP networks It runs on port 161 and 162 trap and mostly used in network management systems to monitor network attached devices In UTM s SNMP can be Enabled Disable by clicking on the respective buttons User can configure any appropriate System Name System Contact and System Location into those fields Access Control List SNMP Access controls Lists ACL are configured in order to allow the SNMP traffic through the UTM Device Add Access Control List IP Address 192 168 0 103 Netmask 255 255 255 0 Community String abc 1234 Access TYPE ROCOMMUNITY Figure 12 Add Access Control List Trap Servers List A trap is an SNMP agent s way of notifying the manager that something is wrong UTM SNMP traps will capable of sending
73. te amp Refresh the page refresh interval Particular log can search by making use of Search field Interfaces System Log DHCP Leases Firewall Set Page Refresh Interval 15 fey Update f Refresh gt System Log Download system logs Y Download System Logs IPS Alerts SSLVPN Client Status Search Time Stamp Module Message SSLVPN P2P Status Sep 30 12 36 00 utm last message repeated 2 times Sep 30 12 36 00 utm kernel Port O receive error code 10 packet dropped Sep 30 07 48 36 utm last message repeated 2 times Services Status Sep 30 07 48 36 utm kernel Port O receive error code 10 packet dropped Sep 30 07 47 35 utm kernel eth0 100 Mbps Full duplex port 0 queue 0 Sep 30 07 47 33 utm kernel ethD Link down Sep 30 07 46 31 utm kernel eth0 100 Mbps Full duplex port 0 queue O Sep 30 07 46 29 utm kernel eth0 Link down Sep 30 07 43 53 utm kernel ethO 100 Mbps Full duplex port O queue O Sep 30 07 43 52 utm kernel ethD Link down Sep 30 07 43 32 utm kernel ethO 100 Mbps Full duplex port 0 queue O Sep 30 07 43 31 utm kernel ethD Link down Sep 30 07 42 01 utm kernel ethO 100 Mbps Full duplex port 0 queue O Sep 30 07 42 00 utm kernel ethO Link down IPSec Status Figure 101 System Log The System log page shows the time stamp logs module name from which alert triggered and log generated from any module www allo com Version 2 0 81 C allo UTM User Manual 7 5
74. tively SSH works on top of TCP protocol and its default port number is 22 It is used to login into the device securely using public and private host keys This section includes port and session timeout Session timeout specifies how long the user session show is valid Host Config SSH Admin User gt SSH Enable Disable Web User Interface Port 22 Time Session Timeout 3600 in seconds SNMP Regenerate SSH Keys Certificates Logging Apply x Cancel Maintenance Figure 9 SSH 3 4 Web User Interface Navigate through Device Settings gt Web User Interface It helps configuring web UI port and session time out Session timeout specifies how long the web UI session should be valid AAA AA www allo com Version 2 0 16 UTM User Manual Q a LO Host Config Web User Interface Admin User SSH Port 10443 gt Web User Interface Session Timeout 900 in seconds Time SNMP Apply x Cancel Certificates Logging Maintenance Figure 10 Web User Interface 3 5 Time Navigate through Device Settings gt Time The user allows for configuring time settings to the device using NTP server or using manual settings Using sync with NTP the user has to provide the NTP servers to sync with the time along with the zone specified in the zone list In manual settings user has to set the hour minute and select hour format AM PM date month year The Time zone list provides a lis
75. tivirus Users IPS Signature Settings 4 Reset Signature Settings Bym By Category By Severity Signature Category Type not suspicious unknown bad unknown atte mpted recon successtul recon limited successtul recon largescale attempted dos successtul dos atte mpted user unsuccesstul user successtul user atte mpted admin successtul ad min rpc port map decode shellcode detect PREVENT PREVENT PREVENT PREVENT PREVENT PREVENT PREVENT PREVENT PREVENT PREVENT PREVENT PREVENT PREVENT PREVENT PREVENT Not Suspic Unknown Tr Potentiall Attempted Informatio Large Scal Attempted Denial of Attempted Unsuccesst Successful Attempted Successful Decode of Executable C allo ss yy ya ARNI N NINA Figure 69 Signature Settings by Category By Severity Firewall IPS Signature Settings IPS f Reset Signature Settings By Severity gt Signature Settings Signature Severity VPN SEVERE PREYENT vw Web Proxy HIGH PREVENT Y Antivirus PREVENT ii oo teers MEDIUM PREVENT hal Low Y PREVENT DISABLE E o Figure 70 Signature Settings by Severity 6 2 3 Custom Signatures Navigate through Policies gt IPS gt Custom Signatures UTM user can customize or write their signatures for any newer attacks The UTM IPS GUI allows user t
76. tocol Secure makes it more difficult for hackers the NSA and others to track users The protocol makes sure the data isn t being transmitted in plain text format which is much easier to eavesdrop on VPN is a network that is constructed by using public wires usually the Internet to connect to a private network such as a company s internal network There are a number of systems that enable you to create networks using the Internet as the medium for transporting data It is a protocol suite for securing Internet Protocol IP communications by authenticating and encrypting each IP packet of a communication session This is a form of VPN that can be used with a standard Web browser In contrast to the traditional Internet Protocol Security IPSec VPN an SSL VPN does not require the installation of specialized client software on the end user s computer It is a networking protocol for clock synchronization between computer systems over packet switched variable latency data networks It is an Internet standard protocol for managing devices on IP networks Version 2 0 UTM User Manual Network Management Protocol DNS Domain Name Server PPPoE Point to Point Protocol over Ethernet PAP Password Authentication Protocol CHAP Handshake Authentication Challenge Protocol SIP Session Initiation Protocol DHCP Dynamic Host Control Protocol FTP Protocol File Transfer www allo com O all
77. tual IPs VLAN Contig Profile Name Domain Provider Enabled Configure Zones vey domain net dyndns dyndns WAN Load Balancing Add Routing DNS DHCP Server gt Dynamic DNS PPPoE Profiles Figure 34 Dynamic DNS www allo com Version 2 0 30 UTM User Manual Q a LO 4 10 PPPOE Profiles Navigate through Network gt PPPoE Profiles The Point to Point Protocol over Ethernet PPPoE is a network protocol for encapsulating PPP frames inside Ethernet frames and allows data communication between two network entities or points UTM allows user to configure PPPOE profiles in PAP CHAP authentication modes Create PPPoE Profile Profile Name PPPoE_2 User Name admin Password eeeseeseeseeese Authentication Type CHAP v PeerDNS True O False Idle Timeout 80 GES lt Figure 35 Create PPPoE Profile interfaces PPPoE Profiles Virtual IPs VLAN Config Profile Name User Name Authentication Zones pppoe _1 WAN Load Balancing PPPoE_2 admin CHAP Pl X Routing Add DNS DHCP Server Dynamic DNS gt PPPoE Profiles Figure 36 PPPoE Profiles www allo com Version 2 0 31 UTM User Manual Q a LO 5 Policy Objects Policy objects are building blocks for configuring Firewall VPN Web Filter User Policies etc in UTM They are something that can be configured once and then used over and over again to build what you need They can assist in
78. uest with the content in its cache thus improving the overall request reply speed Port It specifies the HTTP port for web proxy ERA NR ESE ESAS www allo com Version 2 0 71 UTM User Manual Q a LO Enable logging This specifies where to log the web proxy logs We have three types o None any logging o File Log to files in the device which in turn can he seen in web filter reports page o Syslog Log to another remote system by enabling logging in device settings option Enable HTTPS proxy It specifies whether to enable HTTPS proxying HTTPS proxy port It specifies the HTTPS port for web proxy Certificate to be used for proxy signing It provides a list of self signed SSL certificates for HTTPS proxy SSL Control It specifies the versions of SSL supported in web proxy By default all versions are enabled i e Auto Other SSL versions are SSLv2 Secure Socket Layer version 2 SSLv3 and TLSv1 Transport Layer Security version 1 Enable Caching It specifies where to enable caching when secondary device is employed Cache Size It specifies how much size of caching can be done on secondary device Proxy Hostname It specifies the hostname for web proxy By default device hostname is used for proxy Append Domain Name It specifies the domain name for proxy Eg allo com Proxy Admin Email It specifies the email id of admin who will receive mail in case cache dies Authentication It specifies the authentication scheme use
79. um Transmission Unit MTU 68 1500 communications protocol of a layer is the size in bytes of the largest protocol data unit that the layer can pass onwards for each interface Select which interface will be used for this connection either on external or internal interfaces PRIMARY means the connection will be on the external interface gt Interfaces Interfaces Virtual IPs VLAN Config Interface Name Zone Config Mode Address Netmask Gateway EnableDHCPServ MTU Zones WAN Load Balancing 10 0 0 1 255 255 255 0 Routing DNS DHCP Server Dynamic DNS PPPoE Profiles Figure 20 Interfaces 4 2 Virtual IPS Navigate through Network gt Virtual IPS UTM s VIPs addressing enables hosting for several different applications and virtual appliances on a server with only one logical IP address www allo com Version 2 0 23 UTM User Manual Q a LO Create Virtual IPs Interfaces etht v P Address 10 0 0 1 Netmask 255 255 255 1 Description eo e Figure 21 Create Virtual IPS Interfaces B interfaces O Virtual IPs Virtual IPs VLAN Config Interfaces IP Address Netmask Description Zones 255 255 255 0 WAN Load Balancing 255 255 255 0 Routing DNS DHCP Server Dynamic DNS PPPOE Profiles Figure 22 Virtual IPS 4 3 VLAN Config Navigate through Network gt VLAN Config A VLAN is a group of end stations with a common set of requirements independent of physica
80. with unusual activity are based on connection sequences or traffic length www allo com Version 2 0 53 UTM User Manual Q a LO UTM IPS supports i Predefined IPS signatures UTM is having predefined signatures for all known attacks ii Custom IPS signatures Custom Signatures allows user to configure own signatures to block any kind of attacks that are targeting to your network 6 2 1 IPS Settings Navigate through Policies gt IPS gt IPS Settings Intrusion prevention systems IPS also known as intrusion detection and prevention systems IDPS are network security appliances that monitor network and or system activities for malicious activity In IPS Settings users can enable disable the IPS by radio button present at GUIs User can Enable Signature Update by making use of given URL and even he can schedule the update the signatures based on a time basis like Monthly Daily and Weekly Or he can download and update the signatures Firewall IPS Settings IPS gt IPS Settings C Enable Disable Enable Signature Update Signature Update URL http Awww shield com sigupdate updates VPN re Signature Schedule Time 7 36 AM Y Web Proxy SOES E Signature Update Schedule Interval Monthly 111 YI Sunday Antivirus Download and Install Signatures directly on to the system Download amp Install Signatures Install Uploaded Signatures No file selected gt Upload amp Instal
Download Pdf Manuals
Related Search