User Manual Industrial ETHERNET Firewall EAGLE mGuard
Contents
1. HIRSCHMANN User Manual Industrial ETHERNET Firewall EAGLE mGuard EAGLE mguard Technical Support Release 4 0 1 08 06 HAC Support hirschmann de HIRSCHMANN User Manual Industrial ETHERNET Firewall EAGLE mGuard EAGLE mguard Technical Support Release 4 0 1 08 06 HAC Support hirschmann de The naming of copyrighted trademarks in this manual even when not specially indicated should not be taken to mean that these names may be considered as free in the sense of the trademark and tradename protection law and hence that they may be freely used by anyone O 2006 Hirschmann Automation and Control GmbH Manuals and software are protected by copyright All rights reserved The co pying reproduction translation conversion into any electronic medium or ma chine scannable form is not permitted either in whole or in part An exception is the preparation of a backup copy of the software for your own use The performance features described here are binding only if they have been ex pressly guaranteed in the contract This publication has been created by Hirsch mann Automation and Control GmbH according to the best of our knowledge Hirschmann reserves the right to change the contents of this manual without prior notice Hirschmann can give no guarantee in respect of the correctness or accu racy of the details in this publication Hirschmann can accept no responsibility for damages resulting from the use of the network compon2. 7 of 157 EAGLE mGuard mGuard delta 8 of 157 EAGLE mGuard was developed in co operation with the Industrial Security Alliance partner Hirschmann Automati on and Control GmbH The device is de signed for top hat rail mounting according to DIN EN 50 022 and is therefore especially suited for use in in dustrial environments The optional configuration connection and the option to establish a telephone dial up connec tion via the V 24 interface provide for additional applications options This device model is a compact LAN switch Ethernet Fast Ethernet desi gned for connecting up to 4 LAN seg ments Thus the device is especially suited for logically segmented network environments where the locally connected computers networks share the mGuard functions An additional serial interface enables configuration using a telephone dial up connection or a terminal With its robust metal housing mGuard delta is not only suitable as a desktop device but also for placement in wiring closets Innominate AE mGuard ee A 2 Typical application scenarios Transparent Mode Network Router DMZ Some of the more common application scenarios may be found below Firewall AntiVirus VPN In Transparent Mode factory default the mGuard can be installed between an individual computer and the rest of the network The settings for Firewall AntiVirus and VPN can be made with a webbrowser at the URL https 1 1 1
3. 5 24 amGuard PCL kea sedeeeeih aah A biases 39 Install the mGu rd PCI Card ii talca 39 Install the mGuard PCT Driver ooonoocncocincconoconaconananonannonncno nono nono nono conn nc nac nanr ron nro nono 39 Configure the Network Interface oononnonnninncnnnnconnconnnononancon cono nonnn ran nnnn crono co nnnnnanaos 39 The Default Gateway cm iria diia 40 5 3 Setting Up a Local Configuration Connection cccccceccecsseeseesteceeceeeeescecseeeaecneeenseeeeeesaees 41 Web based Administrator interface cccecscesseesseseeceeeeeseeeseeeseceseceseeeneseseesaeeseeees 41 After a connection has been successfully Setup ooooooccnoconocnnonononononconoconoconananoonnoo 42 Configuring the device ii laa 43 5S4 Remote Configuration cecccieccecitececars nesancsucnaeace eas suas ves cass bedveds decntaatedediaveccnsece E ea weel ven 43 Prereguisite seen ORO 43 Remote configuration icenen id id e a aiai 43 6 CONTIQUEACION wisssicssierieccsasecsnscerasssvesdesssossccseesascebaadesssess sosdessdesseonasiendeossiesnsdsvenssssenscsascenseduunncebees 44 6T Operation a at A RA e a e er 44 6 2 Men Basie SONDEO alias 46 6 2 1 Basic Settings D System cccccesccsesssecsessesecsseeseeseeeecsscsseeseeseeeeseseesscseeseeseeseeeaes 46 Hostia li ec ee act Seats Pane ot Pete Ds 46 Signal contact only EAGLE mGuatd cccccecccessecssceseceeeeesceesceneeeeeeeseeeeeneeeenees 48 Time dnd Dates aaa 49 SN E E 50 6 2 2 Basic Settings gt Network Int
4. bare metal case of your PC to discharge static electricity from your body Warning This is a Class A device It may cause radio interference in a living area in which case the operator may be requested to take appropriate measures mGuard PCI Your PC must provide a free PCI slot 3 3V or 5V Use a soft cloth to clean the case of the device Do not use any aggressive 0 to 40 C blade smart 55 C PCI 60 EAGLE max 90 EAGLE 95 non condensing humidity To avoid overheating do not leave it in direct sunlight or expose it to any other source of heat Do not bend the cables sharply Only use network cables to connect to a network up the device Step 1 Objectives Release Notes Connect the Device To startup the device perform the following steps in the order listed Page Check the package contents and read the Package contents on page 18 e Connect the mGuard blade on page 19 e Connect the mGuard delta on page 21 e Connect the EAGLE mGuard on page 22 e Connect the mGuard smart on page 24 e Connect the mGuard PCI on page 25 Configure the device to the extent necessary To accomplish this select from the various options offered in the mGuard s configura tion menus For more information regarding which options and settings are required or desirable for your operating environment please read the relevant sections in this manual Local C
5. cana a a a a a a eani 141 7 The Rescue Button restart recovery procedure and to flash the firmware 142 HA Performing aR eStart nitne a an aii 142 T gt Performing a RCOVCLY RR 142 7 3 Flashing the fitmwWate a iee A A O RE 143 Required before the firmware can be flashed DHCP and TFTP servers 145 7 3 1 Installing DHCP and TFTP servers under Windows or Linux cccceeceeeeeee 146 Under Wind WwsS viciado 146 Under Linux ti A isa 147 A O NN NN 148 Asymmetrical encryption cccccccesccsescesseescecseceseceseeeeeceseesaeceaeceseseeeeeeeeasecaenseenes 148 DESDE Saiz 148 NES do aida 148 AA a T E E iba idvasnacdedunaidesdne E EST 148 Datagram a he aa ei o ln 148 Default rot Ii 149 DDNS provider vicio da ri 149 TAS a ii eiii 150 ICA A tico 151 NAT Network Address Translation cccccscecsceseceseeeeceeseececstecneeeeeeeeeeeaeesaeees 151 4 of 157 Table of Contents Table of Contents Port NUMO E t cantidades stabs aacalecdanndiassaddutoaaden oa citaba 151 A EE TOEN 152 A a e a a a a e Sade Hea asta aan o aS 152 IN O NARA 152 Protocol communication protocol ccccssecsecessceeseeseeeseeeceseceeeeeseeeseceaeenteeeeeeses 152 PO A A A A A AA dae 152 Service PO VIA Ia 153 Spoofing Antispoofing ccccecccessecsscessceseeeeeeesceneceseceeeeeseeesecssecsaeeeeeseeesseeeeeeneees 153 Symmetrical encryption cccccccessecsseesecseeceseeeeeeeseeseecseeceec
6. firmware on page 142 15 of 157 3 5 mGuard PCI E LAN green LAN red i WAN green WAN red WAN LEDs State Meaning WAN Red flashing Booting up After starting or restarting the computer LAN Red WAN Red flashing System error BO Perform a system restart To accomplish this briefly press the Rescue key 1 5 sec OR Restart your computer If the error occurs again start the Recovery procedure see Performing a Recovery on page 142 or contact Support WAN Green on or flashing Ethernet status Shows the status of the LAN and WAN inter LAN Green face As soon as the device is connected to the network the LEDs will be on continuously to indicate that there is a connec tion The LEDs will flash when data packets are transferred WAN Green various LED codes Recovery mode After pressing the Rescue key WAN Red See The Rescue Button restart recovery procedure and to LAN Green flash the firmware on page 142 16 of 157 4 Startup Safety instructions General notes regarding usage Steps for starting The mGuard is intended for protective low voltage operation Only connect the mGuard s network interfaces to LAN installations Some telephone lines also use RJ45 jacks The mGuard may not be operated on a telephone line a C d solvents Environmental conditions Warning mGuard PCI Before handling the mGuard PCL touch the
7. to the company s network is to be provided to employees at home or in the field The mGuard thereby provides the services ofa VPN gateway On the untrusted computers an IPsec capable VPN client must be installed in case the computers operating system does not provide such a service like Windows 2000 or XP do LUZ6L esc 1 8 Internet vasc C89 CEL CL OL CLL CL OL CL vac L891 C6L K PLOVeLb GL OLZlb Auxiliary 192 168 2 0 24 WLAN 192 168 1 0 24 Two buildings of a company are to be connected with an IPsec protected WLAN connection From the auxiliary building it shall also be possible to use the main building s internet connection In this example the mGuards were switched into router mode and a separate network with addresses of 172 16 1 x was created for the WLAN Since the internet should be also available via the VPN from the auxiliary building a Default route over VPN must be configured Auxiliary building tunnel configuration Connection type Tunnel Net lt gt Net Local network address 192 168 2 0 24 Remote network address 0 0 0 0 0 In main building the appropriate counterpart to the connection is to be configured Main building tunnel configuration Connection type Tunnel Net lt gt Net Local network address 0 0 0 0 0 Remote network address 192 168 2 0 24 The default route ofan mGuard is usually directed over its WAN port But in this cas
8. 1 On the computer itself no configuration changes are required Intranet DSL Modem Internet or Router The mGuard is able to provide internet connectivity to a group of computers while protecting the company network with its firewall For this purpose one of the following network modes may be used Router if the Internet access is established via a DSL router or dedicated line e PPPoE if for example the Internet access is established via a DSL modem using the PPPoE protocol e g in Germany PPTP if for example the Internet access is established via a DSL modem using the PPTP protocol e g in Austria The mGuard must be set as the default gateway on the locally connected client system s Intranet Internet Server Firewall A DMZ Demilitarized Zone is a protected network which sits between an tust ed network and untrusted networks For example a company s website may be inside a DMZ granting FTP write access to computers in the intranet and HTTP read only access to both networks The IP addresses within the DMZ can be public or private In the latter case pub 9 of 157 VPN Gateway WLAN over VPN 10 of 157 lic IPs would be mapped by means of portforwarding to the private addresses within the DMZ Branchoffice Internet An encrypted access
9. R 75 O O OOO ROI 77 A A ied 78 6 3 2 Security gt Web ACCESS uasa Aena aa Ee aaa TE Ea ATEA nano nr nr nana oA 79 CO A E EE shan 79 ACCESS aneneen E E a A E E ERS 79 6 3 3 Security gt Local Authentication c ccc cceccessessesceseeeecessesecseeeseeseesececssesseeseeeees 81 PassWord S A EE 81 6 3 4 Security gt External Authentication ooooconcnionncnnonionnonconnonccnnonncnnnnnnonncn non ncnnnnnnnnos 83 Remote ui A IA A a da 83 TA 84 AUS A da ii eee 84 Menu Network Security not blade controller oooooonccncnnonincnnocononconncononannonnononoconoranonanos 85 6 4 1 Network Security gt Packet Filter oooooconnnnninnccnonnnooncononccnncnncnn cnn non non con ccnnnnnnos 85 Untrusted Port inna e a nivel aaea Ta EEA aa ATRO AA 85 SErUsted TOI i AAE EA E EET 86 MAC ETE A taal als A A N ias 88 AV A AAA aaa TaS 89 64 2 Network Sec rity gt NAT tia Rata 90 Masquerading air 90 Port FOrwardin Ria tl did dean 91 Connection Tracking Ad oO 93 6 4 3 Network Security gt DOS ain narnii iieo aiaei eE oi Ea Ei 94 Flod Protect oN E AA A A a 94 6 4 4 Network Security gt User Firewall cccccccsecsesssesscesceseeseeseeeeseseesecsecseeeeeseeeaes 95 User Firewall Templates ccccccecsccssecssceseceseeeseecseeeseeeeeeeeeesaecsaeceeeseeeseeeeseeceenseees 95 User Firewall gt Define Template ooooconocincnocncononncnonccnnnonnnonon non ccnonnonno noo ncancnn ninos 96 General nea NOS 96 Template Usina llana sneadchoncbbaete
10. dbecedesececesses 12 Sek mGiard blade cui alada canas 12 3 2 CN 13 333 SBAGLE mGuard ssc hse AAA Ad PE a da REEMA eh 14 SEA MUA Mt idea 15 Sed mGuard PCM td Da at a litres cie Liat 16 A NO 17 Ail Package contents sica tidad 18 Included in the package iii One ii 18 4 2 ComnectithemGuard blade aserre renra oe KEENE AANEEN ATENE E TENE teh vide ETER 19 Installing mGuard bladeBase ccceecececeseeeseeeseenseeeseeeeceseecseecseceaecneeenaeeseecsaeeneenes 19 Installing mGuard blade oo cece ceccccssecseceeeeeseeeseeseecseceeceseeeseecseceseeeeeeeeeeaeecneeeaeenes 19 Control Unit CTRE Slot ia a a a ai ea Ei a a NA 19 Connecting mGuard blade sisinio erdiei einans onana baoi Enee i ketoos annsi 20 4 3 Connect the inGulard della eroriren aa a RA E oahcess Eaa aa ARA 21 4 4 Connect the EAGLE mGuatd cooooocccnnonnnononnononanncononnnnononnnnoonnnnnronnnnnnonnnneronnnn no nana na ronnnnnnonnanos 22 Terminal block ta A 22 AMD a 22 Startup procedures it ri ai ARE AR IAE E a E TES 23 Network Connection Dual is GR ARE Ei ee aS 23 DISTANCING secede seeded fad hues eae EE sates duh teas E ieee as sae 23 4 5 Connect the mGuard smart oueres e e AE e a a a NAR 24 4 6 Connect the mGuard PEE ose ie cccsecacoceese Posten conve dvaiecaes oiecteneaatacesvecdete es occas ec ad 25 4 6 1 Choice between Driver mode or Power over PCI mode cooococcccnnonccononnonononnnnoconnonos 25 DAA A N 25 Power over PCI Mode 0 0 ceccccccecscccssssccc
11. e the internet is reachable via the LAN port Main building default gateway IP of the default gateway 192 168 1 253 Solving Network Conflicts 10 0 0 0 16 E 10 0 0 0 16 10 0 0 0 16 In the illustration above it is desired that the networks on the right hand side are accessible from the network or the computer on the left hand side For historical or technical reasons however the computer networks overlap on the right hand side With the help of mGuards and their 1 1 NAT feature these networks can be redefined so that the conflict is solved 1 1 NAT can be used in normal routing and in IPsec VPN tunnels 11 of 157 3 Control and LEDs 3 1 mGuard blade WAN red WAN green LAN red LAN green Rescue Key Innominate serial LEDs State Meaning WAN Red flashing Booting up After starting or restarting the computer LAN Red WAN Red flashing System error BO Perform a system restart To accomplish this briefly press the Rescue button 1 5 sec If the error occurs again start the Recovery procedure see Performing a Recovery on page 142 or contact Support WAN Green on or flashing Ethernet status Shows the status of the LAN and WAN inter LAN Green face As soon as the device is connected to the network the LEDs will be on continuously to indicate that there is a connec tion The LEDs will flash when data packets are transferred WAN G
12. ents or the associated operating software In addition we re fer to the conditions of use specified in the license contract Printed in Germany 21 9 06 Hirschmann Automation and Control GmbH Stuttgarter Stra e 45 51 72654 Neckartenzlingen Tel 49 1805 141538 01 0806 Table of Contents Table of Contents L IMtro UCM oesicccccscdes cess cecscs scnnciscdsesssevesocedssvessdeucsssdssensvtesecessssecedeeteseseteecueseseeesebecsessesesvescesosss 6 NetWork features os ccscseieccatendeceserdeceatedecsessdethesasechesa sebeevsbeceens seseesibeesesnnedestetedecesredees shes 6 Firewall features A eke saa de ed nd eS ES 6 AMEE VATUS TC AUT E AE blest pce soca R 6 VPN ACUSA daa 6 AGG ON Al ia rr A els deewnctdceroeideteeres 7 SUPPOFt A E EE EA 7 LL DEVICO VES ii la aia 7 mGard Mart elisa alabando 7 mGuard POr eater iedd bes 7 mGuard blade ta o a illa Peet ak ee awe ea 7 EAGLE AGI dista iaa de 8 Houad delta ninas 8 2 Typical application scenarios e sesseesseossessoossoossoessoesocsssesssesseossocsoossooesosssosssosssesssesseessosssossosesee 9 Transparent Mode esta dale diia 9 Network Rotter ii A a alse sed ce od dae 9 A 9 VEN Gadea cisnes 10 WEAN Ver VPN boost td leds olaa 10 Solving Network Conflicts cccccccsccesscesseesceeeceseceseeeseeesecsaecaeseeeseeeeseecaeeneeseeseaes 11 3 gt Control and LEDS seisssssccccscstesdssccecscdsteccccesesteveccccesensssedesecdsescesscsecessseosseescsdestseesesssysevs
13. erfaces oooonccioninnnonnnnnonconnonnoonnnnnonnonncnnonncnnnnnnnnncnnos 52 General eoa a e A E E O e ON 52 Network Mode gt Transparent facto 55 Network Mode gt Router factory setting mGuard delta ococccocococconococicocicncnninnss 56 Network Mode gt PPPOE 0 ci ic 59 Network Mode gt PPTP n a ts ate 59 Network Mode gt Router PPPoE or PPTP ooi o eeee cece cccesscceessscecesssceeesseecessseeeees 60 Ele a A tas 61 Serial Port only mGuard blade delta and EAGLE mGuard coooooniccnoocnnnnconnconnnnnos 62 Hard Wat A li IA ba 64 6 2 3 Basic Settings D Load Save o c ccccccsccssseesssescessesecseeseeeeseesesscsecseeeeeeeesaeesesseeseeeees 65 Load Save anat ae es et at bo 65 Profiles on the ACA EAGLE mGuard only cccceccccssessecesscssssencscsseeseceaecesssesaseseensesaeseeseneesstesaesseseees 66 6 2 4 Basic Settings gt Central Management eococcniononnnonionnonnonnonconconnonnonnnonncn non nonrnnnnnnnos 68 Configuration Pullla cocina E adrede et indi ais 68 6 2 5 Basic Settings gt ICM a dad 69 OVA Witt is 69 RNA 70 2 of 157 Table of Contents Table of Contents 6 3 6 4 6 5 6 6 6 2 6 Basic Settings D Update o c cccccccccscssscseesseeecesceseesecseeseeeesesscsecseeeeeeeesaeessenseeseeeees 71 OVA A tt tl 71 A ES EAEE A O RN 72 AntiVirus Patti id a da aii dd 73 6 21 Basic Settings gt Resta o idol 74 Men Security a EE EEE E E A E taal eh REEE EEEE 75 63A Secu NM o e eee Le 75 QUE RA
14. g ACA writing process ACA simultaneously slow function both LEDs blinking ACA reading process STATUS and Simultaneously slow Mee both LEDs blinking ACA error 14 of 157 alternated fast 3 4 mGuard smart LEDs Recovery Key Located in the opening Usea LED1 LED2 LED3 e g straightened paper clip to operate it Colour State Meaning Red Green red green flashing Booting up After connecting the device to the power supply After a few seconds the LED will switch to a heartbeat Green flashing Heartbeat The device is correctly connected and functioning Red flashing System error BO Perform a system restart To accomplish this briefly press the Rescue key 1 5 sec OR Disconnect the device from its power supply briefly and then reconnect it If the error occurs again start the Recovery procedure see Performing a Recovery on page 142 or contact Support 1 and 3 Green on or flashing Ethernet status LED 1 shows the status of the inter nal interface LED 3 the status of the external inter face As soon as the device is connected to the interface the LEDs will be on continuously to indicate that there is a connection to the network The LEDs will flash when data packets are trans ferred 1 2 3 various LED codes Recovery mode After pressing the Rescue key See The Rescue Button restart recovery procedure and to flash the
15. lbuessshdedesdedeengalicsucheneeb andeuhgnes 96 Firewall RUS ii a Ai a R 97 Menu IPsec VPN not blade controller 0 ccccceccecsceeseseceseeeeseeseecsseeeecseeeeseecsaeceeeeeesseeesees 98 63 1 IPsec VPN Global ao A alles nell eet 98 Machine Certiticate s AN A ved dad OSs esi NE di 98 Dyn DNS MOnitOrin Gis id E dacia vi decd cudacea rede couse da vious 99 6 5 2 IPs c VPN gt Connections a dee es 99 GONMECHONS iii EE duce tininds besa cuboutn a ARRE 99 6 5 3 Define a VPN connection 00 ceccesceecesseesceeseceeceseeesecsaeceaeseeseeeeseecseceseeneeeneesaes 100 A RN 100 AU CO id E is 103 Bere wal ese NN 105 TKE Options imss ii 106 6 5 4 IPsec VPN gt L2TP over IPsec coooonooccnocincnocnonncnonnconnonnnonoo noo nono nonnonnn nn nn co non conos 108 E2TP Vi dd dia 108 6 35 35 IPsec VPN gt IPsec tai liad He a aa 109 Menu AntiVirus not on control Unit ccceecceeeesseeceeteceeceeeeeeeeeseceeeseneeeseeeeseeeaeeaeees 111 3 of 157 Table of Contents 6 61 Anti Varas HTTP tada aa 111 Virus Protect ii aia 111 66 2 WebiSecurity TP at tri 113 Virus Protections 3448 istered ae anu en ie nel Gnas 113 6 03 AnS gt ROPI Ha A id 116 Virus Protec in say ah dbve Senlevas Cloke nde ote acdobed eM ata tied ca oee le 116 0 0 ATV IRS SM ada 119 Virus Protection cilindros 119 6 7 Menu redundancy cocccocnccnconnconnconoconocononanoonn con nono non rra nn nn ron nr on nn nn nan n ran r ran rra rra nn nn nana rrrn ra
16. onfiguration At startup on page 34 17 of 157
17. only router modes Port forwarding only router modes Firewall throughput max 99MBit s Individual firewall rules for different users user firewall ClamAV virus protection Supported protocols HTTP FTP POP3 and SMTP sending The virus filter can decompress the following formats ZIP RAR e GZIP BZIP2 TAR e MS OLE2 e MS Cabinet Dateien CAB MS CHM Komprimiertes HTML MS SZDD e UPX e FSG e Petite Protocol IPsec Tunnel and Transport Mode IPsec DES encryption 56 Bit IPsec 3DES encryption 168 Bit IPsec AES encryption 128 192 and 256 Bit Packet authentication MD5 SHA 1 Internet Key Exchange IKE with Main and Quick Mode Authentication Pre Shared Key PSK X 509v3 certificate DynDNS Additional features Support NAT T Dead Peer Detection DPD e Hardware encryption e up to 250 VPN tunnels please refer to the feature table e VPN throughput max 35MBits s on 266MHz or 70MBit s on 533MHz models e IPsec firewall and 1 1 NAT Default route over VPN e MAU management e Remote logging e Router Firewall Redundancy e IPsec L2TP Server LLDP e Administration by SNMP v1 v3 please refer to the feature table and Inno minate Device Manager IDM In case of problems with the mGuard please contact your local dealer Additional information about the device and relevant changes as well as release notes and software updates can be found on the web site for the EAGLE mG
18. reen various LED codes Recovery mode After pressing the Rescue key WAN Red See The Rescue Button restart recovery procedure and to LAN Green flash the firmware on page 142 12 of 157 3 2 mGuard delta Power Status reserved Ethernet WAN Ethernet LAN LEDs State Meaning Power on The power supply is active Status on The mGuard is booting heartbeat The mGuard is ready flash flash pause 1 2 Reserved 3 WAN on Link detected flashing Data transfer 4 7 LAN on Link detected flashing Data transfer 13 of 157 3 3 EAGLE mGuard Power Supply 1 P1 Power Supply 2 P2 Link Status Data 1 trusted port Link Status Data 2 untrusted port Rescue Key Serial V 24 Trusted Port USB Untrusted Port Aufkleber MAC Adresse o 24V P1 o o 0V E apro o o 24V P2 lt ES Ground Connection LEDs State Meaning P1 P2 green The power supply 1 or 2 is active STATUS green blinking The EAGLE mGuard is booting green The mGuard is ready yellow blinking slowly The mGuard is in Router Redundancy Backup mode FAULT red The signal contact is open in case of an error LS DA 1 2 green Link detected v 24 green blinking 3 times The port is disabled per period yellow flashing Receiving data running light Initialization phase after a reset Display of both LEDs blinkin
19. ros 122 6 7 1 Firewall Redundancy cccccccesessessseesseeseceseceseeeeeeesecseeceaeseeceseeeseecseseeeeneeeneeenes 122 Reddit ida dad 123 IGMP CHECKS s225csssesscssiagsaradaateacetsswsabesuancssaeas oad degncedaetaccemiaasaldesa a Te ici 124 6 7 2 Layer 2 Redundancy ii ae 125 Ring Network Coupling cccccceceeeseesscesceeseecseceseeeeeeeseecssensecnseeeseeeseeeseceeenseeaes 125 6 8 Men Diagnosis A AAA aa 126 O 85 Tog gt Settings OA 126 Remote Lori e 126 6 82 Diagnosis gt Event lO gS ii ita 127 ANTHEA US 2 da A IE ia AT abans 128 6 8 3 Diagnosis gt Support Info 0 cc cccccccceceseesceseeseceseesecsecsseeeeeseesecsaesesseeeeseeseseeseeas 130 Hard WS a e A E e a be tats 130 Mp adobo eii 130 0 95 EEN to da Le A Do 131 6 9 1 Extended DNS A A A es eet ee 131 DNS Server rado teste Dar a oia 131 DDN a sad a isos 132 6 92 Extended gt DHCP cid A A a sees 133 Trusted Untrusted DHCP iaa ii 133 6 10 Menu Entry Blade Control control Unit only oooonccnncniccnoncninnnonnnonononocononon cnn nonnnoonnco nacos 137 6 1041 Blade control D Overview cut dad 137 6 10 2 Blade control gt Blade 01 to 12 oooononicnicnnncnoccnccoccnonoonconon nooo non nonnnonnn nooo nrnncnnnnno 138 Blade im Slot Fee a aE E a a a e eaaa 138 COMPUTATION erapr nreno a dadas Eaa ai 138 6 11 CIDR Classless InterDomain Routing oooocinnnnncononoconocononononancon ccoo nconocon nono nono noonn conan naar 140 6 12 Network Sketch
20. seeeeseecseeeseeneeeeeesseeesees 153 TCP IP Transmission Control Protocol Internet Protocol cecccsceeseesteeteeees 153 O OO AR ROS COR E 153 VEAN sta li 153 VPN Virtual Private Network ccccccecscesseessecseceeeceeeeeseecseenseceseeeseesseeeeeeseenseeaes 154 5 of 157 4 Introduction Network features Firewall features Anti Virus features VPN features 6 of 157 The mGuard protects IP data connections The device supports the following functions e Network Card mGuard PCI Switch mGuard delta VPN router VPN Virtual Private Network for the secure transfer of data via public networks hardware based DES 3DES and AES encryption IPsec protocol Configurable firewall to provide protection against unauthorized access The dynamic packet filter inspects the source and destination addresses of data packets and blocks undesired traffic Virus protection with support for the protocols HTTP FTP SMTP and POP3 The device can be conveniently configured using a Web browser Transparent Auto Static Multi Router Static DHCP Client PPPoE for DSL and PPTP for DSL connectivity VLAN DHCP server relay on the external and internal network interfaces DNS cache on the internal network interface Administration using HTTPS and SSH Stateful packet inspection Anti spoofing IP Filtering L2 Filtering only Transparent mode NAT with FTP IRC and PPTP pass through only router modes 1 1 NAT
21. sssseecesssecceessecesssseeecssseeecsesseecssseeeeseseecseass 26 4 6 2 Hardware installation e a a a aaa a 28 463 Driver installation cintia dia a aOR O Oa 29 WATO WS AP annaa aAA AA a a 29 WiNdOWS 2000 ri AAAA AA ONE I ANE N A PE A E A A 30 TUE i tne REN 33 5 Configuration preparation esseessoessessscssesssesscossoossossoossoossosssosssesssessesssossoossoossosssosssesssesssessesso 34 1 of 157 Table of Contents 5 1 Connecting the mi Guard renien ectie esei E ERE E E i a a aa 34 MG UAT blade ii a a a a a a a e aa aE 34 TING A Ae lanne a e a raa sade suck hour tad op da 34 EAGLE mGuatd it Ona 34 MGuard SIM ATE oe he oka ccs dens decors Reece AA weap AA AA ti ich 34 MAG Ua PC RN NN 34 5 2 Local Configuration At startup sesei eiii ii e E E 34 5 21 EAGLE MiGuard nodos la aos 35 With a configured network INterface oococooninnnnonnonnconoconocononannnancnnnonnncnanonn nono non nnnns 35 Without a configured network interface ccceccecsseeseceseceeeeseeeseceeeeeeeteeeeeeseeeseens 35 Entering the IP parameter via HIDISCOVETY cccccceesseesecesceeeeeeseeseeeeeeeeeeeesseenseens 36 5 2 2 m Guard blade and mGuard smart ccceccecceeseesseesseeeeceseeeseeeseceseseeeeeeeeeeenseeeeees 37 With a configured network interface cccecccessessecsteeeeceeecescecseceseceeeeeeesseenseeeeees 37 Without a configured network interface ccccccsceseeecceeecesceeeceseceteeeneeeaeenseeneeees 37 523 mGuard dt An 38
22. uard under www hirschmann ac com for all other mGuards under http www innominate com 1 1 Device versions mGuard smart mGuard PCI mGuard blade mGuard is available in the following device versions which have largely identi cal functions All devices can be utilised regardless of the processor technology and operating system the connected computers use Smallest device model Can for exam ple simply be plugged between the computer or local network on mGuard s LAN port and an available router on mGuard s WAN port with out having to change existing system configurations or driver installations Designed for instant use in the office or when on the go This card which can be plugged into a PCI slot provides the computer it is in stalled in with all mGuard functions in driver mode and can additionally be uti lised as a normal network card A net work card already on hand in the computer or another local computer lo cal network can be connected in the power over PCI mode The mGuard blade Pack includes the mGuard bladeBase which can be easily in stalled into standard 3 U racks 19 inches and accommodate up to 12 mGuard blades Thus this version is ideally suited for use in an industrial environment where it can protect several server systems individually and independently of one another An additional serial interface enables remote configuration using a tele phone dial up connection or a terminal
Download Pdf Manuals
Related Search