IFW320 User`s manual VA1
Contents
1. A ARS E E ST EEE F A E E E 96 0 ko pide hehe deeded te bedeteed A A PAN PISE 64 0 k Pip Bits per Second 22 0 k pipette la ee Saree E EEN O i le 8 10 12 1416 18 20522 0 002 08 10 12 14 16 0 0 k RA FH HAT HA 105 8 kb fb 0 1 2248 0 bb 0 0 456 0 b t 0 0 SEH 124 8 kb F5 0 1 3840 0 b b 0 0 872 0 b b 0 0 Memory loading HH EIR 5 538 FH 8 4 G Salle A E AEEA 6 3 6 piei 4 2 0 mias 2 1 G 0 06 8 10 12 14 16 18 20 22 0 2 4 6 8 10 12 14 16 EX Real Memory Available4585 1 MB P 313 Real Memory Available4224 6 MB t HAT Real Memory Available4571 3 MB Pb EX Swap Available2031 6 MB b 3519 Swap Available2031 6 MB gt Hay Swap Available2031 6 MB pt Remote Syslog Server IFW320 logs all its security functions so that you can analyze and do statistics Also there is a search function in all these log pages Some abnormal behaviors of network can be located and then help you to fix The log function is disabled by default 110 7 6 1 Remote Connect Setup Enabling IFW320 to send logs to the external syslog server please select Network Services gt Remote Syslog Server gt Remote Connect Setup Click Enable and enter the syslog server information Remote Connect Setup Enable v server F 192 168 1 111 server Port 514 UDP 514 Log Item Packet Tracing Log IOP Log Botnet Log Save Network Services Example Network Services IFW320 In2. In this Logs chapter you can enable the following lists e System Operation 13 1 System Operation Log records all connections that pass through the IFW320 The information is classified as Configuration Networking Policy Object and so on Event log has the records of any system configurations made Each log denotes who when what and where that a configuration is being modified The Administrator can view the logged data to evaluate and troubleshoot the network such as pinpointing the source of traffic congestions You can see simply information in Logs If you need more information you could use Logs Search to search what logs you need The result shows on Logs Search Result 13 1 1 Logs Select Logs gt System Operation gt Logs lt shows configurations which has been modified with illustration describe what kinds of action has been modified describe which IP address has ever done function path Logs List ifn 1 ES gt gt Time Account IP Address Function Path Action Description 11 13 10 19 44 admin 192 168 189 244 VPN PPTP Client PPTP Client List Add Name 11 13 10 14 57 admin 192 165 189 244 YPM PPTP Server Account List Add Enabled 11 13 10 02 11 admin 192 165 159 244 YPN IPSec Tunnel YPM IPSec Tunnel List Add Enabled 11 13 09 34 07 admin 192 168 189 244 Login OK Login Login Successful 11 13 08 51 14 admin 192 165 189 244 Objects Internet Auth Local Users Add name 11 13 08 46 55 admin 192 168 189
3. E LEINEN TREES WIS opr gu YLI apap ii ge gan 7 la E deber a Lo de ee E a ie de dra ae LA ES ITRF Then click on and enter your username and password The figure below shows SSL VPN Connection Client screen Het oe Es A E Cosa J a Corra Te he F 11118 101 0 1271 MAA CA PAL LE dico Pal 1 SA e AA Lamar ira 144 SSL VPN IFW320 Industrial Firewall Appliance 10 2 SSL VPN Log 10 2 1 SSL Client On Line Log Select SSL VPN gt SSL VPN Log gt SSL Client On Line Log Refuse Connection Log Refuse Connection Log Start Stop User List On line 0 Account T 171 Account Status Source IP Address Local IF Address Last Connection Local Interface Kick Log victoria a Kickvictoria vit A Kickvic Log Refuse Connection Log Select Start Stop to start stop this function In addition you can click on to see SSL VPN logs 10 3 VPN Policy This section is the same as section 11 4 VPN Policy In this section you can enable the following lists e Internal to VPN e VPN to Internal SSL VPN on internal control and external control through the SSL VPN connection points connected to internal network the Protocol Service group port QoS bandwidth and Schedule Packet tracing and Traffic Analysis Select SSL VPN gt VPN Policy gt VPN to Internal or Internal to VPN Click on 4 Create a new VPN policy VPN s policy is as follows p
4. IFW320 Industrial Firewall Appliance 7 5 SNMP SNMP SNMP Simple Network Management Protocol is an Internet standard protocol for managing devices on IP networks Devices that typically support SNMP include routers switches servers workstations printers modem racks and more It is used mosily in network management systems to monitor network attached devices for conditions that warrant administrative attention Here Axiomtek SNMP feature supports SNMPv3 and it primarily added security and remote configuration enhancements to SNMP Besides IT administrator can use SNMP plus MRTG to see more network status In this section you can enable the following lists 7 5 1 SNMP Please select Network Services gt SNMP gt SNMP SNMP Agent SNMP Agent Device Mame Device Location Community Contact Person Comment ohhiPys security Level User Name Auth Protocol Auth Password Privacy Protocal Privacy Password Enable Firewall Taipei Taiwan public help commoan cam Firewall Enable AuthP riy public MDS DES Dave Here is some more network status CPU usage FH ER 57 35 75 0 50 0 CPU Utilization 25 0 0 0 RA Active CPUO in Load 57 0 Active CPU1 in Load 48 0 9 10 012 K a E e Ka A S o 2 4 6 8 10 12 14 16 HAT 1 0 1 0 Network Services 109 IFW320 Industrial Firewall Appliance 7 6 Network traffic FH BK 57 F5
5. LAN 192 168 1 102 LAN 192 168 1 100 WAN 61 10 10 10 Backup gt gt gt Master DMZ 192 168 1 104 Setup Setup Enable y Enable y Mode Master Mode Backup Master Manage IP Manage IP Backup 01 Remote IP 192 168 1 100 Remote IP 192 168 1 102 11 Besides you can enable notification if you worry about the system not working well The following figure shows HA switch notification Master 1 WAN Disconnection 2 DONS Update Failed 3 SLB Disconnetion Y 4 Master Siave Switch 5 Firewall Protection SYN ICMP UDP PonScan 6 Anomaly IP Outgoing incoming session fow up flow down 7 IOP Attack Log 8 Virus Blocking Web mad 9 System Log 10 Administrator Login Failure Event 11 SSL VPN and Web Authentication Login Failure 12 Software Upgrade 13 HOO Free Space Too Low Usage over 90 or Bad Track 14 Schedule Backup Configuration 15 Collaboratwe defense 16 Arp protect 17 MAC Collision Log 18 Botnet Attack Log 19 CMS Chent management requests Connect status abnormal Backup failed Restore faded 20 Database Anomaly Weight Mail Subject WAN disconnect DONS fai SLB disconnect HA switch Firewall protection Anomaly IP IDP Log Virus block Admin log Admin login fail Auth login fail Software upgrade HOO State Auto Backup Defense Arp protect Collision log Botnet Log CMS Database Anomaly 108 Network Services
6. to create a new management IP and Netmask In order for this Manager IP Address option to be effective the IT administrator must cancel the ping HTTP and HTTPS selections in WAN Setup Then the management WAN interface will be inaccessible Moreover all systems are granted access with the correct password if no administrative IP addresses or networks are specified Configuration gt Administration IP Address Add Manager IP Address and Netmask Action Allow Notes IP and Metmask 255 255 255 0 24 Y Administrator Management Ping U Management Interface Add Note Enter any word for recognition IP and Netmask It accords with WAN Setup which selects Networking from the MENU on the left side of the screen and then selects Interface from the submenu Then click WAN you will see WAN Alive Check below 3 2 4 Clear Data Select Configuration gt Administration gt Clear Data There are two parts Clear Data and Data Storing Time Clear Data select All Configuration Time Update Log Notify Log Network WAN Alive Detection and PPPOE Log Policy LAN Policy Packet U WAN Policy Packet Objects Firewall Log Authentication Log Network Services DONS Update Log Anomaly Log IOP amp Botnet IOP Log Botnet Log YPN IPSec Tunnel Log J PPTP Server Log PPTF Client Log Logs Logs status Traffic Analysis Log Ciran Configuration 21 IFW320 Industrial Firewall Appliance Clear Data In order t
7. 2 Upload flow exceeds 512 kbps and continues 120 seconds default 3 Download flow exceeds 1024 kbps and continues 120 seconds default Advanced Protection 117 IFW320 Industrial Firewall Appliance Incoming Anomaly 1 Session exceeds 100 and continues 120 seconds default 2 Upload flow exceeds 512 kbps and continues 120 seconds default 3 Download flow exceeds 1024 kbps and continues 120 seconds default Enter 10 in outgoing anomaly and use 192 168 1 117 for testing this function Let s see Status gt Connection Status gt Connect Track Example rack List Total Session 532 532 OutBound 30 second IP Address Session Up speed bits 4 Down speed bits 4 Log 192 168 1 11 65 25 01H 97 As we saw in the figure above system should record 192 168 1 117 into log so user can see logs in Advanced Protection gt Anomaly IP Analysis gt Anomaly Log 8 1 2 Notify Anomaly It accords with Configuration gt Administration gt SMTP Server and Configuration gt Notification gt Notification Inside to Outside Anomaly E Connection Session exceeds 1100 and continues 120 seconds Upload flaw exceeds 512 kbps and continues 120 seconds Download flaw exceeds 1024 Kbps and continues 120 seconds Outside to Inside Anomaly E Connection session exceeds 100 and continues 120 seconds Upload flaw exceeds 512 Kbps and continues 120 seconds Download flaw exceeds 1024 Kbps and continues
8. 24 0 means no limit Allow change password Deny multi login Temporarily block when login failed more than O timeisi i 0 means no limit IF blocking period O minutets 0 means permanent blocking i Permanently block when login failed more than O timeisi i 0 means no limit Unblocked IP Mo blocked IP Redirect successfully authenticated users to whether to have read page Authentication port The port number that authentication requires Default port is 82 Idle timeout If an authenticated connection has been idle for a period of time it will expire The default idle timeout is 60 minutes Re login after user has logged in for After user logged in for a period of time a re registration will be requested Determine the valid time of an authentication Authentication expires on the due time Allow change password Permit users who are using the device s local authentication mechanism to modify their own password Deny multi login When enabled once a user has logged in with his her authentication account no other user is permitted to log into the same account Temporarily block when login failed more than Perform temporary blocking when login failures exceed the number of time s entered in this field EN 0 means no limits Caution IP blocking period Determine the amount of time for blocking the corresponding IP w 0 means permanent blocking Caution 82 Objects IFW320 Industrial Firewall Appliance Pe
9. Add Setting LAN Group completed In addition select Mark tick box and click on to create a new sub content 4 t to modify contents or to cancel list Select IP Mode IP 4 Y Group Name and IP Address 1rd Mark Group Name Member groupl 152 168 1 111 dd Edit Del 60 Objects IFW320 Industrial Firewall Appliance Here is an example showing how LAN Group is used Example 1 Select Policy gt LAN Policy gt LAN to WAN 2 Click on and set Action to Drop and then set Source to group A which you have just selected in section 6 1 Address Table Policy gt LAN Policy Basic Setting Polic y Name Source group IP Address MAC Address TEN s Inside_Any ON Destination 2 Inside_ DHCP IP Address Action Dro alak Lan Policy AA Protocol ALL v service Port or Group E User Defined Y Service Port Software Access Control Jone Y QoS Jone Y schedule Jone Y URL Access Control Jone Y Authentication Jone Y Bulletin Board Jone Max Concurrent Sessions for Each Source IP Address D 3 Setting Address Policy completed refer to the following figure f Policy gt LAN Policy Gab LAN to WAN LAN to WAN Policy No Policy Name Source Destination Services Action On Off Inside_Any Outside_Any 6 1 3 WAN IP Address Select Objects gt Address Table gt WAN IP Address The WAN IP Address is set in the same way as LAN IP Address Outsid
10. G4 axarres Industrial Firewall Appliance User s Manual Disclaimers This manual has been carefully checked and believed to contain accurate information Axiomtek Co Ltd assumes no responsibility for any infringements of patents or any third party s rights and any liability arising from such use Axiomtek does not warrant or assume any legal liability or responsibility for the accuracy completeness or usefulness of any information in this document Axiomtek does not make any commitment to update the information in this manual Axiomtek reserves the right to change or revise this document and or product at any time without notice No part of this document may be reproduced stored in a retrieval system or transmitted in any form or by any means electronic mechanical photocopying recording or otherwise without the prior written permission of Axiomtek Co Ltd Trademarks Acknowledgments Axiomtek is a trademark of Axiomtek Co Ltd Windows is a trademark of Microsoft Corporation Other brand names and trademarks are the properties and registered brands of their respective owners Copyright 2015 Axiomtek Co Ltd All Rights Reserved January 2015 Version A1 Printed in Taiwan Safety Precautions Before getting started please read the following important safety precautions 1 Be sure to ground yourself to prevent static charge when installing the internal components Use a grounding wrist strap a
11. Language English Language Notification Traditional Chinese Simplified Chinese This function is useful for reminding users when exceptions occur In this section you can enable the following lists 3 5 1 Notification Select Configuration gt Notification gt Notification Notification Sender Account Auto Victoria faxiomtek con tw Recipient Try to send times 1 1 5 Mark Item Mail Subject 1 WAN Disconnection WAN disconnect 2 DDNS Update Failed DDNS fail 3 SLB Disconnetion SLB disconnect 4 Master Slave Switch HA switch 5 Firewall Protection SYN ICMP UDP PortScan 6 Anomaly IP Outgoing Incoming session flow up flow down Firewall protection Anomaly IP 7 IDF Attack Log IDP Log 8 System Log Admin log 9 Administrator Login Failure Event 10 SSL VPN and Web Authentication Login Failure 11 Software Upgrade 12 Collaborative defense Admin login fail Auth login fail Software upgrade Defense 13 Botnet Attack Log Botnet Log 14 CMS Client management requests Connect status abnormal Backup failed Restore failed CMS 15 Database Anomaly 16 IPSec Disconnection Database Anomaly IPSec disconnect O Save Sender Account Default selection is Auto Select one SMTP server which you have ever set in Configuration gt Administration gt SMTP Server Configuration 27 IFW320 Industrial Firewall Appliance Current Setting After users select SMTP Setting system will
12. Name 24G 4 SFP Web Smart Switch 2 03 24 Port Gigabit Switch 24G 4 SFP Web Smart Switch 2 03 24G 4 SFP Web Smart Switch 2 03 24G 4 SFP Web Smart Switch 2 03 Click on to add switch and click on o E to create a new one e https 192 168 188 1 8443 Program Services SwitchAdd php action searchAdd amp id 0 Windows Internet Explorer Switch Setup Add New Switch Interface Switch Type Switch Model Name Alias IP Address Number of Port SNMP Read Community SNMP Write Community Web Management 124 Switch Status gt n searchAdd8tid 0 Co defense Lan v Co defense SNMP Switch General SNMP Switch 24G 4 SFP Web Smart 192 168 188 74 24 public Connection Test Connection Test private 80 Advanced Protection IFW320 Industrial Firewall Appliance Setting switch completed In addition click on 4ii to create a new sub content to modify contents or to cancel list Switch List 1 1 Search Switch Interface Switch Type Name IP Address Number of Port Web Management Action Lan SNMP Switch 24G 4 SFP Web Smart Switch 2 03 192 168 188 74 24 o E Lan SNMP Switch ShareTech ML 9324 192 168 188 165 24 O 8 3 Internal Protection lt has been the most difficult for firewall appliance to detect broadcast package sent out on the local network such as ARP spoofing and private DHCP server because of congenital dete
13. Protocol 1 ALL 2 ICP 3 UDP 4 ICMP ICMP Internet Control Message Protocol Service Port or Group The services are regulated Available options are the system default services and the services that are customized in section 6 2 Services Software Access Control It can restrict the use of application software Set this function in Software Blocking in section 6 5 Application Control Policy 99 IFW320 Industrial Firewall Appliance 005 QoS The guaranteed and maximum bandwidth settings The bandwidth is distributed to users Set this function in section 6 4 QoS 5 Schedule Activate as per the configured scheduled time Set this function in section 6 3 Schedule Y URL Policy It can restrict the access to any URL websites specified Set this function in section 6 6 URL Filter G Internet Auth This requires users to be authenticated to create a connection Set this function in section 6 9 Authentication Using Which WAN It determines over which WAN interface s packets are permitted to pass through 1 All Packets are granted to pass through all interfaces once approved by the configured policy 2 E WAN Policy approved packets may access WAN oe Maximum Concurrent Sessions per IP Address It determines the maximum number of concurrent sessions of each IP address If the amount of sessions exceeds the set value new sessions will not be created a Drop Skype It can restrict the use of Skype protocol d
14. 1 All O Tagged Only 1 o All O Tagged Only 1 Porta O Al Tagged Onyi Ponts O A Tagged Onyi Pont oa Tagged Only 1 SN An Tagged Oaly 1 AE q g EEE TA ili SEBE OOOO g El RU ERE a 2 8 a 2 l Your port is described in the following figure Name 24G 4 SFP Web Smart Switch 2 03 IP Address 192 168 1 144 2 3 13 14 15 a 56H 8 980 442 1 SAA m i LS i Double click to display the complete information 16 17 18 192 168 1 11 192 168 1 11 8c 89 a5 18 7c 3d Then distribute some ports among one group Figure below shows the VLAN Setup 50 Network IFW320 Industrial Firewall Appliance Add VLAN ID 3 now or otherwise port 6 cannot surf Internet gt Add VLAN ID Comment Multiple Subnet IP Address LAN 192 168 23 161 255 255 255 0 LAN 192 168 10 1 255 255 255 0 DMZ 172 16 1 161 255 255 255 0 Netmask Interface VLAN ID The 802 10 setting is finished see figure below gt 802 1Q Mark Comment IP Address Netmask Interface F Tagged VLAN ID 192 168 23 161 255 255 255 0 LAN Add Edit XxX Del Network 51 IFW320 Industrial Firewall Appliance This page is intentionally left blank 52 Network IFW320 Industrial Firewall Appliance Chapter 5 Policy IFW320 inspects each packet passing through the device to see if it meets the criteria of any policy Every packet is processe
15. 100Mbps User Define Speed and Duplex Mode Auto 1000mbFull MTU 1500 Load Balance Auto Manual 1 F By Source IF By Destination IF WAN Alive Detection Detection Method DNS ICMP NONE Detected IP Address 168 95 1921 Administrator Management Ping HTTP HTTPS Firewall Protection Firewall Protection Items SYN WICMP O UDF W Port Scan Log General Setting DMS Server Mode Static 0 Auto DMS Server 1 168 95 1 1 DNS Server 2 168 95 192 1 HTTF Fort 80 HTTFS Fort 443 Wan Alive Detection Period 5 Ct 1 503 Seconds Idle Timeout 60 5 60 Minutes O dave Interface Name eth1 Enter any word for recognition IP Address Depend on the Connection Method DHCP and PPPoE mode do not need to set IP address Only Static mode needs to setup IP address 42 Network IFW320 Industrial Firewall Appliance Default Gateway Depend on the Connection Method DHCP and PPPoE mode do not need to set Default Gateway Only Static mode needs to setup Default Gateway Up Speed Max 1000Mbps The IT administrator must define a proper bandwidth for each of them in order that the device may use it as a basis for operating The Kbps is a unit of Speed You can click on Custom Define link to set your speed according to ISP s WAN Speed Speed and Duplex Mode Usually it sets on Auto You also can select another setting Load Balancing It offers four methods 1 Auto Distributes the outward sessions by the usage status of each WAN port 2
16. 192 168 1 111 192 168 1 111 64 4 44 51 192 168 1 111 192 168 1 111 66 220 151 99 nl flo Js Jo Jo Js Jo Jo Jo Js eS o JE Ns ll WAN Protocol TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP TCP Packet Size 427 40 40 42 67 40 40 40 40 SRC Port 49349 40020 49950 443 49349 6523 49351 443 5222 5222 DST Port 40020 49349 6523 49356 40020 49950 5222 49356 49351 49351 443 5222 49356 49949 443 49356 40020 443 49349 49349 443 49356 49356 5222 Network Services IFW320 Industrial Firewall Appliance If you want to export syslog to txt file please follow steps below Please select File gt Setup file f Edit View Manage Help Send test message to localhost Purge Import settings fom NI file Export settings to INI file Create Tech Support File Zip Ext 06 30 2011 06 30 2011 06 30 2011 06 30 2011 06 30 2011 06 30 2011 06 30 2011 06 30 2011 06 30 2011 06 30 2011 06 30 2011 06 30 2011 06 30 2011 06 30 2011 06 30 2011 11 58 57 11 58 57 11 5857 11 5857 11 5657 11 5856 11 5856 11 5656 11 5855 11 58 56 11 5856 11 5856 11 58 56 11 58 56 11 58 56 Keinel Notice 192 168 254 254 Kernel Notice 132 160 254 254 Kemel Notice 192 168 254 254 Keinel Notice 192 168 254 254 Kemel Notice 192 160 254 254 Kemel Notice 192 168 254 254 Kernel Notice 132 160 254 254 Kemel Not
17. 3 Y Mail Server Pro Inside_Any Outside_Any Mail E gt 4 y Working Inside_Any Outside_Any gt ES Sh QoS Inside_Any Outside_Any gt gt 005 6 v URL block Inside_Any Outside_Any O y oF Group Name test2 List Mode Blacklist Match Mode Fuzzy URL Blacklist google yahoo youtube Add IP Blacklist 6 6 3 Other Settings Select Objects gt URL Filter gt Other Settings Its a default block page settings Default Block Page Settings Warming message WEW Warning Subject Access Denied Access to the page has been Warming content denied because the following page is blacklisted F pava Objects 75 IFW320 Industrial Firewall Appliance 6 7 Virtual Server The real IP address provided from ISP is always not enough for all users when the system manager applies the network connection from ISP Generally speaking in order to allocate enough IP addresses for all computers an enterprise assigns each computer a private IP address and converts it into a real IP address through IFW320 s NAT Network Address Translation function If a server that provides service to WAN network is located in LAN networks external users cannot directly connect to the server by using the server s private IP address The Virtual Server has set the real IP address of the IFW320 s WAN network interface to be the Virtual Server IP Through the Virtual Server function the IFW320 translates the Virtual Serv
18. 6 9 2 Local User login Select Objects gt Authentication gt Local User User List If you have many accounts you can click on LBwwse to bring in accounts After selected click on Imt Then you do not have to enter account step by step Click on first Add User Account Name victoria Account victoria Password aamame Password Strength Confirm Password aamame Require Password Change at Next Login Account Expiration Date 2015 11 12 40 Noy 2015 maximum 16 characters maximum 16 characters 8 Please input 3 to 16 characters not the same with account e Sun Mon Tue Wed Thu Fn Sat 1 2 3 4 5 E 9 10 11 12 15 l 17 12 19 22 23 dd 25 26 22 30 1 2 3 fie T g 9 10 Clear Today Name The user name for authentication User Account The account for authentication Password The password for authentication Confirm Password The confirmation of password 6 7 13 14 20 21 ai 28 4 5 AES et Ok Show Password Add Require Password Change at Next Login If selected the local authentication accounts can be forced to change their passwords at their next login attempt 84 Objects IFW320 Industrial Firewall Appliance User account expiration date Set the period of validity for a user s account Setting Local Users completed In addition click on to create a new sub content 2 Edit to modify contents or l to cancel list User
19. DC power input with terminal block VGA USB WAN amp LAN e ACT LED Indicate the storage status and it flashes when system is accessing data from the storage PWR LED Indicate the Power status When the DC input is acceptable the LED will ON USB USB 2 0 port WAN Port Connect to the perimeter router LAN Port Connect to the Intranet of the company Terminal Block DC power input with terminal block VGA VGA port for console ES Description of Gigabit LAN WAN connector is indicated in table below Note D2 Link Activity LED D1 Bi color Speed LED Status Description Status Description _ 10Mbps e y Green 100Mbps aren ee Green Yellow 1000Mbps Introduction 5 IFW320 Industrial Firewall Appliance 1 4 DIN Rail Mounting The IFW320 provides DIN rail mounting kit for user to mount the system to a standard DIN rail Follow steps below 1 Prepare components for DIN rail mounting screws and bracket 2 Fasten the bracket to the system with screws firmly 6 Introduction IFW320 Industrial Firewall Appliance Chapter 2 Getting Started 2 1 Basic System Configuration 2 1 1 Connect to Hardware and Software Connect both the IT administrators PC and the devices LAN port to the same hub switch and launch a web browser e g Internet Explorer or Mozilla Firefox to access the management interface address which is set to http 192 168 1 1 by default Therefore the IP addresses o
20. IDP Setting gt Basic Setting Basic Setting IDP Advanced Setting Click save after completing setting Save Risk Level Action Log Low Risk 1414 x Risk Level The risk level IDP BotNet 129 IFW320 Industrial Firewall Appliance Action Click on Action button 1 On 2 Off Log Click on Log button 1 On 2 Y off Save After completing this model setting please click on H Click on IDP Advanced Settings link And you will see a screen as shown is figure below On the other hand click on IDP Basic Setting to get back to previous step After setting your IDP function do not forget to click on In addition click rectangular form if you want to see class name list Advanced Setting IDP Basic Setting Click save after completing setting Save Group Name Action Log ATTACK RESPONSES 13 E O Group Name Risk Level ATTACK RESPONSES command completed L ATTACK RESPONSES file copied ok E ATTACK RESPONSES successful gobbles ssh exploit GOBBLE E ATTACK RESPONSES successful gobbles ssh exploit uname L ATTACK RESPONSES command error L ATTACK RESPONSES Invalid URL L ATTACK RESPONSES directory listing L More JA ib EL w ICMP 62 gt O ICMP 2 gt O INFO 4 E gt MALWARE BACKDOOR 2 E gt x 130 IDP amp BotNet IFW320 Industrial Firewall Appliance Click on More to see more detail of risk group name 4 192 168 186 79 Proeram Idp showmor
21. and the worse IT administrators do not backup system as scheduled or users forget where those files are Moreover users may also come across insufficient storage available problem Therefore users would like this function in order to schedule data backup automatically 3 6 1 Data Backup Select Configuration gt Backup amp Mount gt Data Backup Backup Destination Backup Method samba IP Address 192 165 1 1 Folder Mame SHARE Username Password Confirm Password Connection Test Backup Method Samba IP Address Enter an IP address Folder Name Enter a folder name you like w User has to create this folder name in C drive if your OS is Windows Caution Username Enter username here Password Enter user password here Confirm Password Password confirmation Click on Connection Test You will see the message below if your setting is correct A test OK A 30 Configuration IFW320 Industrial Firewall Appliance Scheduled Backup Select the time you want the system to run backup schedule Send Backup Result Notification User have to go to Configuration gt Notification gt Notification to set your information first Then you will get mail after system backup successfully f A Se 2 y 9 Y AS x Please choose a command Y Check Write m Reply Reply all Forward Print Delete E 9 R From Subject al Admin 2011 09 19 Data Export Results Admin 2011 09 19 Data Export Res
22. m NAT 1 1 NAT Port forwarding Application software management VoIP P2P SMS Web Web Mail and Entertainment software m Industrial Protocol management EtherCAT Ethernet IP Lonworks Profinet Modbus DNP URL white list Virtual server m System status system performance connecting status data flow analysis Whitelist user group existing IP white list Router Firewall Redundancy e Intrusion Detection and Prevention m IDP Intrusion Detection and Prevention BotNet prevention Abnormal IP analysis m Switch management e VPN Features m Protocol IPSec PPTP SSL VPN Encryption DES 3DES AES m Authentication Pre Shared Key PSK SHA MD5 m PSec Dead Peer Detection Show remote Network Neighborhood m SSL VPN server setting certificate setting m SSLconcurrent VPN channels Max 50 SSLVPN user number Max 300 VPN channel number IPSec channels Max 100 PPTP client Max 50 PPTP server Max 50 VPN control Stateful packet inspection m NAT Traversal e Data Throughput m 500Mbps Introduction IFW320 Industrial Firewall Appliance VPN Throughput m 3Des 50Mbps Des 78Mbps Aes 85Mbps Management Support Network Time Protocol NTP Web management HTTP HTTPS System file backup and upgrade Interface WAN LAN flow statistics System configuration system configuration default restoration message notification export import Network Service Routing ta
23. 139 2 0 312 Computer Name The computer s network identification name IP Address It shows the computer IP Address Session It shows the current number of sessions connected to the computer Up Speed bits It shows the upstream bandwidth for the computer Eight bits is a unit of a bytes second 1024 bytes 1 KB Down Speed bits It shows the downstream bandwidth for the computer Eight bits is a unit of a bytes second 1024 bytes 1 KB Click on lt shows more detail information see figure below Destination IP search clear 30 Seconds clear all Protocol Source IP Destination IP Port WAN Up Packets Down Packets Up bps Down bps tcp 192 168 188 139 192 168 188 136 50240 gt 443 a 5 4 7 01K 2 42K tcp 192 168 188 139 192 168 188 136 50241 gt 443 a 4 4 2 87K 2 42K Destination IP search Type the specific IP address you want to search Port It shows the packets going through from source port to destination port Up Packets It shows the current upload flows Down Packets It shows the current download flows Up bps The accumulation of upload flow Eight bits is a unit of a bytes second 1024 bytes 1 KB Down bps The accumulation of download flow Eight bits is a unit of a bytes second 1024 bytes 1 KB Status 177 IFW320 Industrial Firewall Appliance 14 3 Flow Analysis It shows all main flow of connection This function not only records the Downstream Flow and Up Flow but als
24. 174 Status Status IFW320 Industrial Firewall Appliance 14 1 3 History Status Select Status gt Performance gt History Status Set information and click on Sesh Then you will see Search Result lt shows the history system condition search Condition CPU b System Load RAM search Object s LAM VAN Date 2014 11 13 28 00 00 2014 11 13 23 00 Y Search Search Result Your search period is Start Time 2014 11 13 0 00 End Time 2014 11 13 23 00 lt gt System Usage E Avg of 2 Minis 3 0 f 5 EA mm a 10 O 0000 0200 0400 0600 0800 21000 200 1400 1600 1800 2000 2200 verage 0AA Max 307 Min 000 Now 009 GtMemary Usage E vg of 2 Minis 1024 H SEH 614 H 40H 205 M bytes gt 0000 0200 0400 0600 0800 000 1200 1400 1600 1800 2000 2200 Average 35540 Bytes Hax 392 28M Bytes Hin 343 184 Bytes Now 385 04H Bytes Search Object s There are CPU System Load RAM LAN and WAN Date Select date ranges 175 IFW320 Industrial Firewall Appliance 14 2 Connection Status The Connection Status section records all the connection status of host PCs that have ever connected to the IFW320 It shows computer list and connect track 14 2 1 Computer List Select Status gt Connection Status gt Computer List lt shows the current connection status information Online 0 IP 4 Refresh Client OS Detection Excluding IP 1 4 OS Static Alias IP Address MAC
25. 18 11 Local1 Info 192 18 12 Loca11 Info 192 18 24 Local1 Info 192 18 27 Local1 Info 192 18 29 Local1 Info 192 18 29 Local1 Info 192 18 29 Local1 Info 192 18 29 Locall Info 192 18 29 Locall Info 192 18 29 Locall Info 192 18 29 Locall Info 192 18 29 Locall Info 192 18 29 Locall Info 192 18 29 Local1 Info 192 18 29 Local1 Info 192 18 29 Local1 Info 192 18 29 Local1 Info 192 18 29 Locall Info 192 18 29 Local1 Info 192 18 29 Locall1 Info 192 18 29 Local1 Info 192 18 29 Local1 Info 192 18 29 Local1 Info 192 18 29 Local1 Info 192 18 29 Local1 Info 192 18 30 Locall Info 192 18 30 Local1 Info 192 2012 08 28 12 18 30 Locall Info 192 m 1 161 4ug 1 161 4ug 1 161 4ug 161 4u2 1 161 402 1 161 4u2 1 161 4u8 1 161 4u2 1 161 4u2 1 161 402 1 161 4u2 1 161 4u2 1 161 4u2 161 A4u2 1 161 402 1 161 4u2 1 161 408 1 161 4u2 1 161 4u8 1 161 4u2 1 161 4u2 1 161 402 161 4u2 1 161 4u02 1 161 4u2 1 161 4u2 1 161 4u2 1 161 4u2 1 161 4u0g 1 161 4u2 1 161 4u2 1 161 4u2 161 4u2 l fw l fw 17fw l7fw 17fw 17fw 17tw 17fw 17fw 17fw 17fw 17tw 17tw l fw l fw l fw l fw l fw l fw l fw l tw l fw l fw l fw l fw l fw l fw l fw l fw l fw 17fw 17fw l fw ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266
26. 244 Login OK Login Login Successful MAA admin 192 168 189 244 IDF amp Botnet Botnet Setting Operation Wade Save Enabled 11 12 17 57 03 admin 192 168 189 244 Login OK Login Login Successful Mt 192 168 186 133 Login OK Login Login Falge 11 12 17 27 54 admin 192 165 189 244 Login OK Login Login Successful 11 12 16 40 33 admin 192 168 186 133 Login OK Login Login Successful 11 12 16 40 30 192 165 186 133 Login OK Login Login False 11 12 16 34 49 admin 192 168 189 244 Advanced Security Intranet protect ARP Spoofing Log Search IF Address Mt admin 1927 168 189 244 Advanced Security Switch Management Add Interface 11 12 16 20 44 admin 1927 168 189 244 Policy LAN Policy LAM to WAN Policy Add Policy Marne 11 12 16 16 50 admin 192 168 189 244 Network Services Remote Syslog Server Remote Connect Setup Save Enable Time It shows event time Account Which account name has ever done the event IP Address It shows account IP address Function Path Record the superintendent events Logs 169 IFW320 Industrial Firewall Appliance Action The superintendent carries out movement including login add edit delete search refresh and so on Description Describe the event 13 1 2 Logs Search Select Logs gt System Operation gt Logs Search search Condition Account All Computer Marne All IP Address All T Select All a Login Logout System Login Logout Configuration Date Time
27. Address IDP Botnet Packet Tracing Traffic Analysis Firewall Protection SYN Attack ICMP Attack UDP Attack Port Scan IFW320 Industrial Firewall Appliance to add new policy see IP Address MAC Address IP Address ALL Y User Defined Y Service Port None None None None None TEST Bulletin ry None Y Setting Add Policy completed you can see the following figure LAN to WAN LAN to WAN Policy No Policy Name Objects G AAR l ae Ea Ea a O E Mail Server Pre Working Qos URL block Web block victest Source Inside_Any group Inside_Any Inside_Any Inside_Any Inside_Any Inside_Any Inside_Any 192 168 1 118 Inside_Any Destination Outside_Any Outside_Any Outside_Any Outside_Any Outside_Any Outside_Any Outside_Any Outside_Any Outside_Any Outside _Any 1 1 Services Action On Off ANY Edit Del Log AX SU FU FT FS FS FU FE ANY Fany ve ANY WE 353030300 UE A Adh Ah dh Ah dh d d a A Bulletin i TEST Bulletin 95 IFW320 Industrial Firewall Appliance Example The internal users will see bulletin board when they use web browser see figure below After users read bulletin content and click on website Administrator enter Hr Es ER 485 Play YouTube Google 1 Sox Search the web E P A BD 96 Objects IFW320 Industrial Firewall Appliance 6 10 2 Has Re
28. Address Interface Status a Last Update Time 192 168 1 50 192 168 1 50 00 40 f4 c0 2b 5f LAN 2 192 168 1 2 192 168 1 2 20 89 84 69 01 61 LAN 2 x Del User has to select Client OS Detection and click on Esten It shows different OS system which those computers used Alias The computer s network identification name IP Address The computer s IP address MAC Address The computer s network adapter identification number Interface You could know where the connecter is from LAN or BRI Status 1 amp On line 2 amp Off line Last Update Time Display the date and time users login year month day hour minute seconds You can click on to get the current connection status information 14 2 2 Connection Track According to the network packet analysis and tracing it analyzes each of user s behavior on the Internet This function originates the end name to take the classification demonstrated the record of all current users containing the IP address Session Up speed bits Down speed bits and Log Select Status gt Connection Status gt Connection Track lt shows the upload and download flow status of all current users of the computer 176 Status IFW320 Industrial Firewall Appliance Connection Track List This Page Total Session 2 2 ALL y Outgoing 30Seconds y Refresh 1 1 Computer Name IP Address Session Up Speed bits Down Speed bits Log 192 168 188 139 192 168 188
29. Appliance Connection Method There are three Connection methods 1 Static Static IP address 2 DHCP Using DHCP to get IP address from ISP 3 PPPoE PPPoE Netmask Enter a Netmask Default setting is 255 255 255 0 MAC address Enter a MAC Address Down Speed The IT administrator must define a proper bandwidth for each of them in order that the device may use it as a basis for operating The Kbps is a unit of Speed You can click on User Define link to set your speed according to ISP s WAN Speed Check Method Using DNS ICMP or NONE to check whether WAN is on or off Both DNS and ICMP need to setup IP address for test 1 DNS Tests the validity of Internet connection by requesting the domain name 2 ICMP Uses ping command to test the validity of Internet connection 3 NONE Line is not detected the connection status is always on line Management Service There are three multiple choice modes PING HTTP and HTTPS In addition you can click Log to see more detail recorder 1 Ping The network can be detected by Ping commands when ticked 2 HTTP The management interface is available for accessing via HTTP Protocol when ticked 3 HTTPS The management interface is available for accessing via HTTPS Protocol when ticked Firewall Protect Items There are four multiple choice SYN ICMP UDP and Port Scan It offers currently available protection In addition you can click on to see more detail recorder DNS
30. By Source IP For services that require using the same IP address throughout the process such as online game and banking IFW320 helps user retain the same WAN port i e IP address over which the session was created to avoid disconnection caused by the variation of the user s IP address 3 Manual According administrator demand to share loading on the WAN 4 By Destination IP Once a session is created between the IFW320 and a specific host then the following sessions linking to that host will be automatically distributed to the same WAN port Connection Method There are three Connection methods 1 Static Static IP address 2 DHCP Using DHCP to get IP address from ISP 3 PPPoE PPPoE Netmask Enter a Netmask Default setting is 255 255 255 0 MAC address Enter a MAC address Down Speed The IT administrator must define a proper bandwidth for each of them in order that the device may use it as a basis for operating The Kbps is a unit of Speed You can click on Custom Define link to set your speed according to ISP s WAN Speed Check Method Using DNS ICMP or NONE to check whether WAN is on or off Both DNS and ICMP need to setup IP address for test 1 DNS Test the validity of Internet connection by requesting the domain name 2 ICMP Use ping command to test the validity of Internet connection 3 NONE Line is not detected the connection status is always on line Management Service There are three multiple
31. Hourks ser Define 00 00 01 00 S 02 00 03 00 S 04 00 S 05 00 06 00 S 07 00 08 00 09 00 10 00 11 00 WM 12 00 B13 00 14 00 15 00 16 00 17 00 18 00 19 00 E 20 00 21 00 22 00 B 23 00 Backup Copy 2 an Backup Mow Backup Mow OOF Configuration 25 IFW320 Industrial Firewall Appliance Enable Check to enable schedule backup Schedule Backup Check to choose backup time You may choose to back up every day s or check on user define to select your backup times Backup Copy The default is 1 copy Backup Now Click on Backup Now to back up immediately 3 3 3 Firmware Upgrade Select Configuration gt System gt Firmware Upgrade Then you will see two parts Software Upgrade and Upgrade Record Firmware Upgrade Server Model IF W320 Firmware Version 6 1 9 Firmware Upgrade Choose File No file chosen O Uprrade Upgrade Log Server Model It displays model name Firmware Version It displays current software version Firmware Upgrade You could know information about server model and current software version Upgrade Log It shows all of upgrade information you had done before 26 Configuration IFW320 Industrial Firewall Appliance 3 4 Language Select Configuration gt Language gt Language lt offers three languages for you to select English Traditional Chinese and Simplified Chinese Select a language which belongs to you Configuration gt Language 3 5
32. IP Address Inside Any will be the representative of the external section of all VPN tunnels either with IPSec PPTP set up Site to Site or the establishment of a single PPTP Server dial up account are in line with the conditions The demand for network administrators can allow or deny specific VPN access other end of the incoming IP address communication services and even time The default access control rule is when the VPN is established both materials are free to communicate with each other to exchange unless prohibited it from incoming VPN controls Action lt offers two movements 1 Permit means any meet the Policy of the packet will be released 2 Drop means discarded 156 VPN VPN IFW320 Industrial Firewall Appliance Protocol The protocol used for communication between two devices TCP and UDP are the two most frequently seen protocols among others Service group Port or Group With service groups the administrator in setting policy can simplify many processes gt For example there are ten different IP addresses on the server can access five different services such as HTTP FTP SMTP POP3 and TELNET If you Example do not use the service group functions you need to develop a total of 10x5 50 policies But with the use of service group functions you only need a policy to achieve the function of 50 QoS Select Objects gt QoS Then the VPN policy set the maximum bandwidth and rate bandwidth Bandwidth
33. List Name T Choose File No file chosen 111 y LI Name Account Require Password Change at Next Login Account Expiration Date LJ victoria victoria No 2015 11 12 dd Edit X Del And then please refer to User Group section to learn how to use Internet Authentication 6 9 3 POP3 RADIUS User Select Objects gt Authentication gt RADIUS User Enter domain name and IP address of your mail server then check on connection Please enter an account and password of the mail server for connection test see figure below 192 168 186 79 HABE z Enter Account I Objects gt Authenticai POP3 RADIUS User Add Server Domain Name ex gmail com Domain can not be repeated Server 192 168 166 368 ex 74 125 53 109 or pop gmail com Connection Test Daye 192 168 186 79 SBE j Enter Password A Objects gt Authenticai Add Server Domain Name ft est com ex gmail com Domain can not be repeated Server 192 168 186 88 ex 74 125 53 109 or pop gmail com Connection Test Ol Save Objects 85 IFW320 Industrial Firewall Appliance If the info is correct it will display Login Test Success see figure below 192 168 186 79 IB Beer Login Test Success A Es she Objects gt Authentical POP3 RADIUS User Add Server Domain Name test com ex gmail com Domain can not be repeated Server fi 92 168 186 88 ex 74 125 53 109 or pop gmail com
34. PM From Admin y To ting sharetech com tw 2 Subject 2011 01 22 18 45 Admin log gt Admin Log Al Time Admin IP Address Function Path Action Events Content 01 22 Policy gt LAN Policy gt 13 57 13 admin 192 168 1 111 TAN to WAN Policy Ad Policy Name 7 Policy gt LAN Policy gt admin 192 168 1 111 LAN to WAN Policy Edit Policy Name m admin 192 168 1 111 en Save Interface Name ethi 01 22 14 05 34 01 22 16 06 22 01 22 16 06 30 01 22 admin 16 19 55 Network Services gt DNS Server gt DNS Server Add Domain name Objects gt Internet Auth NA When asked how long gt Auth Settings the idle re registration Objects gt Internet Auth a When asked how long gt Auth Settings the idle re registration Objects gt Internet Auth iae When asked how long gt Auth Settings the idle re registration admin 192 168 1 111 admin 192 168 1 111 admin 192 168 1 111 192 168 1 111 01 22 Objects gt Internet Auth When asked how long 16 20 02 admin 192 168 1 111 gt Auth Settings Save the idle re registration 01 22 102168 1 111 Objects gt Internet Auth Agd nome Gmail Calendar Documents Photos Reader Web more v glowworm1004 gmail com Settings Help Sign out Es mail Search Mail Search the Web tew search options gi EAT About these ads g
35. SSL VPN Since the Internet is in wdespread use these days the demand for secure remote connections is increasing To meet this demand using SSL VPN is the best solution Using SSL VPN and just a standard browser clients can transfer data securely by utilizing its SSL security protocol eliminating the need to install any software or hardware An SSL VPN Secure Sockets Layer virtual private network is a form of VPN that can be used with a standard web browser In contrast to the traditional Internet Protocol Security IPSec VPN an SSL VPN does not require the installation of specialized client software on the end user s computer It s used to give remote users with access to web applications client server applications and internal network connections A virtual private network VPN provides a secure communications mechanism for data and other information transmitted between two endpoints An SSL VPN consists of one or more VPN devices to which the user connects by using his web browser The traffic between the web browser and the SSL VPN device is encrypted with the SSL protocol or its successor the Transport Layer Security TLS Protocol An SSL VPN offers versatility ease of use and granular control for a range of users on a variety of computers accessing resources from many locations There are two major types of SSL VPNs 1 SSL Portal VPN This type of SSL VPN allows for a single SSL connection to a website so the end user can secure
36. Server 1 The IP address of the DNS server used for the bulk of DNS lookups Default setting is 168 95 1 1 HTTP Port HTTP port number for management Default setting is 80 WAN Check Time System administrators can enter the system every interval of time to do more testing unit is calculated in seconds Default setting is 3 second DNS Server 2 The IP address of the backup DNS server Use it when the Primary DNS server is unreachable Default setting is 168 95 192 1 HTTPS Port HTTPS port number for management Default setting is 443 Disconnect if idle for The device may be configured to automatically disconnect when idle for a period of time upon using PPPoE connection The minute is a unit of time Default setting is 60 minutes Getting Started 11 IFW320 Industrial Firewall Appliance 2 3 12 Homepage Information 2 3 1 Menu Bar Through menu bar on top of the screen you can know different models depend on the different colors 2 3 2 MENU On the other hand through MENU from the left side of the screen you can see different function lists depend on the different models UR model has Content Recorder function but it does not have IDP and SSL VPN functions AW model has IDP and SSL VPN function but it does not have Content Recorder function 2 3 3 System Time and System Resource It shows Server 1 1 Date Time Current Time zone It also displays the CPU Memory Flash and HDD simultaneously from 9 1 Per
37. VPN connections When used in combination with remote client authentication it links the business remote sites and users conveniently providing the enterprise with an encrypted network communication method By allowing the enterprise to utilize the Internet as a means of transferring data across the network it forms one of the most effective and secures options for enterprises to adopt in comparison to other methods In this VPN chapter you can enable the following lists IPSec Tunnel PPTP Server PPTP Client VPN Policy 11 1 IPSec Tunnel IPSec IPSec IP Security is a generic standardized VPN solution IPSec must be implemented in the IP stack which is part of the kernel Since IPSec is a standardized protocol it is compatible to most vendors that implement IPSec It allows users to have an encrypted network session by standard IKE IKE Internet Key Exchange We strongly encourage you to use IPSec only if you need to because of interoperability purposes When IPSec lifetime is specified the device can randomly refresh and identify forged IKE s during the IPSec lifetime In this section you can enable the following lists 11 1 1 IPSec Tunnel Select VPN gt IPSec Tunnel gt IPSec Tunnel Click on 42 button to create a new IPSec Tunnel Enabled Select it to start the connection IPSec Tunnel Name Enter any words for recognition Interface This is only available for host to host connections and specifies to which int
38. can achieve an algorithm up to 160 bits 4 MD5 MD5 Message Digest Algorithm Algorithm MD5 processes a variable length message into a fixed length output of 128 bits 5 DH Group When the encryption technique is aes it can be choice 2 5 14 15 16 17 18 but if the encryption technique is 3des it only can be choice 2 5 6 Auto Pairing Local ID An ID for the local host of the connection Remote ID An ID for the remote host of this connection VPN IFW320 Industrial Firewall Appliance IKE SA Lifetime You can specify how long IKE packets are valid IPSec It offers aes 3des shal and mdb 1 AES All using a 128 bit 192 bit and 257 bit key AES is a commonly seen and adopted nowadays 2 3DES Triple DES is a block cipher formed from the DES cipher by using it three times It can achieve an algorithm up to 168 bits 3 SHA1 The SHA1 is a revision of SHA It has improved the shortcomings of SHA By producing summary hash values it can achieve an algorithm up to 160 bits 4 MD5 Algorithm MD5 processes a variable length message into a fixed length output of 128 bits 5 Auto Pairing Perfect Forward Secrecy PFS Perfect Forward Secrecy Set Yes to start the function DH Group when the encryption technique Is aes it can be choice2 5 14 15 16 17 18 but the encryption technique is 3des only can be choice 2 yD IPSec SA Lifetime Set to 1 3 hours Default setting is 3 hours Dead Peer De
39. chosen Configuration 35 IFW320 Industrial Firewall Appliance 2 Sometimes organizations will ask for server cst and server key Therefore please enter information and download files Offer these two files to SSL Certification organization SSL Proof Set Two letter Country Codes exc TW Required State Or Province ex TARMAN Required City iex TAIPE Required Organization Marne ex PACA Required Unit Hame fex IT SYSTEM Required Domain Mame fox www Sample com tw Required Application Personnel Erai ex samplegimail caom Required Downlode file severcsr server key 36 Configuration IFW320 Industrial Firewall Appliance Chapter 4 Network In this chapter Administrator can set the office network There are two parts Interfaces and Routing The Administrator may configure the LAN and WAN IP addresses Besides it not only includes IPv4 address setting but also IPv6 address settings Interfaces Interfaces IPv6 Routing 802 1Q 4 1 Interface IFW 320 is an industrial firewall to defend industrial networks by safeguarding sensitive control networks Beginning with a pure firewall protection it offers IDP BotNet WEB Filtering VPN IPSec PPTP SSL authentication to secure remote security etc Network Administrators can set up different network entries enable related security mechanism and secure gateway based on their needs This configuration process is also very similar on ordinary firewalls and IP switch
40. domain names are translated to IP address Therefore www Axiomtek com tw might be translated to 211 22 160 28 Example Actually hostnames and IP addresses do not necessarily match on a one to one basis Multiple hostnames may correspond to a single IP address combined with virtual hosting this allows a single machine to serve many websites Alternatively a single hostname may correspond to many IP addresses this can facilitate fault tolerance and load distribution and also allows a site to move physical location seamlessly In this section you can enable the following lists 102 Network Services IFW320 Industrial Firewall Appliance 7 3 1 General Setting Enter internal IP range in order to help them query domain name 7 4 Allow recursive queries from 192 168 99 111 32 ex 192 166 1 0 24 192 160 5 50 32 El save High Availability IFW 320 can be easily run in HA HA High Availability mode At least two IFW320 machines are required for HA mode one assumes the role of the active Master firewall while the others are standby Backup firewalls If the Master firewall fails an election between the Backup will take place and one of them will be promoted to the new Master providing for transparent failover In this section you can enable the following lists 7 4 1 High Availability To set up such a HA configuration first set up the firewall that is going to be the Master At this point the Backup mode canno
41. figure LAN to WAN Policy 1 4 No Policy Name Source Destination Services Action On Off Policy Edit Del Log 17 Inside_Any Outside_Any O v FB a Ss group Outside_Any ANY O gt 8 3 Y Mail Server Pre Inside_Any Outside _Any Mail B r FB 47 Working Inside_Any Outside_Any ANY v E ax 57 QoS Inside_Any Outside_Any ESE gt PT ee O et lt me XC QoS Name Priority Bandwidth Mode Interface Down Speed Up Speed hos Poly 2 Guisoina LAN 256 Kbps 1024 Kbps 256 Kbps 1024 Kbps WAN Kbps Kbps Kbps Kbps 6 5 Application Control 6 5 1 Setting Select Objects gt Application Control gt Setting lt offers seven kinds of software blocking File Sharing Application Instant Messaging Client VOIP Application Block WEB application Block WEB Mail Block Game Others In this section you can enable the following lists Click on 4 Click on 444 first Group Name Enter any word for recognition Objects 69 IFW320 Industrial Firewall Appliance File Sharing Application Instant Messaging Client VOIP Application and WEB Application Block File Sharing Application Select All ares Ares foxy Foxy soulseek P2P Instant Messaging Client Select All aim ICO AIM yahoo Yahoo VOIP Application Block Select All jabber An open instant messenger protocol bittorrent Bit Torrent gogobox GoGoBox winmx inhi googletalk Google Talk webim Weblht h323 H 323 WEB Mail Block Game
42. flash Download mp3 Download png Download rtf Download uflash Upload ump3 Upload upng Upload urtf Upload replaytv ivs ReplayTW Internet Video Sharing edonkey Edonkey ezpeer ezpeer clubbox Clubbox imesh iMesh xunlei Thunder qq 00 skype Skype msnmessenger MSN MSNLite line LINE for PC Android sip SIP webmail _hinet Hinet webmail_live Hotmail webmail_qq QQ y webmail_seednet Seednet hinedo Hinedo Broadcast qglive OQ Live pplive PPLive baofeng baofeng netpas NETPAS ACC phproxy HTTP proxy written in PHP hamachi Hamachi torproject TOR gt freegate Freegate and Utlasurf gnucleuslan LAN only P2P goboogy Korean P2P poco Chinese P2P 5 tesla P2P fasttrack F asttrack gnotella Gnotella vagaa P2P napster P2P morpheus Morpheus mute MUTE gt bearshare BearShare kazaa KaZaa cimd SMSC protocol by Nokia ire Internet Relay Chat Custom File ExtensionFile Extension Add gif Download html Download ogg Download pdf Download postscript Download rar Download tar Download zip Download ugif Upload uhtml Upload y uogg Upload updt Upload upostscript Upload urar Upload utar Upload uzip Upload shoutcast streaming audio 70 Objects IFW320 Industrial Firewall Appliance Game SelectAll arm
43. generated its own security credentials which Chrome cannot rely on for identity information or an attacker may be trying to intercept your communications You should not proceed especially if you have never seen this warning before for this site Proceed anyway Back to safety gt Help me understand 34 Configuration IFW320 Industrial Firewall Appliance It will show green browser if SSL Certification is installed see figure below see gt 2 e gt nug RZ https email mahkotan x C 8 Mahkota Medical Centre Sdn Bhd MY https email mahkotamedical com 38 7 iii Apps mail Server Administrator Login Account Password Login 3 9 1 SSL Proof Set Note that Axiomtek doesn t suggest and guarantee any one of SSL Certification organizations the following are for examples only Caution GeoTrust htips www Aone com Symantec http www symantec com verisiqn ssl certificates inid us ps flyout prdt s ssl StartSSL PKI http www startssl com Select Configuration gt SSL Proof 1 Please import three files server Key server crt and intermediate certificate which you apply for your own SSL Certification from SSL Certification organizations see figure below SSL Certification Import File server key Choose File No file chosen File server crt Choose File Mo file chosen File Intermediate Certificate Choose File No file
44. gt FAIL SMTPS gt gt FAIL POP3IS gt gt FAIL IMAP S gt gt FAIL scan axiomtek com tw IFW320 Industrial Firewall Appliance ax 50 characters OK 163 IFW320 Industrial Firewall Appliance 164 Scanning www google com Port Scan Setting Domain or IF to Scan Port Scan Result 10 50 24 FTP gt FAIL 10 50 25 55H gt FAIL 10 50 26 TELNET gt gt FAIL 10 50 27 SM TP gt gt FAIL 10 50 27 HTTR gt gt OK 10 50 20 POP3 gt gt FAIL 10 50 29 SAMBA gt gt FAIL 10 50 30 IMAP gt gt FAIL whi google com Max 50 characters OOF 10 50 31 SNMP gt gt FAIL 10 50 32 PROxY gt gt FAIL 10 50 33 ly o QlL gt gt FAIL 10 50 34 SMTPS gt gt FAIL 10 50 36 POPSS gt gt FAIL 10 50 37 IMAP S gt gt FAIL 12 1 5 IP Route IP Route shows router status in order to Know router information it also shows multiple subnet status IP Route default via 192 165 156 1 dey eth 60 49 6 105 via 192 166 186 1 dey eth src 192 160 106 739 192 160 1 0 4 dev ethU proto kernel scope link src 192 168 1 1 192 165 5 0 24 via 192 166 1 14 dey eth 19 160 939 024 dev eth proto kernel scope link src 192 168 99 0 192 160 106 024 dev eth proto kernel scope link src 19 2 1b0 10b 3 Tools IFW320 Industrial Firewall Appliance 12 1 6 Interface Information It shows the present interface information within your IFW320 LAN information
45. is consistent with the policy of the user to share Schedule Select Objects gt Schedule Then set your schedule time Packet tracing Select Packet tracing tick box to start function It records all packets passing through VPN tunnel Traffic Analysis Select Traffic Analysis tick box to start function 157 IFW320 Industrial Firewall Appliance This page is intentionally left blank a IFW320 Industrial Firewall Appliance Chapter 12 Tools In this Tools chapter you can enable the following lists e Connection Test e Remote Management 12 1 Connection Test In this section IFW320 provides Ping Traceroute DNS Query Port Scan IP Route Interface Information and Wake up utilities to help diagnose network issues with particular external nodes 12 1 1 Ping It is an ICMP protocol Most people usually use ping to diagnostic Internet between self and other people when Internet disconnected Select Tools gt Connection Test gt Ping Enter some information in the field and click on Then you will see Ping Result Ping Setting Target IP or Domain vin google carm Max 30 characters Package Size 32 Bytes Range 1 99994 Times 4 Range 0 9999 0 means no limit Wait Time 1 seconds Range 71 9999 Using Interface amp IP LAM 119216811 OOK PING wim google com 74 125 31 104 from 192 168 1 1 32 60 bytes of data 40 bytes from tb in 104 1e100 net 74 125 51 104 icmp se
46. shows current SMTP server setting automatically Recipient Enter receiver email addresses Click on Y Click this to save settings you made 3 9 2 Log Select Configuration gt Notification gt Log Search Notification Log Date 2014 11 11 00 00 2014 11 11 Evert ALL Recipient a Records Page 10 Date Set date and time Event Set information that you want to search Recipient The mail receiver Records Page EN Search Select how many data would be shown on the screen Click on Search After you click on 2 sraren you will see the result on the screen Click on E to see logs 3 https 60 249 6 185 7878 Program Configuration Open_Msg_Rec php data 20 pr WAN Detection Time Type WANI STATIC STATIC 2012 03 13 00 28 51 2012 03 13 00 29 22 192 168 188 136 28 Configuration IFW320 Industrial Firewall Appliance Recipients would get emails see figures below Ol 914 From Subject Received Y sze e F Admin 2011 01 23 15 57 WAN disconnect 2011 01 23 03 57PM_ 1KB a F Admin 2011 01 23 15 45 WAN disconnect 2011 01 23 03 45PM_ 1KB a al Admin 2011 01 23 14 48 WAN disconnect 2011 01 23 02 48 PM 1KB E F Admin 2011 01 23 10 21 WAN disconnect 2011 01 23 10 21 AM 1KB A Admin 2011 01 23 04 15 Auto Backup 2011 01 23 04 15 AM 449 KB S 2011 01 22 18 45 Admin log 2011 01 22 06 45
47. terms of the agreement dick I Agree to continue You must accept the agreement to install Kiwi Syslog Server 9 2 0 Select Install Kiwi Syslog Server a Sa Service and click on Next Choose Operating Mode solarwinds The program can be run as a Service or Application This option installs Kiwi Syslog Server as a Windows service allowing the program to run without the need for a user to login to Windows This option also installs the Kiwi Syslog Server Manager which is used to control the service Install Kiwi Syslog Server as an Application This option installs Kiwi Syslog Server as a typical Windows application requiring a user to login to Windows before running the application 111 IFW320 Industrial Firewall Appliance 4 Select The local System Account and click on Next Xx Service Install Options Choose the account that you would like to use to install the Kiwi service solarwinds IMPORTANT NOTICE If you are not using the LocalSystem account to install the service then you MUST use an account that is a member of the local Administrators group Install the Service using Install Kiwi Syslog Web Access sol arwi nd S Remote viewing filtering and highlighting of Syslog events M Install Kiwi Syslog Web Access lt 33 21 995 i8 Create a new Web Access logging rule in Kiwi Syslog Server Kiwi Syslog Web Access can only be enabled in the licensed or evaluation
48. the mode should be changed from NAT to Bridge in the internal network See figure below Bridae Mode Router E mome 3 a Firewall IFW320 Switch Network IFW320 Industrial Firewall Appliance If Bridge mode is adopted to be the operational mode please refer to the following form for more information before configuration Administrator Password Management IP IP Netmask Default Gateway DNS Settings Primary DNS Server Secondary DNS Server Administrator Password System administrator password Management IP Administrative Interface DNS Server IP Internal and external DNS server In the Interface section you can enable the following lists 4 1 1 LAN Select Network gt Interface gt LAN The LAN Interface Setup is as follows LAN Interface Setting Mame Lan Interface Mare ethd Enable MAT T IF Address 192 168 1 1 MNetmask 255 255 255 0 Lip Speed 102400 Kbps Down Speed 102400 Kbps MAC Address OO D00 AB Sd RAAS Speed and Duplex Mode Auto MTL 1500 ARP Spoofing Prevention Enable Every 30 secondsirange 1 600 send 3 times in a row Administrator Management Administrator Management Ping HTTP MHTTPS Diave Multiple Subnet 111 Name Bind IP Address Netmask WAN Interface IP Operation Mode Edit Del Add Name Enter any word for recognition Interface Name etho IP Address Enter an IP address Netmask Enter a Netmask Network 39 IFW320 Industrial
49. the port contains FTP SSH TELNET SMTP DNS HTTP POP3 SAMBA IMAP SNMP PROXY MySQL SMTPS IMAPS etc Select Tools gt Connection Test gt Port Scan Enter domain or IP address for the packets in the field and click on Then you will see Port Scan Result 161 IFW320 Industrial Firewall Appliance 162 Port Scan Setting Domain or IP to Scan Port Scan Result 10 40 41 10 45 42 10 40 43 10 40 44 10 40 45 10 40 46 10 48 47 10 40 40 10 40 43 10 40 50 10 40 51 10 40 52 10 40 53 10 40 54 FTP gt gt FAIL S5H gt gt FAIL TELNET gt gt FAIL SMTP gt FAIL HTTP gt gt FAIL POR3S gt gt FAIL SAMB4 gt gt FAIL Ihr 4P gt FAIL SNMP gt gt FAIL PROXY gt gt FAIL Wy SQL gt gt FAIL SMTPS gt gt FAIL POPSS gt gt FAIL IMAP S gt gt FAIL 192 160 100 139 Max 50 characters OOF Tools Tools Scamning www axiomtek com tw Port Scan Setting Domain or IP to Scan Port Scan Result 10 43 40 10 43 40 10 49 40 10 49 40 10 49 40 10 49 41 10 49 46 10 43 46 10 49 46 10 49 46 10 49 47 10 49 47 10 49 47 10 49 47 FTP gt FAIL Ss H 3 gt gt FAIL TELMET gt gt FAIL SMTP gt gt FAIL HTTP gt gt FAIL PORP3S gt gt FAIL 54 MB4 gt gt FAIL hr 4P gt gt FAIL SNhiP gt gt FAIL PRORY gt gt FAIL Wy SQL gt
50. ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 ulogd 13266 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 1346057503 IN OUT eth0 MAC SRC 199 IN eth0 OUT MAC 00 0d 48 IN OUT eth0 MAC SRC 199 IN eth0 OUT MAC 00 0d 48 IN eth0 OUT MAC 00 0d 48 IN eth0 OUT MAC 00 0d 48 IN eth0 OUT MAC 00 0d 48 IN eth0 OUT MAC 00 0d 48 IN eth0 OUT MAC 00 0d 48 IN eth0 OUT MAC 00 0d 48 IN OUT eth0 MAC SRC 168 IN eth0 OUT MAC 00 0d 48 IN OUT eth0 MAC SRC 168 IN eth0 OUT MAC 00 0d 48 IN eth0 OUT MAC 00 0d 48 IN eth0 OUT MAC 00 0d 48 IN OUT eth0 MAC SRC 168 IN eth0 OUT MAC 00 0d 48 IN eth0 OUT MAC 00 0d 48 IN OUT eth0 MAC SRC 168 IN OUT eth0 MAC SRC 168 IN eth0 OUT MAC 00 0d 48 IN OUT eth0 MAC SRC 168 IN OUT eth0 MAC SRC 174 IN eth0 OU
51. 0 51 cf 19 00 50 80 51 cf 19 00 50 80 51 cf 19 Co Defense Switch Find out which switch is connected to 8 3 4 IP Collision Log IP Address 192 166 195 514 192168 195 23 192 166 195 514 192 166 195 23 192 166 195 514 192 166 195 23 192 166 195 514 192168 195 23 192 166 195 514 192168 195 23 192 166 195 514 192 166 195 23 192 166 195 514 192 166 195 23 192 166 195 514 192 166 195 23 1 ao E Refresh Re record address Co Defense Switch Status Detected the same mac Detected the same mac Detected the same mac Detected the same mac Detected the same mac Detected the same mac Detected the same mac Detected the same mac Action IP Collision Log displays any forged IP address within the internal network allowing administrators to trouble shoot efficiently select Advanced Protection gt Internal Protection gt IP Collision Log Advanced Protection 127 IFW320 Industrial Firewall Appliance IP address Collision List Clear 1 1 Time Mac Address IP Address Co Defense Switch Status Action 2013 11 12 10 58 17 8c 89 a45 18 7c 3d 172 16 7 142 ML9324 7 Detected the same ip 2013 11 12 10 58 17 00 0c 29 7b 41 f7 172 16 7 142 ML9324 7 Detected the same ip 2013 11 12 09 55 13 1c 6165 4b 58 e8 172 16 100 100 ML9324 6 Detected the same ip 2013 11 12 09 55 13 08 00 27 5f 06 1f 172 16 100 100 ML9324 3 Detected the same ip 2013 11 12 09 54 40 1c 6f 65 4b 58 e8 172 16 100 100 ML9324 6 De
52. 00 3 End 2014 11 12 14 16 51 126 Advanced Protection IP Address This IP address is found in which switch port Event IFW320 Industrial Firewall Appliance If co defense is enabled administrators can look up the problem by quickly searching exceeding values and victim conditions Status Attacking is carrying on or stopped Search Search for functions and log according to certain specific conditions 8 3 3 MAC Collision Log MAC Collision Log displays any forged MAC address within the internal network allowing administrators to trouble shoot efficiently Select Advanced Protection gt Internal Protection gt MAC Collision Log gt MAC address Collision List Time 2014 11 2014 11 2014 11 2014 11 2014 11 2014 11 2014 11 2014 11 2014 11 2014 11 2014 11 2014 11 2014 11 2014 11 2014 11 2014 11 0r 15 20 03 07 15 20 03 07 15 15 03 07 15 15 03 OF 14 50 03 OF 14 50 03 OF 14 45 02 OF 14 45 02 OF 14 15 02 OF 14 15 02 OF 14 10 03 OF 14 10 03 OF 14 05 02 OF 14 05 02 07 14 00 04 OF 14 00 04 MAC Address Find out which MAC address is being forged IP Address Which IP address is the forged MAC address Mac Address 00 60 2e0 51 cf19 00 50 80 51 cf 19 00 50 80 51 cf 19 00 50 80 51 cf 19 00 50 80 51 cf 19 00 50 80 51 cf 19 00 50 80 51 cf 19 00 50 80 51 cf 19 00 50 80 51 cf 19 00 50 80 51 cf 19 00 50 80 51 cf 19 00 50 80 51 cf 19 00 50 80 51 cf 19 00 50 8
53. 013 DPT 30139 LEN 121 08 28 2012 13 31 01 Locall Info 192 168 1 161 Aug 28 13 31 05 I7fw ulogd 13266 1346057503 15 IN ethO OUT MAC 00 0d 48 0e 26 f2 40 61 86 66 fc ff 08 00 SRC 192 168 1 111 DST 157 55 130 143 LEN 39 TOS 00 PREC 0x00 TTL 128 ID 8182 PROTO UDP SPT 30139 DPT 40013 08 28 2012 13 31 01 Locall Info 192 168 1 161 Aug 28 13 31 05 I7fw ulogd 13266 1346057503 15 IN OUT eth0 MAC SRC 157 55 130 143 DST 192 168 1 111 LEN 136 TOS 00 PREC 0x00 TTL 50 ID 0 DF PROTO UDP SPT 40013 DPT 30139 LEN 116 08 28 2012 13 31 01 Locall Info 192 168 1 161 Aug 28 13 31 05 I7fw ulogd 13266 1346057503 15 IN ethO OUT MAC 00 0d 48 0e 26 f2 40 61 86 66 fc ff 08 00 SRC 192 168 1 111 DST 118 167 76 64 LEN 138 TOS 00 PREC 0x00 TTL 128 ID 8181 PROTO UDP SPT 30139 DPT 33351 08 28 2012 13 31 01 Locall Info 192 168 1 161 Aug 28 13 31 05 I7fw ulogd 13266 1346057503 15 IN OUT eth0 MAC SRC 157 55 235 161 DST 192 168 1 111 LEN 460 TOS 00 PREC 0x00 TTL 48 ID 0 DF PROTO UDP SPT 40028 DPT 30139 LEN 440 08 28 2012 13 31 01 Locall Info 192 168 1 161 Aug 28 13 31 05 I7fw ulogd 13266 1346057503 15 IN eth0 OUT MAC 00 0d 48 0e 26 f2 40 61 86 66 fc ff 08 00 SRC 192 168 1 111 DST 157 55 130 143 LEN 172 TOS 00 PREC 0x00 TTL 128 ID 8180 PROTO UDP SPT 30139 DPT 40013 08 28 2012 13 31 01 Locall Info 192 168 1 161 Aug 28 13 31 05 I7fw ulogd 13266 1346057503 15 IN OUT eth0 MAC SRC 157 55 130 143 DST 192 168 1 111 LEN 39 TOS 00 PREC 0x00 TTL 50 ID 0 DF PROTO UDP SPT 40013 DPT 30
54. 120 seconds oa Ye Outgoing Anomaly 1 Session exceeds 100 and continues 120 seconds default 2 Upload flow exceeds 512 kbps and continues 120 seconds default 3 Download flow exceeds 1024 kbps and continues 120 seconds default Incoming Anomaly 1 Session exceeds 100 and continues 120 seconds default 2 Upload flow exceeds 512 kbps and continues 120 seconds default 3 Download flow exceeds 1024 kbps and continues 120 seconds default 118 Advanced Protection IFW320 Industrial Firewall Appliance Enter 20 in outgoing anomaly and use 192 168 1 117 for testing this function Let s see Status gt Connection Status gt Connect Track Connect Track List Total Session 532 532 OutBound 30second Refresh 1 1 IP Address Session Up speed bits e Down speed bits Log 192 168 1 91 1 0 0 Leg As we saw in the figure above 192 168 1 117 should be recorded and system will mail logs to recipients Then user will receive notify logs such as figure below Notify email sample 1 7 From Subject Admin 2011 02 08 15 00 Anomaly IP E root AAA S ShareTech Jordan 2011 2 8 Update RAGE UR TORTA Admin 2011 02 08 14 45 Anomaly IP Admin 2011 02 08 14 30 Anomaly IP From Admin 4 To ting sharetech com tw Qs Subject 2011 02 08 15 00 Anomaly IP Anomaly List Time IP Event Limit Over Length 2011 02 08 14 47 09 192 168 1 11
55. 139 LEN 19 08 28 2012 13 31 01 Locall Info 192 168 1 161 Aug 28 13 31 05 I7fw ulogd 13266 1346057503 15 IN eth0 OUT MAC 00 0d 48 0e 26 f2 40 61 86 66 fc ff 08 00 SRC 192 168 1 111 DST 157 55 235 161 LEN 59 TOS 00 PREC 0x00 TTL 128 ID 8179 PROTO UDP SPT 30139 DPT 40028 08 28 2012 13 31 01 Locall Info 192 168 1 161 Aug 28 13 31 05 I7fw ulogd 13266 1346057503 15 IN eth0 OUT MAC 00 0d 48 0e 26 f2 40 61 86 66 fc ff 08 00 SRC 192 168 1 111 DST 157 55 130 143 LEN 167 TOS 00 PREC 0x00 TTL 128 ID 8178 PROTO UDP SPT 30139 DPT 40013 08 28 2012 13 30 40 Locall Info 192 168 1 161 Aug 28 13 30 44 I7fw ulogd 13266 1346057503 15 IN OUT eth0 MAC SRC 65 55 223 29 DST 192 168 1 111 LEN 40 TOS 00 PREC 0x00 TTL 46 ID 28760 DF PROTO TCP SPT 40020 DPT 49349 SEQ 2474514379 ACK 3770565196 WINDOW 83 ACK 08 28 2012 13 30 39 Locall Info 192 168 1 161 Aug 28 13 30 43 I7fw ulogd 13266 1346057503 15 IN eth0 OUT MAC 00 0d 48 0e 26 f2 40 61 86 66 fc ff 08 00 SRC 192 168 1 111 DST 65 55 223 29 LEN 44 TOS 00 PREC 0x00 TTL 128 ID 8171 DF PROTO TCP SPT 49349 DPT 40020 08 28 2012 13 30 39 Locall Info 192 168 1 161 Aug 28 13 30 43 I7fw ulogd 13266 1346057503 15 IN OUT eth0 MAC SRC 65 55 223 29 DST 192 168 1 111 LEN 50 TOS 00 PREC 0x00 TTL 46 ID 28759 DF PROTO TCP SPT 40020 DPT 49349 SEQ 2474514369 ACK 3770565192 WINDOW 83 ACK PSH 08 28 2012 13 30 39 Locall Info 192 168 1 161 Aug 28 13 30 43 I7fw ulogd 13266 1346057503 15 IN eth0 OUT MAC 00 0d 48 0e 26 f2 40 61 86 66 fc f
56. 168 188 2 b0 a8 6e 0f 15 81 Exceed ARP spoofing alert value EX2200 3 End 201 4 11 12 16 29 43 2014 11 12 15 47 40 192 168 188 2 b0 a8 6e 01 15 81 Exceed ARP spoofing alert value EX2200 3 End 2014 11 12 16 05 51 2014 11 12 15 32 52 192 168 188 2 b0 a8 6e 0115 81 Exceed ARP spoofing alert value EX2200 3 End 2014 11 12 15 50 34 2014 11 12 15 11 39 192 168 188 2 b0 a8 6e 0115 81 Exceed ARP spoofing alert value EX2200 3 End 2014 11 12 15 35 49 2014 11 12 15 00 50 192 168 188 2 b0 a8 6e 0f15 81 Exceed ARP spoofing alert value EX2200 3 End 2014 11 12 15 14 35 2014 11 12 15 00 50 192 168 188 2 b0 a8 6e 0715 51 Exceed ARP spoofing alert value EX2200 1 End 2014 11 12 15 00 50 2014 11 12 14 53 56 192 168 188 2 b0 a8 6e 0115 81 Exceed ARP spoofing alert value EX2200 3 End 2014 11 12 15 00 50 2014 11 12 14 35 59 192 168 188 2 b0 a8 6e 0115 81 Exceed ARP spoofing alert value EX2200 3 End 2014 11 12 14 56 51 2014 11 12 14 32 31 192 168 188 2 b0 a8 6e 0115 81 Exceed ARP spoofing alert value EX2200 3 End 2014 11 12 14 38 50 2014 11 12 14 29 14 192 168 188 2 b0 a8 6e 01 15 81 Exceed ARP spoofing alert value EX2200 1 End 2014 11 12 14 32 31 2014 11 12 14 18 08 192 168 188 2 bO a8 6e 0f15 81 Exceed ARP spoofing alert value EX2200 3 End 2014 11 12 14 29 14 2014 11 12 14 14 08 192 168 188 2 b0 a8 6e 0115 81 Exceed ARP spoofing alert value EX2200 3 End 2014 11 12 14 21 01 2014 11 12 14 02 26 192 168 188 2 b0 a8 6e 0715 81 Exceed ARP spoofing alert value EX22
57. 2 168 1 33 22 P Add Here is an example showing how to open mail server port in order to enable connection from outside user Assume your Mail Server IP is Example 192 168 99 250 Please follow the previous steps and then create a WAN policy in Policy gt WAN Policy gt WAN to LAN J Policy gt WAN Policy Basic Setting Policy Name source E Outside Any Y IP Address Destination Virtual Server 192 166 166 2 Y Action Setting WAN to LAN Policy completed you can see the following figure WAN to LAN Policy 1 4 Policy Edit Del Log e No Policy Name Source Destination Services Action On Off 17 Outside_Any vIP 192 168 186 2 ALL gt gt Add Then enter WAN IP and port number For example http 111 252 76 144 88 Figure below shows WAN Virtual Server 88 port C amp bets Fle 2 204 118 88 index php I Google C O HH O 2364H 78 Objects IFW320 Industrial Firewall Appliance Otherwise enter WAN IP and port number https 111 252 76 144 888 figure 2 ade shows deal di 888 port Google O z O AMA O SSAA WebMail A 9 mik allegro com ph e Y SCENES gt 6 7 2 Mapped IP Because of the intranet is transferring the private IP by NAT NAT Network Address Translation Mode so NAT is used to map a WAN Real IP address to a LAN Private IP address lt is a one to one mapping That is to gain access to internal servers with private IP addresses from an extern
58. 39 17 tcp 192 168 5 34 163 29 24228 50615 gt 21 E 5 50 8 17 14 3 2 Top N Port Flow Select Status gt Flow Analysis gt Top N Port Flow Top N Flow Search Flow Direction Outgoing Top N Flow 10 Statistics Period 2013 09 24 00 00 00 2013 09 24 18 32 24 Search Destination Port Up Flow Down Flow HTTP 163 292 30 1 168 952 98 SMTP 86 270 18 67 086 47 HTTPS 45 669 06 282 397 49 1935 2 501 09 136 854 75 Flow Direction There are two selections Default setting is OutBound 1 Outgoing 2 Incoming Top N Flow Select how many lists would be shown Default setting is 10 Click on search And you will see result below Destination Port It shows destination port Up Flow The accumulation of upload flows 1 bytes 8 bits kilobytes 1 kilobytes 1024 bytes Down Flow The accumulation of download flows 1 bytes 8 bits kilobytes 1 kilobytes 1024 bytes Status 179 IFW320 Industrial Firewall Appliance 14 3 3 Top N Search Select Status gt Flow Analysis gt Top N Search Search Top N Flow Date 2014 11 13 100 00 2014 11 13 1100 00 Flow Direction All Outgoing IF Connection Inside IP All T Outside Part Top Flow Search Top 10 Search Search Result Top Flow Search Top 10 Date 2014 11 13 00 00 00 2014 11 13 00 00 00 No Computer Name IP Address MAC Address Up Flow kbytes Down Flow kbytes Date select date range F
59. 4873b5e9 Thu Jun 5AC 192 168 254 30 DST 213 146 189 205 PROTO TCP 5PT 1161 DPT 12350 LEN 40 WAN 1 DiF 00 MARK 101314b2bb0665 S AC 213 146 109 205 DST 192 160 254 30 PROTO TCP SPT 12350 DPT 1161 LEN 40 WAN lt 1 DIR in MARK 101914b2bb066 SAC 213 146 189 205 DS T 192 168 254 30 PROTO TCP SPT 12350 DPT 1161 LEN 45 WAN 1 DIR in MARK 101914b2bb066 AC 66 249 68 1 DST 192 168 254 253 PROTO TCP SPT 45345 DPT 00 LEN 52 WAN 1 DIR MARK 101924073b5e9 Thu SAC 66 249 68 1 DST 192 168 254 253 PROTO TCP SPT 45345 DPT 80 LEN 52 WAN 1 DIR in MARK 101924073b5e9 Thu SAC 66 249 68 1 DST 192 168 254 253 PROTO TCP SPT 45345 DPT 80 LEN 52 WAN 1 DIR n MARK 101924073b5839 Thu SAC466 249 68 1 DST 192 168 254 253 PROTO TCP SPT 45345 DPT 00 LEN 52 WAN 1 Difiean MARK 10192407 3b5e9 Thu SHAC 192 168 254 30 DST 213 146 189 205 PROTO 1CP SPT 1161 DPT 12350 LEM 45 WAN 1 DIR 001 MARK 101914b2bb066 5AC 66 249 68 1 DST 192 168 254 253 PROTO TCP SPT 45345 DPT 00 LEN 52 WAN 1 DIR in MARK 101924073b5e9 Thu SAC 66 249 68 1 DST 192 168 254 263 PROTO TCP SPT 45345 DPT 00 LEN 52 WAN 1 DIR MARK 101924073b5e9 Thu SAC 66 249 68 1 DST 192 168 254 253 PROTO TCP SPT 45345 DPT 80 LEN 52 WAN 1 DIR MARK 101924073b5039 Thu S5AC66 249 68 1 DST 192 168 254 253 PROTO TCP SPT 45345 DPT 00 LEN 52 WAN 1 Difiean MARK 10192407 3b5e9 Thu SAC 66 249 68 1 051 192 168 254 253 PROTO TC0P SPT 45345 DPT 80 LEN 52 WAN 1 DIR in MARK 101924072b5e9 Thu 5AC 66 249 68 1 DST 192 168 254 2
60. 53 PROTO TCP SPT 45345 DPT 00 LEN 52 WAN 1 DIR MARK 101924073b5e9 Thu SAC 66 249 68 1 DST 192 168 254 253 PROTO TCP SPT 45345 DPT 00 LEN 52 WAN 1 DIR in MARK 101924073b5e9 Thu SAC 66 249 68 1 DST 192 168 254 253 PROTO TCP SPT 45345 DPT 80 LEN 52 WAN 1 DIR n MARK 101924073b5839 Thu 5AC66 249 68 1 DST 192 168 254 253 PROTO TCP SPT 45345 DPT 00 LEN 52 WAN 1 DIR in MARK 10192407 3b5e9 Thu 080 Jun 30 11 59 59 2011 2 Please select Log to file and the rest are depend on your settings Le El 230 3 Path and file name of log file Insert A4utoS plit value C Users ting Desktop syslog txt Example of actual path and file name 4 Log file format Comma Separated Values yyyy mm dd CSV z 7 Kiwi Syslog Server Setup Ux HB 60 Rules Default Filters Actions Action Custom file formats Custom DB formats DNS Resolution DNS Setup DNS Caching Modifiers Scripting Display Appearance E mail Alarms Min message count Max message count Disk space monitor Message queue monitor Inputs UDP TCP Log File Rotation Enable Log File Rotation Total number of log files 12 3 Maximum log file size 100 B Bytes Maximum log file age 100 Minute s e 6 Ce Lx Then export syslog file is completing 237 ls ESP AEE AFO SEN RAH 08 Local1 Info 192 08 Locall Info 192 08 Local1 Info 192 18 08 Local1 Info 192 18 09 Local1 Info 192
61. 63 E NNTP 119 O MER NTP 123 a ple over SSL POP2 109 peak e POP3 110 PPTP 1723 7 MER RIP 520 E RLOGIN 513 Real Audio 7070 SFTP 115 SMTP over SSL 465 7 SMTP 25 Y EG snup 161 7 SSH 22 sysLoc 514 E TFTP 69 7 Telnet 23 Terminal 3389 E vucr s40 F VNC 5900 dl WAIS 210 m WINFRAME 1494 Yahoo 5050 Select After services selection completed if you made wrong selection and you want to remove one port please clear the port Add Service Group Group Name Mail Server Assist More Protocol Port Start End 1 2 TCP UDP 110 110 2 TCP UOP 25 25 J TCP UOP 4 2 TCP UDP 5 2 TCP UDP E Y TCP UOP Fi TCP UOP g TCP UOP Add Setting Service Group completed In addition select Wlcheckbox and click on 444 to create a new sub content Ett to modify contents or l to cancel list Service Group List Choose File Mo file chosen Import Export 127 111 Mark Group Name Port Start End Mail Server ive 110 25 Add Edit X Del 64 Objects IFW320 Industrial Firewall Appliance gt Here is an example showing how Service Group is used Select Policy gt LAN Policy or WAN Policy Then select the function you need on the right side 2 Clickon _ and set Action to Permit and then set Service Port or Group to Mail Server which you have just selected in section 6 2 Services Policy gt LAN Policy Example Basic Set
62. 68 161 254 PPP adapter ShareTech Connection specific DNS Suffix IP gt 16 16 16 56 gt 255 255 255 255 10 10 10 58 VPN 153 IFW320 Industrial Firewall Appliance 154 11 2 3 PPTP Account List Select VPN gt PPTP Server gt PPTP Account List After setting PPTP account completed you can see the following list PPTP Account List On line 0 1rd Account Status Enabled Edit Del Log axiomtek 2 p e Log Add Account Available VPN PPTP account Status The symbol and its description used in the VPN connection status 1 It is connecting E 2 Disconnected Enabled Click on P again and it will change to Ul 1 P Enable 2 lll Disable Edit Del Click on the pencil signature to modify contents and click on to delete PPTP account 1 4 Modify contents 2 Delete PPTP account Log Click on to show the PPTP account connection logs VPN IFW320 Industrial Firewall Appliance 11 3 PPTP Client In the PPTP Client section you can enable the following lists 11 3 1 Add PPTP Client Select VPN gt PPTP Client gt Add PPTP Client Add New Connection Mame PPTF Client test Enabled il Account IC Password T SHEW Password PRU DENEI IF or 60 249 6 185 lei al Be Domain Encryption 192 166 186 1 23 Remote IP Range ex 192 166 1 0 24 Add Name The description for PPTP Client Account It displays the name of clients using PPTP to log in to PPTP server
63. 7 228 50 70 Log 178 Status IFW320 Industrial Firewall Appliance Click on to see Top N Flow Log in figure below a P 192 168 5 34 y Type Outgoing g Service FTP El Reverse Dst IP 119 4 50 5 amp Date Protocol Src IP Dst IP Port WAN Up Flow kbytes Down Flow kbytes Policy 2013 09 24 08 03 44 tcp 192 168 5 34 163 29 242 28 49279 gt 21 ME 5 50 8 17 2013 09 24 08 06 54 tcp 192 168 5 34 163 29 242 28 49459 gt 21 E 5 55 8 30 2013 09 24 08 10 03 tcp 192 168 5 34 163 29 242 28 49592 gt 21 E 5 50 8 18 2013 09 24 08 11 39 tcp 192 168 5 34 163 29 24229 49624 gt 21 E 2 28 3 16 2013 09 24 08 13 20 tcp 192 168 5 34 163 29 24228 49651 gt 21 E 5 50 8 17 2013 09 24 08 13 41 tcp 192 168 5 34 163 29 24229 49686 gt 21 E 2 01 2 76 2013 09 24 08 16 12 tcp 192 168 5 34 163 29 242 29 49758 gt 21 E 16 26 22 31 2013 09 24 08 16 33 tcp 192 168 5 34 163 29 242 28 49807 gt 21 E 5 50 8 18 2013 09 24 08 19 44 tcp 192 168 5 34 163 29 24228 49851 gt 21 ME 6 29 9 16 2013 09 24 08 23 07 tcp 192 168 5 34 163 29 24228 49898 gt 21 E 5 55 8 26 2013 09 24 08 26 27 tcp 192 168 5 34 163 29 242 28 49947 gt 21 E 5 60 8 35 2013 09 24 08 29 37 tcp 192 168 5 34 163 29 242 28 49998 gt 21 E 5 46 8 18 2013 09 24 08 32 55 tcp 192 168 5 34 163 29 242 28 50151 gt 21 E 5 50 8 17 2013 09 24 08 36 04 tcp 192 168 5 34 163 29 24228 50405 gt 21 E 5 50 8 18 2013 09 24 08
64. 7 Outgoing Session 20 361 12 2011 02 08 14 48 09 192 168 1 117 Outgoing Session 20 675 12 __ 2011 02 08 14 49 08 192 168 1 117 Outgoing Session 20 829 12 2011 02 08 14 50 09 192 168 1 117 Outgoing Session 20 810 12 2011 02 08 14 51 09 192 168 1 117 Outgoing Session 20 611 12 2011 02 08 14 52 09 192 168 1 117 Outgoing Session 20 34 12 Notify email sample 2 G Ma j Search Mail Search the Web Powsss options ogh Mail Contacts Tasks Back to Inbox Archive Reportspam Delete Movetow Labelsw More actions w compone mal 2011 03 05 14 15 Anomaly IP x inox Ix Inbox 2 Priority Inbox 1 O Adain Buzz Y Anomaly List Starred f Time IP Event_____ LimijOver Length Sent Mail 011 03 05 14 01 18 Drafts 011 03 05 14 01 18 see 2011 03 05 14 03 18 192 168 1 86 Outgoing Session 20 84 10 m 2011 03 05 14 04 18 192 168 1 86 Outgoing Session 20 69 10 2011 03 05 14 04 48 192 168 1 117 Outgoing Session 20 32 10 samp 2011 03 05 14 05 18 192 168 1 86 Outgoing Session 20 41 10 game 2 Hinet Picasa 11 Software system certcc org t 2011 03 05 14 09 49 192 168 1 117 Outgoing Session 20 27 10 Twnic 3 2011 03 05 14 10 49 192 168 1 117 Outgoing Session 20 24 10 7 morev e LTING HSIEH Search add or invite Reply Forward Invite a friend Give Gmail to 50 left Advanced Prote
65. 79 Assist Operation Mode MAT Routing O Save Name Enter any word for recognition 40 Network IFW320 Industrial Firewall Appliance Bind to Interface Select it to start multiple subnet function IP Address The multiple subnet range of IP addresses Netmask Enter Netmask WAN Interface IP Address The WAN IP addresses that the subnet corresponds to WAN Operation Mode Allows the internal network to accommodate multiple subnets and enables Internet access through various external IP addresses It displays using modes of WAN interface IP 1 NAT 2 Routing The completed multiple subnet is shown in figure below Multiple Subnet 111 Name Bind IP Address Netmask WAN Interface IP Operation Mode Edit Del AA 7 192 168 99 0 255 255 255 0 WAN 192 168 186 799 NAT FE Add gt For example A company divided into R amp D department customer service department Example sales department purchasing department and accounting department has a lease line with multiple real IP addresses 168 85 88 0 24 In order to facilitate the network management the IT administrator may designate a subnet to each department respectively The subnet distribution is as follows R amp D Department 192 168 1 1 24 Internal gt 168 85 88 253 External Customer Service Department 192 168 2 1 24 Internal gt 168 85 88 252 External Sales Department 192 168 3 1 24 Internal gt 168 85 88 251 External Purchasing D
66. 802 1Q standard was developed to address the problem of how to break large networks into smaller parts so broadcast and multicast traffic wouldn t grab more bandwidth than necessary The standard also helps provide a higher level of security between segments of internal networks In this section you can enable the following lists 48 4 4 1 802 10 Select Network gt 802 1Q gt 802 1Q Click on 444 Comment Enter any word for recognition IP Address Enter an IP address The IP address 10 10 10 1 Example Netmask Enter a Netmask gt The Netmask 255 255 255 0 Example Interface Select interface LAN or WAN to add VLAN ID Network IFW320 Industrial Firewall Appliance VLAN ID It is the identification of the VLAN which is basically used by the standard 802 10 Example Here ML 9324 switch is taken as an example The following figure shows differences between connection with or without VLAN le switch e Pa a a v e qe ug 7 Check your switch setting Let s create some VLANs J 24G 4 SFP Web Smart Switch Mozilla Firefo 192 168 1 144 24G 4 SFP Web Smart Switch Configuration Port Segmentation VLAN Configuration Add a VLAN IVLAN 1D Storm Control Monitoring Statistics Overview Detailed Statistics Status RSTP Status IGMP Status Ping Maintenance Warm Restart Factory Default Software Upload Logout Network VLAN
67. 92 168 1 117 192 168 1 117 192 168 1 117 Destination IP 114 42 156 31 114 24 193 9 203 80 88 48 218 172 246 216 111 254 207 165 175 180 85 130 123 194 157 65 61 57 103 99 114 38 107 157 118 169 66 109 124 8 223 70 112 105 144 52 124 11 66 53 111 83 241 39 125 233 63 16 211 76 54 196 118 161 210 147 Port 4163 gt 23952 3967 gt 10571 9273 gt 8019 4139 gt 8511 3567 gt 25865 3535 gt 13418 4009 gt 16881 3609 gt 8600 3790 gt 15360 3496 gt 51001 3980 gt 16882 4079 gt 23588 3530 gt 9334 3625 gt 61660 3614 gt 22921 3898 gt 22470 3842 gt 80 192 168 1 117 220 139 134 191 4076 gt 13054 192 168 1 117 219 RA 219 22N__ 41857 gt R107 Block List Up Packets Down Packets Up Bytes Down Bytes 5 13 21 5 36 55 5 112 4 8 f 3 30 58 4 1 276 1 07KB 2 65KB 276 20 56KB 22 22KB 276 21 71KB 480 919 642 276 1 05KB 1 13KB 20 88KB 9 11KB 1 17KB 276 168 600 1 74KB 128 17 76KB 40 86KB 168 13 16KB 445 943 499 128 128 lt accords with Advanced Protection gt Anomaly IP Analysis gt Block Anomaly lf user have selected Block until administrator to unlock in block setting don t forget to click on o to unlock that IP Block List Date IP Event 2011 02 08 14 13 00 192 168 1 117 Period Outgoing Session 12s Block Left Time Unlock Need Adminstrator unlock 8 2 Switch Management The
68. Administration W System Language Signature Update W Chis Metwork Interface W Routing 180210 Policy LAN Policy W WAN Policy Objects Address W Services aos Schedule W Application Software URL Virtual Server Metwork Services DHCP W DONS HA Remote Syslog Serer Advanced Protection Anomaly IP Analysis l Switch Intranet protect WPI VPN Tunnel PPTP Server W PPTP Client Botnet Botnet Setting Botnet Record Search Account Available account which administrator made before Computer Name All of available computers which ever pass through the IFW320 IP Address Internal IP addresses Login Logout Record users login and logout action Configuration It lists out the working connections for the Date amp Time Administration System and Language logs Network It lists out the working connections for the Interface and Routing logs Policy It lists out the working connections for the LAN Policy and WAN Policy logs Objects It lists out the working connections for the Address Services QoS Schedule Application Software URL and Virtual Server logs 170 Logs IFW320 Industrial Firewall Appliance Network Services It lists out the working connections for the DHCP DDNS HA and Remote Syslog Server Advanced Protection It lists out the working connections for the Anomaly IP Analysis Switch and Intranet protect VPN It lists out the working connections for the VPN Tunnel PPTP Server and
69. BO 550 Minutes Interface Name eth1 Enter any word for recognition IP Address Depend on the Connection Method DHCP and PPPoE mode do not need to set IP address Only Static mode needs to setup IP address Default Gateway Depend on the Connection Method DHCP and PPPoE mode do not need to set Default Gateway Only Static mode needs to setup Default Gateway Up Speed Max 1000Mbps The IT administrator must define a proper bandwidth for each of them in order that the device may use it as a basis for operating The Kbps is a unit of Speed You can click on Custom Define link to set your speed according to ISP s WAN Speed Speed and Duplex Mode Usually it sets on Auto You also can select other settings Load Balancing It offers four methods 1 Auto Distributes the outward sessions by the usage status of each WAN port 2 By Source IP For services that require using the same IP address throughout the process such as online game and banking IFW320 helps user retain the same WAN port i e IP address over which the session was created to avoid disconnection caused by the variation of the user s IP address 3 Manual According to administrator demand for sharing loading on the WAN 4 By Destination IP Once a session is created between the IFW320 and a specific host then the following sessions linking to that host will be automatically distributed to the same WAN port 10 Getting Started IFW320 Industrial Firewall
70. Built in with IPSec VPN that provides site to site secure tunnel PPTP VPN that offers point to point connection for employee at home and SSL VPN that offers you an easy VPN access to your headquarters simply through a web browser the Firewall device provide system integrator and machine maker a secure way to configure and maintain their device The Firewall appliance also have Industrial Protocol management including EtherCAT Ethernet IP Lonworks Profinet Modbus DNP that pave a way to secure fieldbus network Additionally we offer wide temperature models for use in hazardous 40 C 75 C environments and economic friendly model 0 60 C for non temperature sensitive use 1 1 Features All in one Firewall NAT VPN Security protection Firewall IDP BotNet Secure connection VPN SSL VPN WAN connection checking IPv4 IPv6 dual mode Easy network setup with Network Address Translation NAT Quick installation USB restore Centralized management Wide operation temperature 40 C 75 C IFW320 T Introduction 1 IFW320 Industrial Firewall Appliance 1 2 Specifications Software e Interface m LAN 1 RJ 45 port m WAN 1 RJ 45 port e Network Features Quality of Service QoS Support IPv4 IPv6 e Routing Static routing RIP v1 v2 e Firewall Features Stateful inspection m Filter MAC IP port protocol Bridge mode firewall Denial of Service DoS protection TCP SYN ICMP ping ARP Bridge mode Port scan
71. C Fee 535 Add Setting User Group with Local Users mode completed In addition click on 4 to create a new sub content to modify contents or to cancel list Group List 111 Group Name Member Auth Setting Edit Del vic test victoria User defined setting testgroup 111 POPS User test com 422 POPS User test com General setting FU test 222 POPS User test com General setting ax Group vic victoria General setting F dd Then go to SSL VPN gt SSL VPN Setting gt SSL Client List Please click on 44 to create a new certification Group New Certification Group Comment SSL YPN Group Authentication Group Group Address of information message Add 142 SSL VPN IFW320 Industrial Firewall Appliance Setting SSL VPN Client with Authentication Local Users completed see figure below SSL VPN Client Software Download URL https Wan IP Address or Domain HTTPS Port sslvpn php SSL Client List al Comment Authentication Group User Management Delete SSL VPN Group GroupA Group Member Number 2 Add IT administrator can click on to see SSL VPN client status in figure below 4 192 168 186 79 Program Sslypn Ssl_ Vpn_Show_Client php sn GroupA Group Member Cancel all Re generate all Address of information message 1 1 List certificates Certificate E Save User Account Cancel Certificate Re generate Certificate Download Set the user a static IP address Suspended Set Static MAC Ad
72. Configuration List Modify Delete Refresh IFW320 Industrial Firewall Appliance 24G 4 SFP Web Smart Switch 192 168 1 144 Configuration Aggregation ACP RSTP 802 1X IGMP Snooping Mirroring Quality of Service Rate Limit Storm Control Monitoring Statistics Overview Detailed Statistics LACP Status RSTP Status IGMP Status Ping Maintenance Warm Restart Factory Default Software Upload Logout 24G 4 SFP Web Smart Switch VLAN Setup mae Port Member Port Member Port 1 a Port 13 E Port 2 a Port 14 a Pot3 vi Portis O Port 4 l Port 16 lO Port 5 a Port 17 E Pot v Portis O Port 7 I Port 19 lO Port 8 la Port 20 E Port 9 a Port 21 a Port 10 a Port 22 E Port 11 E Port 23 E Port 12 a Port 24 a Select Port 1 Port 7 where packets should select Tagged 3 246 4 SFP Web Smart Switch Mozilla Firefox 192 168 1 144 Configuration Storm Control Monitoring Statistics Overview ery Statistics RSTP Status IGMP Status Ping Maintenance Warm Restart Factory Default Software Upload Logout 2 Layer 24G 4 SFP Web Smart Switch VLAN Per Port Configuration Port All Tagged Only 3 All Tagged Only 3 O an Tagged Only 3 O An Tagged Only 3 O An Tagged Only 3 PO OAM TaggedOnly 3 All Tagged Only o An D Tagged Only All O Tagged Only
73. Connection Test El Save If the info is incorrect it will display Login Test Failed see figure below If this happens please check the accuracy of the information provided 192 168 186 9 HAAHR A Objects gt Authentication POP3 RADIUS User Add Server Domain Name test com ex gmail com Domain can not be repeated pex 74 125 53 109 or pop gmail com Server Connection Test When you see the figure below click on rd to modify the setting POP3 Server Server Edit Del test com 192 168 186 88 Add Radius Server List Edit Del Server Add 86 Objects IFW320 Industrial Firewall Appliance After editing the setting you may add email account s at Server Member Setting below Server Setting Domain Name test com Server 192 168 186 88 ex 74 125 53 109 or pop gmail com Connection Test E dave Server MemberSetting Eis IES Import Y Type Name Account User 111 111 User User 6 9 4 User Group Select Objects gt Authentication gt User Group Click on Group name Enter some words for recognition General setting Auth Setting User defined setting Idle timeout minutes frange 1 1000 Re login after user has logged in for hours frange O 24 0 means no limit L amp P R Edit L Local 4 AD P POPS R RADIUS Separate items with commas Select authentication mode select usertype Local Au
74. Enter an account for DDNS server Password Enter a password for DDNS server Comment Enter any word for recognition Enabled Select Enabled tick box If it is not ticked the Firewall will not update the information on the DDNS server It will retain the information so that you can re enable DDNS updates without reentering the data It contains a DDNS client for 14 different providers if it is enabled it will automatically connect to the dynamic DNS provider and tell it the new IP address after every address change Add Setting DDNS Server completed In addition click on to create a new sub content 4 to modify contents or to cancel list DDNS List Log 1 1 Mark Update Status Service Provider Hostname Account Wan Enabled Comment x dhs org ifw320 dhs org F WAM IF DNS Add Edit Del 7 3 DNS Proxy The Domain Name System DNS is a standard technology for managing the names of websites and other Internet domains DNS technology allows you to type names into your web browser like compnetworking about com and your computer to automatically find that address on the Internet A key element of the DNS is a worldwide collection of DNS servers A DNS server is any computer registered to join the Domain Name System A DNS server runs special purpose networking software features a public IP address and contains a database of network names and addresses for other Internet hosts For example the
75. Firewall Appliance Up Speed Define a suitable maximum Upstream bandwidth for each for them in order that the device may use it as a basis for operating Down Speed Define a suitable maximum Downstream bandwidth for each for them in order that the device may use it as a basis for operating MAC Address Enter a MAC Address Speed and Duplex Mode Select which network speed is suitable for user 10Mb Half Caution MTU Default setting is 1500 Clickon ARP Spoofing Prevention ARP Spooting Prevention Enable Every 30 seconds range 1 600 send 3 times in a row 4 With ARP spoofing also known as ARP poisoning you are tricking your target into thinking that you are the device who they want to send its data Note to So for example you want all Internet traffic from the target to go to your machine you would tell the target that your machine s MAC address is the MAC address of the gateway Then you would want to tell the gateway that the target s MAC address is yours In this way both side of the traffics flow to your machine Start up your favorite packet sniffer and you are good to go Of course you will want to make sure that you are forwarding the data and not storing it if not your target won t be able to send data to its original destination Multiple Subnet Add Multiple Subnet Mame AA Bind i IF Address 192 168 99 0 Metmask 255 255 205 0 WAN Interface IP Operation Mode Setting WAM 192 168 186
76. Interface information Query Interface LAM o OK Interface Information 2 eth mtu 1500 qdisc htb state DOWN glen 1000 linkether 00 0d 40 34 ba a3 bro fE TET Inet 192 160 1 1 4 brd 192 166 1455 scope global ethu valid lft forever preferred_lft forever Inet 192 160 99 0 24 brd 192 166 995 255 scope global eth 1 valid_ lft forever preferred ft forever Ineth feo 20d 4oftte94 baa5 54 scope link valid lft forever preferred Ift forever 192 166 171 111 ether 40 61 86 b tcf Chil ethO Tools 165 IFW320 Industrial Firewall Appliance WAN information Interface information Query Interface WAM oF Oo OE Interface Information 3 eth1 mtu 1500 qdisc htb state UP glen 1000 linkether O0 0d 46 34 ba a4 bro MATT Inet 192 166 106 79 24 brd 192 160 106 255 scope global eth valld_lft forever preterred_lft forever Inet 192 160 106 224 brd 192 166 166 255 scope global secondary eth1 1 valld_lft forever preterred_lft forever Inet 192 160 106 324 brd 192 166 106 255 scope global secondary eth1 2 valid lft forever preterred_lft forever Inet 192 160 106 424 brd 192 166 106 255 scope global secondary eth1 3 valid lft forever preferred_lft forever Ineth feo 20d 4oftte34 baad b4 scope link valid lft forever preferred Ift forever 192 166 166 245 ether 00 90 fb 2b 2f e7 C 192 166 166 255 ether 00 05 1d 05 04 22 E 192 166 156 133 ether ollos ateb aci f C eth 192 166 166 155 ether 00 0d 46 34 bb b C 192 166 166 160 et
77. KE SA Lifetime IPSec Setting Phase 2 IPSec Perfect Forward Secrecy PFS IPSec SA Lifetime Dead Peer Detection Drop SMB Protocol Y Branch o WAN IP Address or Domain 211 20 227 193 192 168 99 0 255 255 255 0 124 192 168 165 0 255 255 255 0 24 Main Aggressive 123456 des md5 DHGroup 2 v WAN IP Domain Name SWAN IP Domain Name 3 Y Hour s des md5 v 2 No Yes 3 Y Hour s hold Y Delay 10 Seconds Time outb0 Dynamic IP Address Seconds VPN IFW320 Industrial Firewall Appliance 11 1 2 Add IPSec Tunnel Setting IPSec Tunnel completed and please notices the status IPSec Tunnel and Status Show Rows 46 Show 174 IPSec Tunnel Name Interface Local Subnet Status Remote IP Address Remote Subnet phase 1 phase 2 Operstiontime Enabled Edit Del Log Branch WAN 192 168 99 0 24 Y 211 20 227 193 192 168 168 0 24 desmd5 desmd5 p P r Add VPN and Status 1 Interface At present IPSec VPN use entity interface WAN 2 Status a amp The VPN is not work b The VPN is on work 3 Enabled Control IPSec VPN start and suspension button a P Stand for start b lll Stand for suspension 4 Stand for editing the VPN setting 5 Log This VPN communication record IPSec VPN channel if has the communication record with opposite party select the will open the new Windows the data will be according to time sorting most recent news in
78. Not classified Degree of protection against the ingress of water IPX0 Equipment not suitable for use in the presence of a flammable anesthetic mixture with air or with oxygen or nitrous oxide Mode of operation Continuous Type of protection against electric shock Class equipment General Cleaning Tips You may need the following precautions before you begin to clean the computer When you clean any single part or component for the computer please read and understand the details below fully When you need to clean the device please rub it with a piece of dry cloth Be cautious of the tiny removable components when you use a vacuum cleaner to absorb the dirt on the floor Turn the system off before you start to clean up the component or computer Never drop the components inside the computer or get circuit board damp or wet Be cautious of all kinds of cleaning solvents or chemicals when you use it for the sake of cleaning Some individuals may be allergic to the ingredients Try not to put any food drink or cigarette around the computer Cleaning Tools Although many companies have created products to help improve the process of cleaning your computer and peripherals users can also use household items to clean their computers and peripherals Below is a listing of items you may need or want to use while cleaning your computer or computer peripherals Keep in mind that some components in your computer may only be able to b
79. Now 532 A Memory Usage E Average of 1 Minutes 1024 H 819 H y 64M B 40H 205 H 0 0400 06200 0800 1000 1200 1400 4verage 247 09M Bytes Max 266 43M Bytes Min 240 59M Bytes Now 266 23M Bytes CPU Usage The CPU utilization of the device Memory Usage The Memory utilization of the device Status 173 IFW320 Industrial Firewall Appliance In addition select System Usage tick box and click on ok then you will get graphs of System Usage v System Usage gt System Usage M Average of 1 Minutes 10 SO 0D dd ade ct aio ae al ws os 0400 06200 08200 1000 1200 1400 Average 007 Max 130 Min 0 00 Now 001 System Usage The System utilization of the device 14 1 2 Interface Flow Select Status gt Performance gt Interface Flow lt shows graphs of incoming and outing traffic through that interface Last 12 Hours Interface Flow Status E p Avg of 1 Minute y Down wg of 1 Minute es 05 y DA Os 0D bits s 000 DEDO 04110 06D gs00 D00 Average up 000 bs Average down O00 b s Hax up O00 b s Max down 000 bs Now up 000 bs Now down 000 bys Ete VAN E Up Avg of 1 Minute a Down Avg of 1 Minute al e 4 Gk bits s O oont 0200 0470 O60 0800 1000 Average up 990 02 b s Average down 127k bs Maz up B 54k b s Max down T2dk b s Howup 154dkbfs Now down B33k brs LAN The LAN utilization of the device WAN The WAN utilization of the device
80. PPTP Client logs BotNet It lists out the working connections for the BotNet Setting and BotNet Record 13 1 3 Logs Search Result Select Logs gt System Operation gt Logs Search Result After click on you will see Logs Search Result as shown in example below Search Result 118 1 gt Time Account IP Address Function Path Action Description 11 13 10 19 44 admin 192 168 189 244 YPN gt PPTP Client PPTP Client List Add Name 11 13 10 14 57 admin 192 168 189 244 YPN PPTP Server Account List Add Enabled 11 13 10 02 11 admin 192 168 189 244 YPN gt IPSec Tunnel YPN IPSec Tunnel List Add Enabled 11 13 09 34 07 admin 192 168 189 244 Login OK Login Login Successful 11 13 08 46 55 admin 192 168 189 244 Login OK Login Login Successful 11 12 18 25 55 admin 192 168 189 244 IDP amp Botnet Botnet Setting Operation Mode Save Enabled MAIS admin 192 168 189 244 Login OK Login Login Successful 11 12 17 37 02 192 168 186 133 Login OK Login Login False 11 12 17 27 54 admin 192 168 189 244 Login OK Login Login Successful 11 12 16 40 33 admin 192 168 186 133 Login OK Login Login Successful 11 12 16 40 30 192 168 186 133 Login OK Login Login False 11 12 16 34 49 admin 192 168 189 244 Advanced Security Intranet protect gt ARP Spoofing Log Search IP Address T Bis ee admin 192 168 189 244 Advanced Security Switch Management Add Interface 11 12 16 20 44 admin 192 168 189 244 Policy gt LAN Policy LAN to WAN Policy Add P
81. PPTP Server IP or Domain Enter a server IP address Remote IP Range Enter the range of remote IP address Enabled Select it to start PPTP Client account Password It displays the password of clients using PPTP to log in to PPTP server 11 3 2 PPTP Client List Select VPN gt PPTP Client gt PPTP Client List It means setting PPTP Client is completed see figure below PPTP List 154 Name Account PPTP Server IP or Domain Remote IP Range Compression amp Encryption Status Enabled Edit Del Log PPTP Client test wic 60 2494 6 185 192168 188 0 23 i lr FS Log Add VPN 195 IFW320 Industrial Firewall Appliance 11 4 VPN Policy The intelligence and power behind the Positive Networks VPN service derives from the Positive VPN Policy Manager The Positive VPN Policy Manager provides the administrator interface that maintains and enforces security policies for all groups and individual users lt is available from an ordinary web browser with a secure login To create a secure VPN connection the settings of IPSec Tunnel PPTP Server or PPTP Client must be set to correlative policies EN The default of VPN Policy does not grant pre control As long as the VPN connection is established successful the two way computer can communicate if Caution only the control of the target was expected through the proposed regulations in the last one against all connections 11 4 1 Internal to VPN and VPN to Internal The control of
82. SL LDAP Admin NNTP POP3 over SSL RLOGIN SMTP VNC BGP GNUTella HTTPS IMAP LDAP over SSL POP3 Real Audio Telnet and WAIS 3 HIM Services using UDP protocol DNS IKE RIP SYSLOG UUCP TFTP NTP and SNMP Port Port number of the client user s PC which is used for connecting to the IFW320 device Range from 0 to 65535 Using default setting is recommended Caution 6 2 2 Service Group To facilitate policy management the IT administrator may create a service group including a group of necessary services D For example ten users from ten different IP addresses request access to five types of services namely HTTP FTP SMTP POP3 and TELNET It Example merely takes one policy with a service group to satisfy the service request of 50 combinations 10 users times 5 services equals to 50 service requests Select Objects gt Services gt Service Group This function regulates the online usage of service Click on 4 2 Create a Service rule Service Name Enter some words for recognition Objects 63 IFW320 Industrial Firewall Appliance Click on ss Select services The figure below shows Service Assist View MEA AFPoverTcP 548 AOL 5190 Pi BGP 179 7 GG ons 53 E FTP 21 E Finger 79 E GNUTella 6346 E Gopher 70 cr no cr HTP eo 7 EE HT PS 443 EE 1 014000 EE KE 500 003 EA marcas EEA Iaent 112 A L2TP 1701 LDAP Admin 3407 E pst e el in LDAP 389 MSN Messenger 18
83. SYN Attack ICMP Attack UDP Attack Port Scan Add Setting Authentication Policy completed you can see the following figure I Policy gt LAN Policy Gat LAN to WAN LAN to WAN Policy No Policy Name Services Action On Off Source Destination Edit Del Log 78 78 78 78 78 78 78 ZE gt v Inside_Any Outside_Any gt groupN Outside_Any N Outside_Any Outside_Any Outside_Any Outside_Any ANY Outside_Any AN Mail Server Pro Inside_Any Mail gt Inside_Any N gt QoS Inside_Any N URL block Web block v v v v Working v v Inside_Any v Inside_Any Outside_Any ANY Mo lll lor le la ln a BE YY 904041010 Inside_Any 192 168 1 118 vVviviviviviiviviyv Outside_Any Let s login AK AXIOMTEK Your IP is Password masses login 90 Objects Objects gt Example IFW320 Industrial Firewall Appliance Here is an example showing how User Group with POP3 mode is used 1 2 Select Objects gt Policy gt LAN Policy Then select the function you need on the right side Click on and set Action to Permit and then set Authentication to testgroup which you have previously set in section 6 9 Authentication Basic Setting Policy Name victest Source Inside_Any v IP Address 192 168 1 118 MAC Address Destination Outside_Any Y IP Address Action Permit Policy Protocol ALL vY Service Port or Group User Def
84. Setting URL completed In addition select Mark tick box and click on to create a new sub content to modify contents or to cancel list URL Group 1 1 Group Name List Create Block Warning Message Action test2 test URL 2 P Add 74 Objects IFW320 Industrial Firewall Appliance gt Here is an example showing how URL Filter is used Example 1 Select Policy gt LAN Policy Then select the function you need on the right side 2 Click on first and set Action to Permit and then select URL Access Control which you have previously set in section 6 6 URL Filter Basic Setting Policy Name Source Ej 2 Inside_Any v IP Address MAC Address Destination y 2 Qutside_Any Y IP Address Action Policy Protocol ALL v Service Port or Group Ej User Defined Y Service Port Software Access Control None v QoS v Schedule URL Access Control Authentication Bulletin Board Max Concurrent Sessions for Each Source IP Address 0 IDP Botnet None Y Packet Tracing Traffic Analysis Firewall Protection SYN Attack ICMP Attack UDP Attack Port Scan 3 Setting URL Policy completed User can browse websites except youtube google and yahoo which are restricted domain names in Blacklist List set by the above policy LAN to WAN Policy 1 1 No Policy Name Source Destination Services Action On Off Policy Edit Del Log Wy Inside_Any Outside_Any ANY O y ANG group Outside_Any gt
85. T MAC 00 0d 48 IN eth0 OUT MAC 00 0d 48 IN eth0 OUT MAC 00 0d 48 IN OUT eth0 MAC SRC 204 IN eth0 OUT MAC 00 0d 48 IN eth0 OUT MAC 00 0d 48 IN OUT eth0 MAC SRC 174 IN OUT eth0 MAC SRC 174 IN OUT ethO MAC SRC 174 Network Services 115 IFW320 Industrial Firewall Appliance 4 Besides users can also use mail Notification Please select E mail and refer to figure below y Kwi Syslog SEUL O CA a a a S Ix n o Y E mail SMTP e mail settings Formatting Custom file formats Custom DB formats DNS Resolution DNS Setup DNS Caching Modifiers Scripting Display Min message count Max message count Disk space monitor Message queue monitor Inputs UDP TCP Secure TCP SNMP Keep alive Test message Defaults Import E xport Product Updates Send syslog alarm messages to A recipient company com Short alarm messages for pagers Send syslog statistics to 7 help ublink org lt 534E E mail ublink org lt 28 ims e f eric ublink org lt 31055 SMTP Username SMTP Password 7 eric a Default e mail delivery options Importance Priority SMTP Port 25 Timeout seconds 30 lt Git IEEE Sensitivity Unspecified X Unspecified v Unspecified E mail lagging options Keep a log file of e mail activity Enable verbose logging View log Delete log 116 Network Services IFW320 Industria
86. WEB FTP Anti virus It filters viruses contained within files transferred over WEB FTP protocol IDP It can identify intrusion packets and react to them in a timely manner il Pause Temporarily disable the policy Start Start the Policy Delete Delete the Policy 4 Edit Edit the Policy 54 Policy IFW320 Industrial Firewall Appliance Traffic Analysis Click on this button you can see the detail illustration of traffic analysis Loa Packet tracing Record Logs of packet transmissions managed by the policy You can click on button to see packet logs Policy 55 IFW320 Industrial Firewall Appliance This page is intentionally left blank 56 Policy IFW320 Industrial Firewall Appliance Chapter 6 Objects In this chapter you can enable the following lists Address Table Services Schedule Qos Application Control URL Filter Virtual Server Firewall Protection Authentication Bulletin Board 6 1 Address Table In Address section the IT administrator may configure network settings of LAN and WAN as well as designate specific addresses in a network as a group An IP address might represent a host or a domain in either case the IT administrator may give it an easily identifiable name for better management According to the network in which an IP address resides it can be categorized into two kinds LAN IP address and WAN IP address Each one can be organized into an address group compr
87. ad the Bulletin Board Select Objects gt Bulletin Board gt Has read the bulletin board gt Has read the bulletin board Group Name IP Address Computer Name When to read the bulletin Kick the group Test Bulletin 192 168 1 111 TING PC 2012 08 23 14 51 37 kick Administrator can see which IP had read content of bulletin board Internal user has to read again if kicked out Objects 97 IFW320 Industrial Firewall Appliance This page is intentionally left blank 98 Objects IFW320 Industrial Firewall Appliance Chapter 7 Network Services This chapter includes services used by the various proxies such as DNS DDNS DHCP Services and High Availability In the Network Services chapter you can enable the following lists DHCP DDNS DNS Proxy High Availability SNMP Remote Syslog Server 7 1 DHCP The DHCP DHCP Dynamic Host Configuration Protocol service allows you to control the IP address configuration of all your network devices from IFW320 appliance in a centralized way When a client host or other device such as networked printer etc joins your network it will automatically get a valid IP address from a range of addresses and other settings from the DHCP service The client must be configured to use DHCP this is something called automatic network configuration and is often the default setting You may choose to provide this service to clients on your LAN only or include devices on WAN zone In this secti
88. agetron Armagetron Advanced battlefield1942 Battlefield 1942 gt battlefield2 Battlefield 2 battlefield2142 Battlefield 2142 dayofdefeatsource game Half Life2 f counterstrike source network game d doom3 Doom3 computer game halflife2 deathmatch Half Life 2 mo mohaa Medal of Honor Allied Assault PEE f liveforspeed A racing game quake halflife Half Life 15 quake Quake teamfortress2 worldotwarcraft World of Warcraft xboxlive Xbox Live subspace Subspace Virus Worms Spyware Block Select All code_red nimda Stock Software Block Select All westfutu HAB gzs R iHa pobo HA stockstar PE gtja MEEF dzh x8 cjis PH AE qianlong 4e hexun AGAR whsp EH das XH Others Select All ciscowpn Cisco WPN server citrix Citrix ICA nep Novell Core Protocol pcanywhere pcAnywhere radmin Famatech Remote Aariialstiator ssh Secure SHell uucp Unix to Unix Copy validcertssl httpcachehit Proxy Cache hit httpcachemiss Proxy Cache miss http dap Download Accelerator Plus http freshdownload Fresh Download http itunes iTunes http rtsp RTSP tunneled skypetostcype Skype to Skype teamspeak Teamspeak ventrilo Ventrilo Add Setting Application Control List completed In addition select WIcheckbox and click on Add to create a new sub content it to modify contents or 7 to cancel list Application Control List 11 Mark Group Na
89. al network mapping is required Select Objects gt Virtual Server gt Mapped IP Add Mapped IP WAN IF 192 165 100 252 Asist Wap to Virtual IP 192 165 1 4 Add Click on to create a new one Click on sit Click on this button for WAN IP address Map to Virtual IP Create a Virtual IP for mapping Setting Mapped IP completed In addition click on to create a new sub content 7 to modify contents or to cancel list Mapped IP List INIA WAN IP Map to Virtual IP Edit Del 192 168 156 4 192 166 1 4 amp Add Objects 79 IFW320 Industrial Firewall Appliance 6 8 Firewall Protection This section allows setting up the rules that specify if and how IP traffic flows through your IFW320 appliance It offers a standard firewall and creates its firewall rules using firewall function In this section you can enable the following lists 6 8 1 Firewall Protection Default firewall function status is Start Select Objects gt Firewall Protection gt Firewall Protection SYN Attack Detection Setting Allow maximum flow 10000 Packet Second s Range 1000 1 0000 Allow maximum flaw for each source IP 1100 Packet Second s Range 10 10000 Flow greater than maximum block Ao Second s Range 10 65536 ICMP Attack Detection Setting Allow maximum flow 10000 Packet Secondisj Range 1000 10000 Allow maximum flaw for each source IF 1100 Packet Second s Range 10 10000 Flow greater than maximum b
90. also known as a zombie Criminals typically use bots to infect large numbers of computers and these form a network called a botnet How do you know you have an infected computer A bot is often created through an Internet port which has been left open without scheduled update A small Trojan horse program can be left for future activation Visiting malicious websites exchanging multi media files or transferring through USB drivers can make you your computer infected When a command is released from the zombie army controller your computer performs automated tasks over the Internet without you knowing it Being a vulnerable server to the swarm your computer will send spam distribution to many computers Enm3 9 How BotNet works Source http en wikipedia org wiki Botnet Why traditional Firewall and IDP do not work Attacks had always been assumed to come from external network therefore security suits such as firewall IDP and anti virus with constant and timely updates were built for different levels of protection IDP Intrusion Detection and Prevention is primarily focused on identifying possible incidents logging information about them and reporting attempts Generally it is built outside a firewall to detect Trojan signature efficiently IDP BotNet 133 IFW320 Industrial Firewall Appliance Mail Servers Lor A ae Botnet Host UTM Firewall IDP BotNet Traditional IDP cannot find BotNet IDP has s
91. ame TEST Bulletin How long to alert bulletin 4 H Before read bulletin deny all outgoing After read bulletin url redirect win google cam Tithe of bulletin test Content of bulletin Good Morning Staff support HTML tag Add Group Name Enter any words for recognition How long to alert bulletin Please enter 0 24 hours Before read bulletin deny all outing Internal users cannot surf Internet if users do not read content of bulletin yet After read bulletin url redirect After bulletin is read user will be redirected to URL address set in this field Title of bulletin Enter any words for your title name Content of bulletin Enter some messages for showing in bulletin board Setting Local Users completed In addition click on to create a new sub content Edit to modify contents or P 1 to cancel list Group List Select Group Name How long to alert bulletin Before read bulletin deny all outgoing After read bulletin url redirect TEST Bulletin 24H x w google corn dd Edit M Del 94 Objects Then select Policy gt LAN Policy gt LAN to WAN Clickon 44 figure below Policy gt LAN Policy Basic Setting Policy Name Source Destination Action Policy Protocol Service Port or Group software Access Control QoS Schedule URL Access Control Authentication Bulletin Board Inside_Any v Outside_Any Y Max Concurrent Sessions for Each Source IP
92. and others WEB Application Block Select All httpaudio Audio over HTTP WEB Mail Block Select All webmail_163 163 126 Yeah webmail_pchome PChome webmail_sohu Sohu Game Select All ppstream PP Stream funshion Funshion Video Others Select All rdp Remote Desktop facebook Facebook hotspot_shield HotspotShield httpvideo Video over HTTP webmail_gmail Gmail webmail_yahoo Yahoo cradio Tornado Broadcast kuaibo Kuaibo Video wne VNC teamviewer TeamViewer vnn_client VNN_Clientw4 v Not Commonly Used Software File Sharing Application Select All 100bao 100ba0 hotline An old P2P 5 soribada A Korean P2P mactella gnutella thecircle P2P applejuice AppleJuice audiogalaxy AudioGalaxy Instant Messaging Client Select All aimwebcontent Alhi web content stun Simple Traversal of UDP Through NAT WEB File Extension Download Block Select All exe Download jpeg Download perl Download rpm Download WEB File Extension Upload Block Select All uexe Upload ujpeg Upload uperl Upload urpm Upload Video Software Block Select All live365 An Internet radio site freenet Anonymous information retrieval opentt A P2P filesharing protocol gnutella P2P mxie bittorrent edonkey limewire Limewire directconnect DirectConnect chikka Chikka SMS service msn filetransfer MSN File Transfer
93. ble 802 1Q DDNS DNS proxy SNMP DHCP client server m Centralized Management System CMS client server m Networking test Ping Traceroute DNS Query Server Link IP route Interface Information Wake Up IPv6 Hardware Standard Color m Silver Black Construction m Extruded aluminum and heavy duty steel IP40 CPU m Intel Atom processor E3815 1 4GHz System I O Outlet m VGA One DB15 connector m USB One USB 2 0 m LAN Two 1000 100 10 Ethernet ports Magnetic isolation protection 1 5KV Power input One DC power input with terminal block Memory Storage 2GB DRAM 2GB CompactFlash System Indicator m System Power Ready Active Power Supply m Wide range 12VDC 24VDC power input with terminal block m DC version OVP UVP Reverse protection Operating Temperature m 0 C 60 IFW320 40 C 75 IFW320 T Storage Temperature m 40 C 85 C Introduction 3 IFW320 Industrial Firewall Appliance e Humidity m 10 95 e Vibration Endurance m 2G 5 500HZz Amplitude 0 35mm operation storage transport e Weight m 1ko eo Certification m CE FCC Part 18 m UL60950 1 compliance e Dimensions m 48x 110 x 155mm EQ All specifications and images are subject to change without notice Note Introduction IFW320 Industrial Firewall Appliance 1 3 I O Outlets The following figures show l O outlets on front view and top view of the IFW320 LED Indicators
94. can see the following figure Virtual Server List WA WAN IP Edit Del 192 168 186 2 7 E Add Setting Virtual Server WAN IP completed you can see the following figure Virtual Server List 11 WAN IP Edit Del 192 168 186 2 PAX 192 168 186 3 sE Add Click on to edit contents and click on to create a new Virtual Server IP Address Add Virtual Server WAN IP 192 168 186 2 Protocol TCP F External Service Port a0 w itual Server IP Address 192 166 1 168 Internal Serice Port ll Enable Server Load Balance Add User can click on 4sit to select External Service Port easily as indicated in figure below 4 192 168 186 79 Program Object portmapdialog php Basic Service Basic Service EtherCAT Ethernet IP MODBUS DNP3 IEC 104 IEC 104 SEC IEC 61850 x lt t_x _ eee eS ea SSS i M Objects 77 IFW320 Industrial Firewall Appliance Or enter a single port Add Virtual Server WAN IP 192 168 156 2 Protocol TCP FY External Service Port 22 Virtual Server IP Address 192 160 1 33 Internal Service Port 2A Enable Server Load Balance Add Setting Virtual Server completed In addition click on to create a new sub content to modify contents or to cancel list Virtual Server WAN IP 192 168 186 2 111 Protocol External Port Virtual Server IP Address Internal Port Edit Del top 80 192 168 1 168 80 P tcp 22 19
95. characters ISAKMP Select aes and sha1 and set DH Group Local ID Default is using WAN IP Address as ID administrator also can use domain as ID For example 1 1 1 1 or abc com Remote ID Used in the same way as Local ID IKE SA Lifetime The default is 3 hours After IKE establishment surpasses the system set time a new IKE will be produced IPSec Select aes and md5 for IPSec And select Auto Pairing to start To start Auto Pairing the system s all calculation combination will converge in the rule If IFW320 SERVE the same combination will be discovered automatically on behalf of the system with the far end segment Perfect Forward Secrecy PFS Set to Yes The default setting is not working and select DH Group IPSec SA Lifetime Set to 1 3 hours The default setting is 3 hours Dead Peer Detection Set up the detection time of DPD the DPD detection s gap is 30 seconds over 300 seconds to think that is the broken line Drop SMB Protocol After the closure Network Neighborhood will be prevented Settings completed For B Company B Company setting steps is similar to A Company setting WAN IP is 61 11 11 11 LAN subnet is 192 168 99 0 24 Figure below shows how to Add IPSec Tunnel for B company Add New Connection Enabled IPSec Tunnel Name Interface Remote IP Address Local Subnet Remote Subnet IKE Setting Phase1 Connection Type Preshare Key ISAKMP Local ID Remote ID I
96. choice modes ping HTTP and HTTPS In addition you can click on to see more detail recorder 1 Ping The network can be detected by Ping commands when ticked 2 HTTP The management interface is available for accessing via HTTP protocol when ticked 3 HTTPS The management interface is available for accessing via HI TPS protocol when ticked Network 43 IFW320 Industrial Firewall Appliance 4 2 Firewall Protect Items There are four multiple choice SYN ICMP UDP and Port Scan lt offers currently available protection In addition you can click on to see more detail recorder DNS Server 1 The IP address of the DNS server used for the bulk of DNS lookups Default setting is 168 95 1 1 HTTP Port HTTP port number for management Default setting is 80 WAN Check Time System administrators can enter the system every interval of time to do more testing unit calculated in seconds Default setting is 3 seconds DNS Server 2 The IP address of the backup DNS server used when the Primary DNS server is unreachable Default setting is 168 95 192 1 HTTPS Port HTTPS port number for management Default setting is 443 Disconnect if idle for The device may be configured to automatically disconnect when idle for a period of time upon using PPPoE connection The minute is a unit of time Default setting is 60 minutes Interface IPv6 IPv4 is not enough anymore until 2021 and previously technical administrators are used to r
97. ction 119 IFW320 Industrial Firewall Appliance 8 1 3 Block Anomaly Outgoing Anomaly 1 Session exceeds 100 and continues 120 seconds default 2 Upload flow exceeds 512 kbps and continues 120 seconds default 3 Download flow exceeds 1024kbps and continues 120 seconds default Incoming Anomaly 1 Session exceeds 300 and continues 120 seconds default 2 Upload flow exceeds 512 kbps and continues 120 seconds default 3 Download flow exceeds 1024 kbps and continues 120 seconds default gt Enter 20 in outgoing anomaly and use 192 168 1 117 for testing this function In addition select Block until administrator to unlock and Example Blocking event notification administrator Inside to Outside Anomaly y Connection Session exceeds 20 and continues 120 seconds Upload flow exceeds 512 Kbps and continues 120 seconds Download flow exceeds 1024 Kbps and continues 120 seconds Outside to Inside Anomaly E Connection Session exceeds 300 and continues 120 seconds Upload flaw exceeds 512 Kbps and continues 1 20 seconds Download flow exceeds 1024 Kbps and continues 120 seconds Action Block OU minutels Block all day Block until administrator to unlock Bandwidth Limited 0 minutels Bandwidth Limited all day Bandwidth Limited until administrator to unlimit Advanced Setup Bandwidth Limited Upload 64 Kbps Download 120 Kbps Your IP is currently blocked please contact the Black Message
98. cts of communication protocols Axiomtek IFW320 can effectively detect who is the man in the middle attack With a Co defense switch physical IP destination can be marked 8 3 1 Spoofing Setup Select Advanced Protection gt Internal Protection gt Spoofing Setup Detection Interface LAH D MiZ ARP Spoofing Alert Value Each source ip address exceeds 100 ARP packets hlinimum value is 50 Automatically Block by Switch Collision Detection IF IF Address Collision Detection Automatically Block by Switch Collision Detection MAC MAC Address Collision Detection amp times hour Block it by switch Automatically Block by Switch Router mac True Address at Co defense Linked abnormal IF block list Port Close Linked Botnet Por Close 20 times minute Block it by switch Notify tern Linked abnormal IP block Botnet Port blocking linked Arp Protection IP collision MAC collision Advanced Protection 125 IFW320 Industrial Firewall Appliance Detection Interface Click to choose an interface s applying security mechanisms There are 2 options here LAN and DMZ ARP Spoofing Alert Value ARP Protection Larger value means lower sensitivity Collision Detection IP Enable auto block to violated IP addresses If it is enabled the access port which has the violated IP will be shut down Collision Detection MAC Enable auto block to violated MAC addresses Default is to detect collision 3 times per h
99. d according to the designated policy consequently any packets that do not meet the criteria will not be permitted to pass The items of a policy include Policy Name Source Address Destination Address Action Protocol Service Port or Group Software Access Control QoS Schedule URL Policy Internet Auth Using Which WAN Maximum Concurrent Sessions per IP Address Drop Skype WEB FTP Anti virus IDP Packet tracing Traffic Analysis WEB Recorder IM Recorder FTP Recorder MSN Recorder and Outgoing Mail The IT administrator could determine the outgoing and incoming service or application of which data packets should be blocked or processed by configuring these items On the other hand IDP belongs to AW models e LAN Policy e WAN Policy 5 1 LAN Policy and WAN Policy In this section you can enable the following lists Policy Name Enter any word for the description of the policy Source Address Source address is based around using the device as a point of reference The initiating point of a session is referred to as the source address Destination Address Destination address is based around using the device as a point of reference The initiating point of a session is referred to as the source address Action It offers two kinds Permit and Drop When it is Permit the policy will be passed On the other hand when it is Drop the policy will be stopped 1 Drop Deny the Policy 2 Permit Allow the Policy
100. d malicious code such as worms and buffer overflow attacks As soon as an attack is suspected IFW320 will immediately notify the IT administrator Moreover an extensive range of reports is available for the IT administrator to analyze Integrated IDP system with attack signature database protects industries from network threats such as Trojan horse virus worms buffer overflow etc Take worm as an example to protect attack from worm the only thing for firewall to do is to close ports As for the file based virus it is outside the scope of firewall protection Axiomtek IFW320 s built in IDP with huge database can inspect all the packets from WEB P2P IM NetBlOS etc IDP Setting IDP Log BotNet Setting BotNet Log 9 1 IDP Setting In order to protect your network from various security threats the device produces timely alerts and blocking mechanisms based upon anomaly flows and the inspection of packet contents Thus it ensures that the network s performance remains efficient and uninhibited This section deals with the configuration settings of IDP IFW320 includes the well known IDS IDS Intrusion Detection System and IPS Intrusion Prevention System system Snort lt is directly built into the IP firewall Snort inline At this time no rules can be added through the web interface hence Snort is usable only for advanced users that can load their own rules through the command line 9 1 1 Basic Setting Select DP amp BotNet gt
101. dress victoria Cancel Certificate Re generate Certificate gt Pa v 8 vic Cancel Certificate Re generate Certificate 4 ye v r User should download generated certificate into their computer laptop or iPad by using https WAN IP Address or Domain HTTPS Port sslvpn php For example https 116 56 238 235 443 sslvpn php Check you interface IP and HTTPS Port see figure below Network gt Interface da WAN Setting Interface Marne eth1 Connection Type Static IP Address Netmask 255 255 255 0 Default Gateway 1921681861 MAC Address 00 00 48 34 64 44 Uo Speedi Max TODO Mbps 1 100Mbps User Define Down Speedi Max 1000Mbps 1 100Mbps User Define speed and Duplex Mode Auto 1000Mb Full MTU 1500 Load Balance Auto Manual 1 By Source IP By Destination IP WAN Alive Detection Detection Method DNS Y ICMP NONE Detected IP Address 160 95 192 1 Administrator Management Ml Ping BHTTP W HTTFS Firewall Protection Firewall Protection Items SYN IMP LIA Port Scan Log General Setting DNS Server Mode Static Auto DNS Server 1 168 95 1 1 DNS Server 2 168 95 1952 1 HTTP Port 80 HTTPS Part 4430 Wan Alive Detection Period 5 1501 Seconds Idle Timeout eo 56501 Minutes SSL VPN 143 IFW320 Industrial Firewall Appliance Enter https 116 56 238 235 443 sslvpn php in your browser and then enter your user account and user password Download generated certificate into your computer laptop or iPad
102. dustrial Firewall Appliance Syslog is a service for remotely logging data For example it allows monitoring video with less network equipment Here use Kiwi Syslog please download the following link http www kiwisyslog com downloads registration aspx 7productType ks amp App ID 876 amp CampaignID 70150000000Es8J After that please do 1 Click exe file e mm a3 Babe y MAZSBE y HAFS y ES FHEARR A ve HEH ie Dropbox de FS KiwiSyslogServer README 12 SE g SolarWinds_LogForwarder_1 1 17_Eval_Setup 2011 1 6 F 01 7 El MOE 3 SolarWinds LogForwarder_1 1 17 Eval_Setup 2011 1 6 F 01 Windows Installe ant m KH Wet Hf 2 iit A al i At o xt Format dit 3 mi H Bw 8 2 xe ae EA ul She E SEE C Ga FREE D ca FREE E DVD RW BSR F AE Ed download sharetech com tw p HiguardWeb 192 168 195 200 W MyDocuments J WebData 192 168 195 200 shi D E 9 ER 192 168 188 109 sola rwin d S Please review the license terms before installing Kiwi Syslog Server 9 2 0 Press Page Down to see the rest of the agreement ISOLARWINDS END USER LICENSE AGREEMENT IMPORTANT READ CAREFULLY BEFORE USING THIS SOFTWARE THIS IS A LEGAL AGREEMENT BETWEEN YOU EITHER AN INDIVIDUAL OR A SINGLE ENTITY AND SOLARWINDS WORLDWIDE LLC COVERING YOUR USE OF ARIAS CRI AMA IRA ES ONE TIVATA FAM ANDMI ISS ATICNAL If you accept the
103. e 6 Finished HA setting Finished HA Setting AD JiSP l WAN 61 10 10 10 LAN 192 168 7102 WAN 61 10 10 10 UserA UserB UserC User D FTP server Mail Server WEB Server HA Synchronizing HA Synchronizing j WAN 61 10 10 10 LAN 192 168 1 102 DMZ 192 168 1 104 LAN 192 168 1 100 DMZ 192 168 1 104 WAN 61 10 10 10 106 Network Services IFW320 Industrial Firewall Appliance Network Services If Master is broken Backup will take over network and becomes Master HA Process Ema if Master power down or LAN fail Noted HA wouldn t switch if HDD fail ADSL 1SP Cable Router LLITS AN 61 10 10 10 Backup lt lt lt Master Backup gt gt gt Master i LAN 192 168 1 102 LAN 192 1881100 Po SS lt gt d UserA UserB UserC UserD FTP server Mail Server WEB Server When the original Master is fixed and back again it becomes Backup HA Master back Em after finished fixing Master Backup becomes Master ADSL ISP Cable Router Mees WAN 61 10 10 10 f Backup 192 168 7 102 i WAN 61 10 10 10 Master LAN DMZ 192 168 1 104 LAN 192 168 1100 po E e 0d UserA UserB UserC UserD FTP server Mail Server WEB Server 107 IFW320 Industrial Firewall Appliance 10 HA operation HA Operation WAN 61 10 10 10 fl SY DMZ 192 168 1 104 Backup lt lt lt Master
104. e Network Metwork Mame gmall IF and Metmask 24 125 031 106 255 255 255 0 fad F Add The following figure shows WAN IP Address lists Select IP Mode P 4 Er Advance Destination 1 1 Network Name IP Address Group Name gmail 74 125 31 0 24 dd Edit Del Objects 61 IFW320 Industrial Firewall Appliance 6 1 4 WAN Group WAN Group is set in the same way as LAN Group When you want to use WAN Group just select Policy gt WAN Policy gt WAN to LAN Click on and set Action to Drop and then set Source to which you have just set in section 6 1 Address Table The following figure shows WAN Group lists Select IP Mode IP 4 Outside Network 1 1 Mark Group Name Member gmail group r4 125 331 024 hotmail group 207 46 140 0724 dd Edit Del 6 2 Services TCP and UDP protocols support a variety of services and each service consists of a TCP port or UDP port number such as TELNET 23 FTP 21 SMTP 25 POP3 110 etc This section has two types of services that is Pre defined service and Service group Pre defined service includes the most common used services using TCP or UDP protocol It allows neither modification nor deletion while Custom service allows modification on port numbers based on the situation EN When configuring Custom service the port number setting for either client port or server port falls between 0 and 65535 The IT administrator mere
105. e cleaned using a product designed for cleaning that component if this is the case it will be mentioned in the cleaning Cloth A piece of cloth is the best tool to use when rubbing up a component Although paper towels or tissues can be used on most hardware as well we still recommend you to rub it with a piece of cloth Water or rubbing alcohol You may moisten a piece of cloth a bit with some water or rubbing alcohol and rub it on the computer Unknown solvents may be harmful to the plastics parts m Vacuum cleaner Absorb the dust dirt hair cigarette particles and other particles out of a computer can be one of the best methods of cleaning a computer Over time these items can restrict the airflow in a computer and cause circuitry to corrode Cotton swabs Cotton swaps moistened with rubbing alcohol or water are excellent tools for wiping hard to reach areas in your keyboard mouse and other locations Foam swabs Whenever possible it is better to use lint free swabs such as foam swabs It is strongly recommended that you should shut down the system before you start to clean any single components Note Please follow the steps below 1 Close all application programs 2 Close operating software 3 Turn off power switch 4 Remove all devices 5 Pull out power cable Scrap Computer Recycling If the computer equipments need the maintenance or are beyond repair we strongly recommended that you should inform yo
106. e php faction sdetined zclassname 2 Group Name Risk Level ATTACK RESPONSES command completed ATTACK RESPONSES file copied ok ATTACK RESPONSES successful gobbles ssh exploit GOBBLE ATTACK RESPONSES successful gobbles ssh exploit uname ATTACK RESPONSES command error ATTACK RESPONSES Invalid URL ATTACK RESPONSES directory listing ATTACK RESPONSES index of cgi bin response L L L L OM Mo OM L L L E Mo 9 2 IDP Log 9 2 1 IDP Log Select IDP amp BotNet gt IDP Log gt IDP Log IDP Log List IT administrators can see IDP log here 9 2 2 IDP Log Search Select or type information you want to search see figure below and click on zren IDP BotNet 131 IFW320 Industrial Firewall Appliance Search IDF Log Date 2014 11 12 EB 00 00 2014 11 12 amp Risk Level All 7 2359 T Interface All 7 Destination IP Address fs Protocol Al b Search After clicking on 2 you will see Logs Search Result as shown in example below gt Search Results 1 5 1 lt 4 4 gt gt gt Export Date Event Group Name Risk Level Interface Source IP Address Destination IP Address Protocol Source Port Destination Port 132 IDP amp BotNet IFW320 Industrial Firewall Appliance 9 3 BotNet Setting Traditional built in UTM firewalls and safeguards can no longer be an effective defense against new virus attack bot
107. ection with your Windows operating system Example d TCPAP Settings IP Settings DNS WINS Options IP addresses IP address Subnet mask Default gateways Gateway TCPAP Address IP address Subnet mask For your reference please configure your management address based on the available subnet ranges 10 0 0 0 10 255 255 255 172 16 0 0 172 31 255 255 or Caution 192 168 0 0 192 168 255 255 8 Getting Started IFW320 Industrial Firewall Appliance 2 2 1 LAN Select Network gt Interface gt LAN see figure below LAN Interface Setting Name Lan Interface Name eth Enable NAT T IF Address 192 165 1 1 Metmask 255 255 255 0 Up Speed 102400 Kbps Down Speed 102400 Kbpsi MAC Address 00 00 40 34 64 43 speed and Duplex Mode Auto MTU 1500 ARP Spoofing Prevention Enable Every 30 seconds range 1 B00 send 3 times in a row Administrator Management Administrator Management Ml Ping W HTTP HTTFS O Save Multiple Subnet 111 Name Bind IP Address Netmask WAN Interface IP Operation Mode Edit Del Add Name Enter a name that you remember easily IP Address Enter a new IP address Default setting is 192 168 1 1 Up Speed Up Speed Upstream Bandwidth The Kbps is a unit of Soeed Define a suitable maximum Upstream bandwidth in order that the device may use it as a basis for operating If Up Speed of LAN interface is 100M it can be setup to 102400Kbps Therefore 1Gbps will be se
108. ee ne ee te ee ne ene eee arn ee es 161 12 1 5 PRO E O 164 12 1 6 INTEMACE INTOMMAUNOM aie se O al 165 Pai Wake UO ras nea 166 12 2 Remote Management cccccscceesesesseenseeseeeeseeaseonseeessecaseoeseeeasens 167 1351 System Opera canina 169 13 1 1 A 169 13 1 2 o A 170 13 1 3 Mojo ASS AA A 171 Chapter 14 Stats an VES 14 41 POFrOEMAnee susana 173 14 1 1 SYS SM Stat inercia 173 14 1 2 PVC ACS AO Went cds 174 14 1 3 PISTON lal S rado 175 14 2 Connection Stats iii ds 176 14 2 1 Computer iS urnas 176 14 3 xii 14 2 2 SONO a bak eae el e 176 FIOW ANAIS IS anna 178 14 3 1 TONO cacas ba 178 14 3 2 TOON POM FIOW sosisini aaia E aE a Eaa 179 14 3 3 TOON SC ANC hnn a a aaa aa a 180 IFW320 Industrial Firewall Appliance Chapter 1 Introduction Industrial automation industries adopt TCP IP protocol to simplify development and maintenance However this exposes equipment to cyber attacks and malware The IFW320 comes with Firewall and VPN features making it an ideal choice for industrial firewall appliance It is also suitable for Ethernet security application in sensitive remote control or monitoring networks such as in oil gas water amp wastewater power or factory automation system Equipped with stateful packet inspection Denial of Service DoS and Intrusion Detection amp Prevention IDP features the Firewall appliance could be used to protect machine and equipment connecting to un trusted Internet
109. ely on IPv4 with NAT mode As for now IPv6 which offer more flexible for distributing IP address and routing table turn up Compared to IPv4 the most obvious advantage of IPv6 is its larger address space IPv4 addresses are 32 bits long and number about 4 3x10 4 3 billion IPv6 addresses are 128 bits long and number about 3 4x10 340 Undecillion 44 ES IPv6 Auto Configuration is a new concept with IPv6 It gives an intermediate alternative between a purely manual configuration and stateful auto configuration Note 4 2 1 LAN Select Network gt Interface IPv6 gt LAN LAN IPV6 Setting Enable IPYB LAM feth0 IF ex 2001 288 1111 25 06t IF 6 Auto Configuration Start e Stop Inside To Outside Connection Type AR Routing MAT O Save Network IFW320 Industrial Firewall Appliance IPV6 LAN eth0 IP Enter IPv6 address IPv6 Auto Configuration It s like IPv4 DHCP It automatically distributes IPv6 address to among LAN internal users 4 2 2 WAN Select Network gt Interface IPv6 gt WAN WAN IPV6 Setting PE Model Dave IPv6 Model It offers 3 ways 1 Static 2 Tunnel 3 PPPoE 4 2 3 DNS Server Select Network gt Interface IPv6 gt DNS Server DNS IPV6 Setting DNS Server 1 fex 4U01 bUU0 1 DNS Server 4 ex 007 bBO00 41 El Save DNS IPv6 Setting Please enter related DNS Server information Network 45 IFW320 Industrial Firewall Appliance 4 3 Routing The rout
110. enable the following lists see figure below Timezone and Time Time one Asia Talpel T Time 17 40 vo 021015 7 Date 10 November 2014 Sync with NTP Server Sync with NTP Server Enabled Time Server tirme stdtime gov tw TimeLog Refresh Select Time Serer Taipei 7 Define Time Server time stdtime gow tw bl Save Configuration 15 IFW320 Industrial Firewall Appliance 3 1 1 Setting Select Configuration gt Date amp Time gt Setting There are two parts Timezone and time and Network Time Retrieval Method 1 Synchronize to the local computer see figure below Timezone and Time Time Zone Asia Taipel Time 17 fF 40 T 15 F Date 10 November 2014 Time Zone Select your country time zone Time Select the local time Date Select the local date Click on 3 Method 2 The date and time settings can be configured by either synchronizing to an Internet Network Time Server Sync with NTP Server Sync with NTP Server Enabled Time Server time stdtime gov tw Time Log Select Time Server Taipei T Define Time Server time stdtime gow tw El save Sync with NTP Server Select Enabled in Network Time Retrieval Selected Time Server Select your country time server Click Click on TimeLos to check time log information and it keeps within three days log information Clickon 3 16 Configuration IFW320 Industrial Firewall Appl
111. epartment 192 168 4 1 24 Internal gt 168 85 88 250 External Accounting Department 192 168 5 1 24 Internal gt 168 85 88 249 External The IT administrator must renew his her own PC s IP address upon using a DHCP server It is to assure the access validity of the management interface Note after the change of LAN interface IP address To renew the IP address distributed by a DHCP server you may simply follow two steps 1 Reboot computer 2 Enter cmd in the Run window and enter ipconfig release and then enter ipconfig renew the IP address is successfully retrieved Network 41 IFW320 Industrial Firewall Appliance gt Here is another example showing whether or not to bind to interface 1 Select Bind to Interface s Don t select Bind to Interface s Example i i LAN 192 168 1 161 LAN 192 168 1 161 Static Routing 4 IP 192 168 142 1 7 a K f 7 Sees A switch _ WAN 192 168 1 163 E WAN 192 168 1 162 G _ 4 A Kz Pe a router Sees CA A y Ses Y LAN 192 168 99 253 lies Y LAN 192 168 88 1 192 168 99 250 Ly 192 168 88 2 z p J 4 1 2 WAN Select Network gt Interface gt WAN The WAN Interface Setup is as follows WAN Setting Interface Mame eth 3 Connection Type Static IP Address 192 160 166 79 Metmask 255 255 255 0 Default Gateway 192 168 156 1 MAC Address 00 00 48 34 6444 Up Speedi Wax 1000mbps 100MmMbps User Define Down Speedi Wax 1000mMbpsj
112. er s IP address into the private IP address in the LAN network Virtual Server owns another feature known as one to many mapping This is when one real server IP address on the WAN interface can be mapped into many LAN network servers to provide the same service private IP addresses This section covers the functionality and application of Virtual Server and Mapped IP In this Virtual Server section you can enable the following lists 6 7 1 Virtual Server lts function resembles Mapped IP s But the Virtual Server maps one to many That is to map a Real IP Address to LAN Private IP Address and provide the service item in Service Select Objects gt Virtual Server gt Virtual Server Click on 4 button to create a new virtual server Click on sit Select IP address It offers WAN Interface Here we suggest that you use static IP Assist Select MAC Address 00 00 45 34 54 44 Metmask 255 255 255 0 Using IP Address 192 168 156 795 Broadcast 182 166 166 255 start Candidate 192 160 106 1 End Candidate 192 160 106 254 Wan Interface jee Joer pesa less fees ofm o jeee ojm oer o smn acana foficrrons o ferns o moire ooo rm o srrrsa o from o rara o mia o owe rm o meras oro o mew o mes o reso o marea o rro o ares o rea o ees o mera o ero o aaa o mes o jarro o mera 76 Objects IFW320 Industrial Firewall Appliance After Virtual WAN IP is selected you
113. er used for the bulk of DNS lookups The second DNS Server The IP address of the backup DNS server used when the Primary DNS server is unreachable The first WINS Server When the PPTP clients enter the PPTP Server assigns for the far end client WINS server address The second WINS Server When the PPTP clients enter the PPTP Server assigns for the far end client WINS server address Click on v Start PPTP Server VPN IFW320 Industrial Firewall Appliance 11 2 2 Add Account Select VPN gt PPTP Server gt Add Account Add Account Enabled Y Account axiamtek Password ssssssesees show Password Client IP Address Assign by PPTP Server Y Assign by PPTP Server User Define IP Address Add Enabled Select Enabled to start this account Account Enter an account Password Enter a password Client IP Address Assign lt offers three ways 1 Use Allocation IP Address The IFW320 will distribute IP address to the VPN PPTP users automatically User Enter IP Address The VPN PPTP users should use the IP address you enter 3 Enter IP Address and Range The VPN PPTP users should use range of the IP address you enter dd Check IP address after connecting to PPTP ca C A WINDO WS system32 cimd exe GC gt ipconf ig Windows IP Configuration Ethernet adapter MERER Connection specific DNS Suffix IP 192 168 161 117 Subnet Mask gt 255 255 255 0 Default Gateway 192 1
114. erface the host is connecting VPN 147 IFW320 Industrial Firewall Appliance 148 Remote IP Address The IP or fully qualified domain name of the remote host 1 IP Address or Domain Enter an IP Address or Domain 2 Dynamic Follow Dynamic IP address Local Subnet The local subnet in CIDR notation 13 For instance 192 168 15 0 24 Example Remote Subnet This is only available for net to net connections and specifies the remote subnet in CIDR notation D For instance 192 168 16 0 24 Example Connection Type There are two types 1 Main 2 Aggressive Preshare Key Enter a pass phrase to be used to authenticate the other side of the tunnel ISAKMP ISAKMP Internet Security Association Key Management Protocol It provides the way to create the SA SA Security Association between two PCs The SA can access the encoding between two PCs and the IT administrator can assign of which key size or Preshare Key and algorithm to use The SA comes in many connection ways 1 AES AES Advanced Encryption Standard All using a 128 bit 192 bit and 257 bit key AES is a commonly seen and adopted nowadays 2 3DES DES Data Encryption Standard Triple DES is a block cipher formed from the DES cipher by using it three times lt can achieve an algorithm up to 168 bits 3 SHA1 The SHA1 is a revision of SHA SHA Secure Hash Algorithm lt has improved the shortcomings of SHA By producing summary hash values it
115. es Axiomtek IFW 320 can be configured in one of two primary methods Bridge mode and NAT mode Before running the base station it is suggested to check your present network environment first Please see the following configuration instructions 1 NAT Mode IFW 320 is suggested to be located behind a router and or NAT device Each port should be assigned to different segments see figure below NAT Mode Rout Internet D 4 0 E kK gt Switch ee hi a a L Network 37 IFW320 Industrial Firewall Appliance 38 If NAT mode is adopted to be the operational mode please refer to the following form for more information before configuration Administrator Password Internal IP Netmask WAN1 IP a Network Settings Default Default Gateway Primary DNS Server Secondary DNS Server Administrator Password System administrator password Internal Interface IP Netmask Use internal IP e g 192 168 1 99 255 255 255 0 Always on the internal network segment External Interface IP Netmask Use external IP e g Line ISP and ADSL Apply IP e g 39 120 84 132 255 255 255 0 Default Gateway Default route that connects to routers of the external interface port or IP addresses for an ADSL router DNS Server IP Internal DNS server and external DNS server Bridge Mode IFW 320 is suggested to be located behind a router firewall and or NAT device In bridging LAN IP can be set up and
116. et IP or Domain Enter the destination address for the packets Package Size Configure the size of each packet Default setting is 40 Bytes Max Next Hop Enter the maximum number of hops Default setting is 30 Nodes Wait Time specify the duration to wait between successive pings Default setting is 2 seconds Tracing Methods There are ICMP UDP and TCP Source Interface Select the interface that the packets will originate from There are LAN and WAN 160 Tools Tools IFW320 Industrial Firewall Appliance 12 1 3 DNS Query Query DNS detailed data which include ANY SOA NS A Record MX CNAME PTR from local host IFW320 or specific DNS server Select Tools gt Connection Test gt DNS Query Enter some information in the field and click on 29 Then you will see DNS Query Result DNS Query Setting Using DNS Server User Define 1b0 195 1 1 Max 50 characters Domain or IP to Query ww axlamtek corn tw Wax 50 characters Query Type ANY OOF DNS Query Result Mo Record Using DNS Server Enter a DNS server IP address or domain name in this field Max 50 Characters Domain or IP to Query Enter an IP address or domain name in this field Max 50 Characters Query Type Select the interface from the list There are ANY SOA NS Record A Record MX Record CHAME and PTR 12 1 4 Port Scan To inquire the Port Scan detailed material which at present can inquire the server to open to serve
117. etting if not the email will be sent from the first SMTP setting Clickon Setting SMTP Server completed In addition click on 4 to create a new sub SMTP 7 to modify its contents or to cancel list SMTP Server No Sender Alias Sender Name Mail Server IP Address Account SMTP Test Edit Del Admin victorlai axiomtek com tw axiomtek com tw victoria lalala F Add Click on TEST To test whether your SMTP is fine or not please click on TEST see figure below The page at 192 168 186 79 says x Configuration Please Input Recipient Mail Address AE O SMTP Server No Sender Alig SMTP Test Edit Del 1 Admin victoria f If users got email as below your setting is correct Otherwise user has to check user s SMTP server setting again Search E inbox Thisisa SMTP EJ dd P N e A Le ta Pl ease choose a command Y Write Reply Replay Forward Print From Admin To ting sharetech com tw ih Subject This is a SMTP Test Mail Your SMTP Server works fine Configuration 23 IFW320 Industrial Firewall Appliance Or you can also create other SMTP servers to get your notifications information For instance you can use Gmail SMTP server as below SMTP Server Add SMTP Server sender Alias Customize Admin sender Marne bumuzema 495i gmail corn Mail Server IP Address smtp gmail com Account bumuzema 495i gmail corn Pass
118. f 08 00 SRC 192 168 1 111 DST 111 254 180 144 LEN 144 TOS 00 PREC 0x00 TTL 128 ID 8170 DF PROTO UDP SPT 30139 DPT 34524 100 10K MPH 13 44 08 28 2012 Please click on Luz Figure below shows packet Tracing Log 192 168 1 161 Program Rule Getrulelog php sn 1346057503_15 amp order 1 amp comment amp direct LAN to WAN Policy Time 2012 08 28 13 48 21 2012 08 28 13 48 21 2012 08 28 13 48 21 2012 08 28 13 48 21 2012 08 28 13 48 21 2012 08 28 13 48 21 2012 08 28 13 48 21 2012 08 28 13 48 21 2012 08 28 13 48 21 2012 08 28 13 48 21 2012 08 28 13 48 21 2012 08 28 13 48 20 2012 08 28 13 48 20 2012 08 28 13 48 20 2012 08 28 13 48 20 2012 08 28 13 48 20 2012 08 28 13 48 20 2012 08 28 13 48 20 2012 08 28 13 48 20 2012 08 28 13 48 20 2012 08 28 13 48 20 2012 08 28 13 48 20 2012 08 28 13 48 20 2012 08 28 13 48 20 SRC IP 192 168 1111 65 55 223 29 192 168 1 111 64 4 44 51 192 168 1 111 36 226 38 217 192 168 1 111 64 4 44 51 66 220 151 99 66 220 151 99 192 168 1 111 192 168 1 111 64 4 44 51 114 37 114 12 192 168 1 111 64 4 44 51 192 168 1 111 192 168 1 111 65 55 223 29 65 55 223 29 192 168 1 111 64 4 44 51 64 4 44 51 192 168 1 111 DST IP 65 55 223 29 192 168 1 111 36 226 38 217 192 168 1 111 65 55 223 29 192 168 1 111 66 220 151 99 192 168 1 111 192 168 1 111 192 168 1 111 64 4 44 51 66 220 151 99 192 168 1 111 192 168 1 111 64 4 44 51 192 168 1 111 65 55 223 29 64 4 44 51
119. f LAN PCs must be configured within the range between 192 168 1 2 and 192 168 1 254 inclusively and assigned the subnet mask of 255 255 255 0 2 1 2 Account and Password Default Setting You will be prompted for the user name and password when accessing the management interface see figure below Authentication Required The server http 192 166 7 165 80 requires a username and pasword The server says MS UTH User Name admin Log In Cancel Account Default setting is admin Password Default setting is admin Click Log In Getting Started 7 IFW320 Industrial Firewall Appliance 2 1 3 Default Language The default language for management interface is English Select Configuration gt Language gt Language Then there are three languages English Traditional Chinese and Simplified Chinese Select one language which belongs to you Click on H Configuration gt Language Language Language English Traditional Chinese simplified Chinese oY 2 2 Starting Machine Up In this section we provide LAN setup and WAN setup configurations for starting machine up ES When you want to configure a new LAN interface address please do if the company s LAN IP address does not belong to subnet of 192 168 1 0 24 default Note the Administrator must add change PC IP address to be within the same range of the LAN subnet For example here is how to add multiple IP address 192 168 1 2 in LAN conn
120. fies the DNS to be used by your clients Since IFW320 appliance contains a caching DNS server the default value is the firewall s own IP address in the respective zone Lease time minutes This defines the default maximum time in minutes before the IP assignment expires and the client is supposed to request a new lease from the DHCP server Max lease time minutes In order to avoid IFW320 using the same IP this is used to set maximum lease time we can establish for the same IP Default Gateway The default gateway of the LAN Domain name This is the default domain name that is passed to the clients When the client looks up a hostname it will first try to resolve the requested name If that is not possible the client will append this domain name preceded by a dot and try again 7 1 3 DHCP Static IP Select Network Services gt DHCP gt DHCP Static IP In this section if you have selected Get static IP address from DHCP Server tick box you will see DHCP Static IP list here DHCP Static IP List 111 Interface Computer Name IP Address MAC Address LAN victoria 192 166 1 111 40 61 86 66 FC FF 100 Network Services IFW320 Industrial Firewall Appliance 7 2 DDNS DDNS DDNS Dynamic DNS it allows you to make your server available to the Internet even though it does not have a static IP address To use DDNS you must first register a sub domain with a DDNS provider Then whenever your server connects to the Internet a
121. formance See figure below System Time server Date Time 2014 11 10 173r a0 Current Timezone Asla Taipei server Uptime 10 days hours 43 minutes 5ystem Resource oystem Loading 0 00 0 0 2 0 12 RAM 1 GB Flash 1 146 MB 2 3 4 System Information and Server Service The Server Model and Server Version of the machine see figure below 1 y Service works 2 Y Service does not work Server Info Server Model IFW320 Server version 6 1 9 Machine s Number 1410900111 Server Service DHCP Services DONS Services IPSec WPN Service HA 00060 Getting Started IFW320 Industrial Firewall Appliance 2 3 5 Administrator Login The administrator log in name IP address the number of people login in the meantime also how long it takes to automatically renew the home page news Or establish the time in which the system automatically renew in every three five ten 20 30 seconds 2 3 6 Interface Equipment Interface details see figure below Interfaces More Name LAN AN Interface eth eth Connect Status Line Status 2 ce IP Address 192 165 1 1 152 166 156 7 T 5 94 362 486 Total Packets Rx 31 8672 1 650 705 T 1 4064 59 584M Total Flow byte Rx 3 67 Mi 143 93M Name The system catches network contact surface name Connect Status Indicate whether the network is unimpeded 1 Y Connect up 2 a It does not connect the Internet Line Status Whether the judgment network does connec
122. gain service Status Start Stop Mote It will take a few seconds to start please be patient Local Interface Local Port 307 387 Max concurrent connections z0 Range 20 50 10 8 0 0 l ESS ESS ae 0 Client IP range need Client IP Range different with LAN DMZ interface DNS Server 1 1653511 DNS Server 2 taaan WINS Server 1 WINS Server 2 Certificate Setting CA s Mame LAF SSLYPR CA Country Ty 12 Province or state TC City Taipei Organization Common Inc Unit LAF VY Team Certificate Name LAFWSSLYPRCA Certificate E mail helpmcomman corn server Mame LFP SSLVPN_ SERVE Service Status Select Start Stop to start stop this function Note that it will take a few seconds to start please be patient Local Interface 1 Default 2 Custom 3 WAN Local Port Default setting is 387 Max concurrent connections Range from 20 50 Client IP Range Client IP ranges need to be different from LAN interface DNS Server 1 The IP address of the DNS server used for the bulk of DNS lookups 140 SSL VPN IFW320 Industrial Firewall Appliance DNS Server 2 The IP address of the backup DNS server used when the Primary DNS server is unreachable WINS Server 1 Windows Internet Name Service WINS is Microsoft s implementation of NetBIOS Name Service NBNS a name server and service for NetBlOS computer names WINS Server 2 All WINS clients should be configured to use a primary WINS server and a d
123. her 00 0d 48 33 d0 41 E 192 168 156 77 ether lcbfbs 4bi5o eo C 12 1 7 Wake Up Click on to select which IP users want to wake it up Wake Up Using Interface amp IP LAM F o Asist MAC Address 00 d 46 32 48 11 OOF 166 Tools IFW320 Industrial Firewall Appliance 12 2 Remote Management In this section we will show you how to implement efficient and easy remote management to IFW320 through Axiomtek AXView 2 0 This function gives you the possibility to access IFW320 management interface from a host device Follow the steps given below 1 Install AXView 2 0 in a host device then launch Remote Manager program to view IFW320 From figure below you can see that IFW320 is found and added to Device List a Device List Y Device Event Log Remote Browse IF W320 2 Double click on IFW320 and you may get a message asking whether you want to open the browser ES Do you want to open the browser Sy EN 3 Click on Yes to start browser which will connect automatically to IFW320 management interface Default HTTPS port number is 443 If you have changed the default HTTPS port number in management interface you must add that new port number manually to the end of URL e g https 192 168 1 1 4433 where 4433 is new port number Tools 167 IFW320 Industrial Firewall Appliance This page is intentionally left blank 168 Tools IFW320 Industrial Firewall Appliance Chapter 13 Logs
124. iance Method 3 This might be necessary if you are running a setup that does not allow Axiomtek to reach the Internet Sync with NTP Server Sync with MTP Server Enabled Time Server time stdtimne gov tw Time Log select Time Server Talpel Define Time Server time statime gow tw El have Sync with NTP Server Select Enabled in Network Time Retrieval User Defined Time Server Enter a time server you know Click on _2efesh_ Click on TimeLoz to check time log information and it keeps within three days log information Click on 3 3 2 Administration This section mainly explains the authorization settings for accessing It covers the subjects of Administrator Setup System Setup Manage IP Address Clear Data and SMTP Server setting In this section you can enable the following lists 3 2 1 Administrator Select Configuration gt Administration gt Administrator The default account and password are both admin IT administrator can create several sub administrators with different permission and menu customization In addition default admin is permitted to use all privileges and all menus such as the privileges of packets that pass through the equipment and monitoring controls Admin system manager can manage monitor and configure setting of functions Some sub administrations account are set to Read it is read only and is not able to change any setting of the machine Account En
125. ice 192 168 254 254 Kernel Notice 132 168 254 254 Kemel Notice 192 160 254 254 Kemel Notice 192 168 254 254 Kernel Notico 152 168 254 254 Kemel Notice 192 160 254 254 Kemel Notice 192 168 254 254 Kemel Notice 192 168 254 254 kemet CEMMaABSysloo Y keset 080708184601 ACCEPT LOG 30 1200 00 2011 keenet 0912181654006 ACCEPT LOG The Jun 30 12 00 00 2011 keenet 091218164006 ACCEPT LOG Tha Jun 30 12 00 00 2011 keenet 091718164006 ACCEPT LOG The Jun 30 12 00 00 2011 keenet 060700184601 ACCEPT LOG Jun 30 12 00 00 2011 kesnet 060708 dun 30 12 00 00 2011 184601 ACCEPT LOG keenet 080708 Jun 30 12 00 00 2011 keenet 060708184601 ACCEPT LOG Jun 30 12 00 00 2011 keenet 091218164006 ACCEPT LOG Thu Jum 30 11 59 59 2011 keenet 060708164601 ACCEPT LOG Jun 30 11 59 59 2011 708184601 ACCEPT LOG keenet 080 dun 30 11 59 59 2011 keenet 060708 dun 30 11 59 59 2011 k 184601 ACCEPT LOG esnet 080708 Jun 30 11 59 59 2011 keenet 080708184601 ACCEPT LOG Jun 30 11 59 59 2011 kenet 060708164601 ACCEPT LOG dun 30 11 59 59 2011 kesnet 060708184601 ACCEPT LOG dun 30 11 59 59 2011 keenet 060708184601 ACCEPT LOG dun 30 11 59 59 2011 184601 ACCEPT LOG 184601 ACCEPT LOG 708184601 ACCEPT LOG SAC 61 220 8 48 DS T 192 168 254 253 PROTO UDP SPT 6150 DPT 53 LEN 73 WAN 1 DIR MARK 10192
126. ide_Any 0 7B 7 Y Web block Inside_Any Outside_Any gt gt Y SB 8 oY Inside_Any Outside_Any ANY gt gt Es 7B g v victest 192 168 1 118 Outside_Any gt G SW Inside_Any Outside_Any gt gt 2B gt gt dx Add Then you will see Syslog such as the following figure It s similar like packet Tracing Log ES File Edit View Manage Help Update available a m A Display 00 Default y Compare features of the free and licensed versions Date Time Priority Hostname Moron a UULULUIE 13 31 06 Lutan IM 13L 1UU 1 104 muy cu BEN IY WUyYUL IL UY SIMI US II GU UU EP MA UU UU UU LU IL UU SRC 1 92 168 1 111 DST 118 167 76 64 LEN 138 TOS 00 PREC 0x00 TTL 128 ID 8193 DF PROTO UDP SPT 301 39 DPT 33351 08 28 2012 13 31 06 Locall Info 192 168 1 161 Aug 28 13 31 10 I7fw ulogd 13266 1346057503 15 IN ethO OUT MAC 00 0d 48 0e 26 f2 40 61 86 66 fc ff 08 00 SRC 192 168 1 111 DST 192 168 26 164 LEN 52 TOS 00 PREC 0x00 TTL 128 ID 8188 DF PROTO TCP SPT 49780 DPT 5000 08 28 2012 13 31 03 Locall Info 192 168 1 161 Aug 28 13 31 07 I7fw ulogd 13266 1346057503 15 IN eth0 OUT MAC 00 0d 48 0e 26 f2 40 61 86 66 fc ff 08 00 SRC 192 168 1 111 DST 118 167 76 64 LEN 138 TOS 00 PREC 0x00 TTL 128 ID 8183 PROTO UDP SPT 30139 DPT 33351 08 28 2012 13 31 01 Locall Info 192 168 1 161 Aug 28 13 31 05 I7fw ulogd 13266 1346057503 15 IN OUT eth0 MAC SRC 157 55 130 143 DST 192 168 1 111 LEN 141 TOS 00 PREC 0x00 TTL 50 ID 0 DF PROTO UDP SPT 40
127. ifferent secondary WINS server The secondary would normally be the hub server Certificate Settings Enter your computer certificate information for SSL VPN users Do not forget to select Start to begin SSL VPN 10 1 2 SSL Client List Please create an account in Objects gt Authentication gt Local User Create authentication account A Objects gt Authentication Local User Add User Account Name IC maximum 16 characters Account vic maximum 16 characters Ej Password sm Please input 3 to 16 characters not the same with account Password Strength Weak Fair strong a Confirm Password seems show Password Require Password Change at Next Login Account Expiration Date 2014 12 31 40 Det 2014 gt Sun Mon Tue Wed Thu Fr Sat 442 20 1 A N 7 amp a 10 11 12 13 14 15 16 17 12 12 20 al 22 E AO E 22 29 30 Bee 1 2 3 4 2 8 Y 810 a Clear Today OK Authentication user list Teenie Account Choose File No file chosen 111 bh impor Name Account Require Password Change at Next Login Account Expiration Date victoria victoria Mo 2015 11 12 2014 12 31 idd Edit Del SSL VPN 141 IFW320 Industrial Firewall Appliance Then select Objects gt Authentication gt User Group Click on to create a new Authentication User Group Add Group Member Group Mame GroupA General setting Auth Setting User defined setting select usertype Local Y victoria I
128. ignature to detect BotNet and points out problems within mail server internal server or package from external IP In the meanwhile administrators thought appliances were infected and was ready to delete virus and reboot the system however problems cannot be solved Traditional network security appliances were made under assumption that The internal network is safe which now becomes the chief defect Solution Axiomtek UTM integrated with BotNet together with in built NAT it can explicitly point out the real attack running hidden and suspense malicious software spreading in the internal network Mail Servers Botnet Host ShareTech UTM Bothet UTM integrated with BotNet If a firewall has been built in the network environment the figure on the left is for your reference Please enable Axiomtek Bridge mode All packets going through original UTM or firewall will be detected and the problematic computer will be found as well Botnet Host ShareTech UTM Firewall IDP UTM BotNet in Bridge mode Integrated with original UTM Firewall 134 IDP amp BotNet IFW320 Industrial Firewall Appliance 9 3 1 Operation Mode Select DP amp BotNet gt BotNet Setting gt Operation Mode Before importing zombie blocking mechanism enable Sniffer mode and all packets will be led to engine After analyzing log for several days we can know we are being infected or not In Sniffer mode malicious packets cann
129. improvement of bandwidth utilization as a result of enforcing QoS by showing before and after comparisons In this section you can enable the following lists 6 4 1 QoS Setting Select Objects gt QoS gt QoS Setting Click on Create a new QoS rule first Objects 67 IFW320 Industrial Firewall Appliance Add QoS Rule 05 Name Gos Policy Priority a 2 select Bandwidth Mode For Outgoing IP Smartt Gos w Interface User Down Speed User Up Speed LAN etha Min 256 kbps 1 102 400 Min 256 Kbps 11 102 400 E Max 11024 Kbps 1 102 400 Max 1024 Kbps 1 102 400 hin Kbps 1 102 400 Min Kbps 1 102 400 Hae 0 psg 400 O psg 400 Max 0 Kbps 1 102 400 Max 0 Kbps 1 102 400 Add QoS Name Enter any word for recognition Priority Configure the priority of distributing Upstream Downstream and unused bandwidth Bandwidth Mode lt offers three ways 1 By Policy 2 Inside Per Source IP It includes Smart QoS application 3 Outside Per Source IP Interface Display LAN and WAN User Down Speed Downstream Bandwidth Configure the Guaranteed Bandwidth and Maximum Bandwidth according to the bandwidth range you apply from ISP User Up Speed Upstream Bandwidth Configure the Guaranteed Bandwidth and Maximum Bandwidth according to the bandwidth range you apply from ISP Min Guaranteed Bandwidth Specify the minimum guaranteed amount of bandwidth Max Maximum Bandwidth Specify the maximum amount
130. ined y Service Port software Access Control None v Qos None v schedule None v URL Access Control None Y Authentication Bulletin Board None Y Max Concurrent Sessions for Each Source IP Address 0 IDP Botnet None Y Packet Tracing Traffic Analysis Firewall Protection SYN Attack ICMP Attack UDP Attack Port Scan 3 Setting Authentication Policy completed you can see the following figure LAN to WAN Policy 1 1 No Policy Name Source Destination Services Action On Off Edit Del Log Inside_Any Outside_Any ANY O F groupN Outside_Any EE FB Mail Server Prc Inside_Any Outside_Any EM i s JB Working Inside_Any Outside_Any E QoS Inside_Any Outside_Any gt ANY Y URL block Inside_Any Outside_Any MI Web block Inside_Any Outside An ANY Inside_Any Outside_Any gt FB dx agaj aj aj al lt 4 lt 4 a N N N N Net Access testgroup 4 Let s login Ak AXIOMTEK Your IP is Account victest P asswor d h n o login 91 IFW320 Industrial Firewall Appliance 6 9 5 AD User Select Objects gt Authentication gt AD User Enter your AD server information and click ON SomectTest first to make sure whether it is correct or not Then click on Esave AD Setting AD Address Domain Marne Account Password Ignore the 40 Group Ignore the AD User 6 9 6 Log Connect Tost bumuzemar dds maximum 16 characters maximum 16 characters Domain Computers Domai
131. ing table lets the kernel know which block of IP addresses it can find behind which interface Most of the lines which you see in the output contain information about your local networks But since you need the firewall to have connections to the Internet which in fact are all destinations with IP addresses which are not directly known to the kernel an entry which sends all packets to a specific IP address in hope that host knows more about the delivery is needed That specific host is called default gateway In the Routing section you can enable the following lists 4 3 1 Routing Table Select Network gt Routing gt Routing Table Click on 444 to create a new routing table Add Route Comment LAN Destination IF 192 168 26 0 EX 10 10 10 1 Metmask 255 255 255 0 LEA lt 259 255 255 0 Gateway 192 168 1 14 EX 10 10 10 254 Interface LAM Y Add Comment Enter any word for recognition Destination IP Enter an IP address Netmask Enter a Netmask Gateway Enter a Gateway For example A leased line connects Company A s Router 1 10 10 10 1 with Company Example B s Router 2 10 10 10 2 Company A Connect WAN port 1 61 11 11 11 to ATUR Connect WAN port 2 211 22 22 22 to ATUR LAN subnet ranges 192 168 1 1 24 The LAN subnet that Router 1 10 10 10 1 RIPv2 supported connected to ranges from 192 168 10 1 24 Company B The LAN subnet that Router 2 10 10 10 2 RIPv2 supported connected to ranges fr
132. ising several addresses Simply by applying the address group to a policy the IT administrator may easily manage a group of users with merely one policy In this section you can enable the following lists 6 1 1 LAN IP Address Select Objects gt Address Table gt LAN IP Address Add Computer Name and IP Address Computer Name victoria IF Address 192 165 1 111 Ex 192 168 185 0 40 61 86 B6 fc ff Ex 00 00 00 00 00 00 Get Mac MAC Address set physical address to ARP table Mode IP and MAC Address Y Set static IP address from DHCP Server W Add Select IP Mode It offers two modes 1 IPv4 Mode 2 IPv6 Mode Objects 57 IFW320 Industrial Firewall Appliance 98 Computer Name IP and MAC Address It is recommended to configure some desirable address names within Address first so that they are ready to use for the Source Address or Destination Address setting of a policy In addition you may click on 4ss to add or create an entry Click on Create one LAN IP address first Mode Settings 1 Only set the IP address 2 Set IP and MAC address Get static IP address from DHCP Server Select static or dynamic IP address Setting LAN IP Address completed In addition select WIcheckbox and click on 444 to create a new sub content Ett to modify contents or to cancel list Select IP Mode Pw4 Y Advance IP Address List 171 Computer Name IF Address MAC Address DHCP Grou
133. ist The system administrator and IT administrator can use Schedule to set up the device to carry out the connection of Policy or VPN during several different time divisions automatically Select Objects gt Schedule gt Schedule List Objects 65 IFW320 Industrial Firewall Appliance Add Schedule schedule Mame Working setting Mode Mode 1 Mode 2 sunday Disable All day start Time 00 00 End Time 00 00 Monday Disable All day start Time 00 00 End Time 00 00 Tuesday Disable e All day Start Time 00 00 End Time 00 00 Wednesday Disable All day start Time 00 00 End Time 00 00 Thursday Disable e All day Start Time 00 00 End Time 00 00 Friday Disable All day start Time 00 00 End Time 00 00 Saturday Disable All day Start Time 00 00 End Time 00 00 Add Click on 4 2 Click on 4 4 to create a new Schedule rule first Schedule Name Enter some words for recognition Then set your time schedule Setting Schedule List completed In addition select lWicheckbox and click on 444 to create a new sub content Ett to modify contents or to cancel list Schedule List 11 Mark Schedule Name Sunday Monday Tuesday Wednesday Thursday Friday Saturday Working O i iw 8 9 a dd FEdit X Del o Pass 3 Disable 66 Objects IFW320 Industrial Firewall Appliance gt Here is an example showing how Schedule List is used Select Policy gt LAN Policy or WAN Polic
134. klist Enter the complete domain name or key word of the website lt is restricted specific website whether user surf Internet or not however it depends on what you select on List Mode gt For example www kcg gov tw kh google com gov or google Example IP Blacklist Enter the complete IP address It is restricted specific website whether user surf Internet or not however it depends on what you select on List Mode Setting URL List completed In addition select Mark tick box and click on 4 to create a new sub content to modify contents or to cancel list BW List Setting 111 Name List Mode Match Mode Other Action test URL 2 5 Fuzzy y ddd Objects 73 IFW320 Industrial Firewall Appliance 6 6 2 URL Settings Select Objects gt URL Filter gt URL Settings Then click on 4 Setting Group Mame test Create block warning message Y Warning message TNT Warming subject Access Denied Access to the page has been Warming content denied because the following Y page is blacklisted P List Select test URL 2 Add Group Name Enter any words for recognition Create block warning message Users can create their own block warning message if this checkbox is selected o yahoo com AnS Le E y Getting Started Latest Headlines jj 25 Access to the page has been denied because the following page is blacklisted List Select Pick an item that you previously added in List settings
135. l Firewall Appliance Chapter 8 Advanced Protection An advanced protection of IFW320 CO Defense SNMP is used in network management systems to monitor network attached devices for conditions that warrant administrative attention When anomalous flow occurs it will be blocked and the administrator will be notified and assisted to this abnormal situation Defects can be known on which computer and which switch port at the earliest possible time which prevents business network from failure IFW320 Co Defense makes network management fairly easy because it does not need any change from network structure habits of individual user buying expensive Switch with Layer 2 and extra detecting appliances In the Advanced Protection chapter you can enable the following lists e Anomaly IP Analysis e Switch Management e Internal Protection 8 1 Anomaly IP Analysis 8 1 1 Log Anomaly Select Advanced Protection gt Anomaly IP Analysis gt Log Anomaly Inside to Outside Anomaly EJ Connection session exceeds 100 and continues 1 40 seconds Upload flow exceeds 512 Kbps and continues 120 seconds Download flaw exceeds 1024 kbps and continues 1 40 seconds Outside to Inside Anomaly E Connection session exceeds 100 and continues 1 20 seconds Upload flaw exceeds 512 Kbps and continues 120 seconds Download flaw exceeds 1024 Kbps and continues 120 seconds El save Outgoing Anomaly 1 Session exceeds 100 and continues 120 seconds default
136. last page 11 2 PPTP Server This section shows you how to set VPN PPTP server Uses the IP address and the scope option needs to match the far end PP TP server lts goal is to use the PPTP channel technology to establish Site to Site VPN This function gives the meaning of equally good results obtained from other methods besides IPSec In this section you can enable the following lists VPN 151 IFW320 Industrial Firewall Appliance 152 11 2 1 PPTP Server Enabling IFW320 PPTP Server allows remote user to use PPTP dial up software to establish encrypted VPN connection Select VPN gt PPTP Server gt PPTP Server PPTP Server Enabled Compression e Encryption Internet Access over PPTP Client IP Address otart End 10 10 10 50 Ed The First ONS Server 166 95 1 1 The Second ONS Server 139 175 10 20 The First WINS Server The Second IMS Server El have Enabled Select Enabled tick box to start VPN PPTP function Or otherwise if not selected it will be disabled Enable Compression amp Encryption Select Enabled tick box to start compression and encryption Or otherwise if not selected it will be disabled Internet Access over PPTP Select tick box to enable user who pass through Internet by VPN PPTP or otherwise it means that PPTP Server is disabled Client IP Address Start End The range of IP address for clients using PPTP connection The first DNS Server The IP address of the DNS serv
137. lock Inside_Any Outside_Any 53 Group Name Regulatory Content Instant Messaging Client test blocking Game Others 6 6 URL Filter URL Filtering URLF is widely used for parental control compliance and productivity In schools for instance URLF is used to help deter exposure to inappropriate websites such as pornography nudity aggressive sites etc In offices URL filtering is especially an indispensable tool for web security policy According to research company employees spend a significant proportion of their time surfing non work related web during working hours In addition to productivity network latency is also an issue when employees surf unnecessary websites or download bandwidth intensive files The greater concern is the threat caused from malicious applications or malware while surfing some illegitimate or inappropriate websites In this URL List section you can enable the following lists 72 Objects IFW320 Industrial Firewall Appliance 6 6 1 List Settings Select Objects gt URL Filter gt List Settings Click on Basic Setting Name test URL 2 List Mode Blacklist Whitelist Create Blacklist Match Mode Exact Fuzzy google URL Blacklist yahoo youtube e IF Blacklist Other Setting Use Other Setting No Other Setting El Save Name Enter any words for recognition List Mode Select for Blacklist or Whitelist Match Mode There are two ways Exact and Fuzzy URL Blac
138. lock Oo second s Range 10 65536 UDP Attack Detection Setting Allow maximum flow 10000 Packet Second s Range 1000 1 0000 Allow maximum flow for each source IF 1100 Packet Second s Range 10 10000 Flow greater than maximum block 60 second s Range 10 65536 SYN Attack Detection Setting SYN Flood is a popular attack way DoS and DDoS are TCP protocol Hackers like using this method to make a counterfeit of connection and the CPU memory and so on resources are consumed ICMP Attack Detection Setting ICMP is kind of a pack of TCP IP its important function is for transfer simple signal on the Internet There are two normal attack ways which hackers like to use Ping of Death and Smurf attack UDP Attack Detection Setting Hackers use UDP Protocol to make a counterfeit of connection and the CPU memory and so on resources are consumed Source IP address block ex 192 168 0 1 Destination IP address block 4 8x 192 168 0 1 Other tems Block IP Options Block Land Attack Block Smurf Attack Block Trace Route Block Fraggle JDP broadcast Block Tear Drop Attack Block ICMP Fragment Attack Block Ping of Death Attack Block TCP Flags Block SYN Fragment Packet Detect Unknown protocol packet Save 80 Objects IFW320 Industrial Firewall Appliance Source IP address block Please enter source IP address that needs to be blocked Destination IP address block Please enter destination IP address that needs t
139. low Direction There are two selections Default setting is Outgoing 1 Outgoing 2 InComing Connection select the computer IP Address Top Flow Search select how many lists would be shown Default setting is 10 Click on search And you will see search result If you want to know which service port the IP address is connecting to select the rectangular form to show Top N Search details Then you will see a figure as given below a IP 192 168 5 34 Type Outgoing Service Up Flow kbytes Percentage Down Flow kbytes Percentage Record FTP 1 011 40 3 1 493 16 lt 1 DNS 1 12 lt 1 3 18 lt 1 HTTP 5 047 43 14 92 152 68 25 HTTPS 5 322 36 15 16 945 72 5 other 24 773 51 69 257 228 50 70 Log 180 Status
140. ly access multiple network services The site is called a portal because it is one door a single page that leads to many other resources The remote user accesses the SSL VPN gateway using any modern web browser identifies himself or she to the gateway using an authentication method supported by the gateway and is then presented with a web page that acts as the portal to the other services 2 SSL Tunnel VPN This type of SSL VPN allows a web browser to securely access multiple network services including applications and protocols that are not web based through a tunnel that is running under SSL SSL tunnel VPNs require that the web browser be able to handle active content which allows them to provide functionality that is not accessible to SSL portal VPNs In this SSL VPN chapter you can enable the following lists e SSL VPN Setting e SSL VPN Log e VPN Policy SSL VPN 139 IFW320 Industrial Firewall Appliance 10 1 SSL VPN Setting 10 1 1 SSL VPN Setup Users have to click on Modify the Server Setting link to modify SSL VPN settings In addition users must select Start because default setting is Stop Note that system will cancel all certificates after modification except service status Please re generate certificate and download again Server Setting Modify the Server Setting Note System will cancel all certificates after modification except service status Please Re generate certificate and download a
141. ly needs to Caution determine the necessary protocol and port number for each Internet service and then the client will be able to access different services In this section you can enable the following lists 6 2 1 Basic Service Select Objects gt Services gt Basic Service The symbol and its description are shown in figure below Basic Service and Port Ed ANY ANY AFPoverTCP 548 AOL 5190 BGP 179 EH ONS 63 FTP 21 Finger 73 GNUTella 6346 Gopher 70 H323 NetMeeting 1720 HTTP 80 HTTPS 443 ICQ 4000 EH IKE 500 IMAP over SSL 993 IMAP 143 Ident 113 L2TP 1701 LDAP Admin 3407 LDAP over SSL 636 LDAP 389 MSN Messenger 1863 NNTP 119 EHA NTP 123 NTTP over SSL 563 POP 109 POP3 over SSL 995 POP3 110 PPTP 1723 DHJ RIP 520 RLOGIN 513 Real Audio 7070 SFTP 115 SMTP over SSL 465 SMTP 25 EAJ SNMP 161 SSH 22 EH SYSLOG 514 E TFTP 69 Telnet 23 Ku Terminal 3389 ME UUCP 540 EY VNC 6900 HEN vas 210 WINFRAME 1494 Yahoo 5050 62 Objects IFW320 Industrial Firewall Appliance Protocol The protocol used for communication between two devices TCP and UDP are the two most frequently seen protocols among others 1 ELA Any Service 2 J Services using TCP protocol Gopher ICQ Ident LDAP NTTP over SSL PPTP SFTP SSH Terminal WINFRAME AFPoverTCP FTP H323 NetMeeting L2TP MSN Messenger POP2 SMTP over SSL Yahoo AOL Finger HTTP IMAP over S
142. me Regulatory Content test blocking Instant Messaging Client Game Others Add Edit X Del Objects 71 IFW320 Industrial Firewall Appliance gt Here is an example showing how Application Control List is used Example 1 Select Policy gt LAN Policy Then select the function you need on the right side Here we use LAN to WAN as example Click on first 2 Set Action to Drop and then set Software Access Control to test blocking which you previously selected in section 6 5 Application Control Basic Setting Policy Name Source Inside_Any Y IP Address MAC Address Destination Outside_Any Y IP Address Action Policy Protocol ALL v Service Port or Group User Defined Y Service Port software Access Control noe locking y schedule URL Access Control None Authentication None Bulletin Board None Max Concurrent Sessions for Each Source IP Address 0 IDP Botnet None Y Packet Tracing Traffic Analysis Firewall Protection SYN Attack ICMP Attack UDP Attack Port Scan 3 Setting Application Control completed refer to the following figure LAN to WAN Policy 141 No Policy Name Source Destination Services Action On Off Policy Edit Del Log 17 Inside_Any Outside_Any Wu Q 8 TEA groupN Outside _Any 8 3 Y MailServer Pre Inside_Any Outside_Any Mei gt gt Fa 4Y Working Inside _Any Outside _Any O gt 8 SEF QoS Inside_Any Outside_Any gt gt gt 6 URLb
143. n sssssssseseeessscsssscccccses f O 0 AAA A A epee se ete eee 1 2 SPecinications cnc aa 2 LS A 08 JU 4 CA e Po A O 5 14 DIN Ral MOUNUWING EE a E a iaccaa 6 Chapter 2 Getting Started cccoccocoococonnonoononnmmnnnnnnnaa Z 2 1 Basic System Configuration ccoonncccnncccccnnnencnnnenancnenannnenancnenannnenanannns 7 2 1 1 Connect to Hardware and Software cccccccoconccnncccconcnoncncnoncnnnononanennnononanenos 7 2 1 2 Account and Password Default Setting oocccocccoconcnnnoconancnnnononanennnoss 7 2 1 3 Detquit anguila lead ici 8 22 Staring Machine Ub cria 8 2 2 1 ESP tt apc E E A 9 2 2 2 WAN A seat r a E 10 2 3 Homepage Information ccooccconnconcconoccnnnconononanenannnnnrnnarenanrnnnrnnanenanens 12 2 3 1 STD A ats tidad nd tasado 12 23 2 MENU ce ere ee 12 2 3 3 System Time and System RESOUICE coocccccccccncccnccccnoncnnncnnnanennnnonannennnnonanonns 12 2 3 4 System Information and Server Service oocccccccconccnnncoconncnnnccconnnnnnnnnnnnnns 12 2 3 9 Administrator Log initial ie cintia 13 2 3 6 Ac A 13 Chapter 3 ConfiguratiOn 2222 5 19 Sk DUCE TIMO io 15 3 1 1 SeN Rater ero a o ent II me ee ee eee 16 32 AGMINA nani 17 3 2 1 Administrator tdt diaice 17 3 2 2 A e ten geo 19 3 2 3 PAO GKE SS curo neos 21 3 3 3 4 3 5 3 6 3 7 3 8 3 9 3 2 4 clear Daea IS 21 3 2 5 SMTP SOV ean a 22 SV SCO IN sree ican res eeesc acerca eteneterehcce
144. n Controllers Schema Admins Enterprise Admins T Domain Admins Administrator GUEST El Save This function accords with previous sections such as Authentication Settings Local Users and User Group sections If the user has login the records will be shown Authentication Log Search Condition Time Login IP Address Account status Authentication Method 92 2014 11 12 00 00 2014 11 12 a 23 59 Y Keyword query ALL ALL T Search Objects IFW320 Industrial Firewall Appliance 6 9 7 Status It shows the users who are on the Internet at present You can click on Kick link to kick out the user or user group for not letting them to use the Internet 0 4 maomrex Your IP is Account wictest Password 192 168 1 118 6 10 Bulletin Board In a workplace environment bulletin boards can save time promote productivity and efficiency The bulletin board offered as part of a company s internal extranet communication systems saves people the hassle of sorting through superfluous emails that aren t work related Instead assignments memos and messages from clients can be posted on the company s bulletin board Bulletin Board and Authentication cannot be used together Caution Objects 93 IFW320 Industrial Firewall Appliance 6 10 1 Bulletin Setting Select Objects gt Bulletin Board gt Bulletin setting Click on 4 to add new bulletin board Add Group Group M
145. n teneceriee gen iohcee aetna eenteee 25 3 3 1 System Backup ccccccssscecceeseeccceseecceseecceseeecsegeeecseuseeeseueeeesseseeeesageees 25 3 3 2 Schedule Back io raras sdctn ae 25 3 3 3 Firmware UNOS aiii 26 Language ssir 27 INO UNI AUIO M orn donee ca saenedesndesndescdesedenecenessnesenedeecdsendensanests 27 3 5 1 Noticas real 27 3 5 2 Ealo ENE E A E A sematanae A A T 28 Backup amp Mount asnasnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnmnnn 30 3 6 1 Data Backs a iaa 30 3 6 2 pata MO Lua ea ia 31 Signature Udala 32 3 7 1 Signature Updates iia rai 32 INNS OC O cece cee 32 3 8 1 CONS SS SUI hea oes oe re cera cies tade cca e cae AS 33 S9LPrOOf ii 34 3 9 1 SOL POS dai S 35 Chapter 4 NetworK s OF 4 1 4 2 4 3 4 4 MRO PAG nnion aa 37 4 1 1 LAN aa a nates 39 4 1 2 WAN arado 42 INterace IP VO ia 44 4 2 1 MAN 44 4 2 2 WAN aida 45 4 2 3 DNS Se Wear id bas 45 AQUINO O delas 46 4 3 1 A veccinr sto ecareieo ahcce a ala aaah cs anatase 46 4 3 2 LOW AANIC THOUNNG ssc A 47 4 3 3 IPVO ROUINO Tale ct a a E 47 SO TO ce eee ee eee eee 48 4 4 1 802 1 IEPS ERE TI NO 48 Chapter 5 5 PoliCycccccccccccooonoom Dd 9 1 LAN Policy and WAN POLICY ooccocccconcconcconocconcconoconoronancnnnnnnarenanenannns 53 Chapter 6 Objects csscsssssssennseenneeesseesennesneeeessees OF 6 1 vill Address Table ccccccccccecccccnccncencencenceccece
146. ncencenennennennennencenseneenennennens 57 6 1 1 INN 57 6 2 6 3 6 4 6 5 6 6 6 7 6 8 6 9 6 10 6 1 2 LAN CA OUID aran 58 6 1 3 WAN EAS Stnconsaams esa IR SO TT O 61 6 1 4 A iierahictaaiasansacnanntcaantentinaaiie na sinddasaat coun cu iestaanaimamcniisnianioumantaansanhi 62 SVC CS rae ae ee ee ee ce ee ae Sek ek ae 62 6 2 1 clan A A 62 6 2 2 Sence Col OUD esca aos 63 A 65 6 3 1 SCHECUIS ii as 65 QOS RA AA 67 6 4 1 DIS elingis a daens ars A ee 67 ADDICA MON CONT go rn a 69 6 5 1 1 A a ne re ee nae ae rege ee 69 A A nnn 72 6 6 1 ISSN Siro 73 6 6 2 O are are oe Oe Ce ne ois mee er 74 6 6 3 OMS SUING S sete siaasee tease gare is 75 Virtual Server scdcsc cc cccese ce ccrc nese cccecccecccs ic 76 6 7 1 AS A A a gence as eats et seen A en 76 6 7 2 Nolla y An E 79 FITO Wal ProOTO CHO Nerea 80 6 8 1 Sus cl A 80 6 8 2 PACK A PP oeecpesseeteten eo eace sp tans wiveacac ee tehesaanceeeeest 81 AU TRhentICAa ON escri a 81 6 9 1 AUN SENG ORO E PU Oo OA iaaa Aaa iiia 82 6 9 2 Er SA Seas aes beers oat Naat cn a a oa amas WER Se 84 6 9 3 POPS RADIUS US asian t 85 6 9 4 User GOUD serra 87 6 9 5 ADUSE aa a a a a O a tres 92 6 9 6 o A O E E O EY 92 6 9 7 A EE A A e e e a ad ao 93 BS UPA sO Al Ch e ei i ocos 93 6 10 1 A inet terterndmited save uatnman saniaunvncaniain 94 6 10 2 Has Read the Bulletin BOard c cccccccececcecececccecececcceccececscucaesecscenaeners 97 Chapter 7 Network ServiceS sssseennnnnseeee
147. nd is given an IP address by your ISP it must tell the DDNS server this IP address When a client machine wishes to connect to your server it will resolve the address by asking the DDNS server which will answer with the latest value If this is up to date then the client will be able to contact your server assuming your firewall rules allow this EFW makes the process of keeping your DDNS address up to date easier by providing automatic updates for many of the DDNS providers In this section you can enable the following lists 7 2 1 DDNS Server Dynamic DNS provider includes a service that allows assigning a globally available domain name to IP addresses This works even with addresses that are changing dynamically such as those offered by residential ADSL connections For this to work each time the IP address changes the update must be actively propagated to the Dynamic DNS provider Select Network Services gt DDNS gt DDNS Server Click on 4 to create a new one Add Host senice Provider dhs arg Hostname IFYY320 dhs org Wan WAN Y Account FP Password mn show Password Comment IF DAS Enabled e Add Service Provider Choose the DDNS provider Hostname The hostname and domain as registered with your DDNS provider gt For instance Axiomtek and dhs org Example WAN Select the WAN interface that the domain name corresponds to Network Services 101 IFW320 Industrial Firewall Appliance Account
148. nd place all electronic components in any static shielded devices Most electronic components are sensitive to static electrical charge 2 Disconnect the power cord from the IFW320 Series before making any installation Be sure both the system and the external devices are turned OFF Sudden surge of power could ruin sensitive components Make sure the IFW320 Series is properly grounded 3 Make sure the voltage of the power source is correct before connecting the equipment to the power outlet 4 Turn OFF the system power before cleaning Clean the system using a cloth only Do not spray any liquid cleaner directly onto the screen 5 Do not leave this equipment in an uncontrolled environment where the storage temperature is below 45 C or above 85 C It may damage the equipment 6 Do not open the system s back cover If opening the cover for maintenance is a must only a trained technician is allowed to do so Integrated circuits on computer boards are sensitive to static electricity To avoid damaging chips from electrostatic discharge observe the following precautions Before handling a board or integrated circuit touch an unpainted portion of the system unit chassis for a few seconds This will help to discharge any static electricity on your body When handling boards and components wear a wrist grounding strap available from most electronic component stores Classification Degree of production against electric shock
149. nesses ec daea Eea daaa aa daas aieiai 131 9 2 1 IDP LOG oeoa a a a eee ee eet cae eee eran 131 9 2 2 DS 131 B tNet ocurrio cc 133 9 3 1 Operator Modena aaa 135 9 3 2 BOINE Filter oct il owed 135 BOINCT LOQ oso 136 9 4 1 Today BOINETL OG iaa 136 9 4 2 BOUNCE LOG Sed O esera idos 137 Chapter 10 SSL VPN ssus00200200200200 139 10 1 SSL VPN Setting srn Ei 140 10 1 1 LV PIN SOUD en a Sas dahstioh Setanta Gatto haebaouen eae nneuarand 140 10 1 2 O este sessile ere eee eee eee eed 141 102 SOLVPN LOG seri 145 10 2 1 SSL Client On Line Lograr 145 ICE A e 145 Chapter t VPN VAT Tal WPSOC TUN Olot 147 11 1 1 SA A ci ers bee ete dona 147 11 1 2 Add IPSec TUNG iii 151 112 PPIP SON VC bceve cece cene se vccenc sone cere cevesevecencsreeacecacweceneseweceresesenewcaceeacwsatee 151 11 2 1 Re cal matte 2 BV gt Gee ne eee ee cn a Cee a eee ae ee nen eee ne nee ee eee 152 11 2 2 PAG RCC OI secs secre EEEE E AEE E N AE NEA esas 153 11 2 3 Fe Fe bs ar EOE SL e EE A Elo O 154 Ss PPIE Clie ent a OA 155 11 3 1 RR E A secunaseatenortsatcns 155 11 3 2 PP PAG HSE IS tar aa aa Mai anata duaahtnasteabantes 155 11 4 e 156 11 4 1 Internal to VPN and VPN to Internal c ccececececececceeececaenenenenes 156 Chapter 12 TOONS siii 199 121 CCOMMECTION TOS siii 159 12 1 1 A TO 159 12 1 2 O O A vat a 160 12 1 3 PINS OU Sie cetacean etn acetate E ete 161 12 1 4 Port acer 6 ee eee een
150. network switch plays an integral part in most modern Ethernet local area networks LANs Mid to large sized LANs contain a number of linked managed switches Small office home office SOHO applications typically use a single switch or an all purpose converged device such as a residential gateway to access small office home broadband services such as DSL or cable Internet In most of these cases the end user device contains a router and components that interface to the particular physical broadband technology User devices may also include a telephone interface for VolP 8 2 1 Click on Switch Setup A network switch or switching hub is a computer networking device that connects network segments Select Advanced Protection gt Switch Management gt Switch Setup Add to create a new switch 122 Advanced Protection IFW320 Industrial Firewall Appliance Add New Switch Interface Lan Switch Type Co defense SNMP Switch Model General SNMP Y Mame ML 9324 remarks testus24 IP Address 192 168 168 165 Port 44 SMMP Read Community public Connection Test SMMP Write Community private Connection Test Web Management a0 OOK Interface Choose which IFW320 interface your switch is connecting to Switch Type Choose what kinds of function you need 1 Co Defense Four models below are supported a AG 2824T b ML 9324 c ML 9308 d 3Com 4210 2 SNMP Switch Select what kind of switch you used a General SNMP Swi
151. nnected to the Master mode only through the management network Network Services 103 IFW320 Industrial Firewall Appliance Here is an example for your reference 1 First of all check the original network architecture Example Original Network all mt Noted HA must be two same model name Master LAN 192 168 1 102 FTP server Mail Server WEB Server UserA UserB UserC UserD 2 Install machines before starting HA Backup Master LAN IP 192 168 1 100 LAN IP 192 168 1 102 Network Services 104 IFW320 Industrial Firewall Appliance 3 Master settings Master LAN IP 192 168 1 102 O Enableit O MasterMode O ManagelP the same setting as Backup free IP with the same subnet between Master and Backup O Remote IP BackupLAN IP 192 168 1 100 Setup Enable Y Mode Master y Manage IP 192 168 1 101 Remote IP 192 168 1 100 4 Backup Settings LAN IP 192 168 1 100 O Enable it O Backup Mode O Manage P the same setting as Master free IP with the same subnet between master and backup O Remote IP MasterLAN IP 192 168 1 102 Setup Enable Y Mode Backup Manage IP 192 168 1 101 Remote IP 192 168 1 102 5 Settings for internal users LAN Internal Users Gateway IP 192 168 1 101 y 3 j Ll A gt lt UserA UserB UserC UserD Network Services 105 IFW320 Industrial Firewall Applianc
152. nsssssees DO 7 1 7 2 7 3 DO nian pts as nab dana serene E AT E E 99 7 1 1 LAN USO Saa taa onesie aes wd adtncle 99 7 1 2 LAN DHCP SCARY iii dci 100 7 1 3 A A A A A A A 100 DON Sind a se ae AT ETAT ee 101 7 2 1 DDNS Sener tacita a da ii cios 101 DNS Pron 102 7 4 7 5 7 6 7 3 1 General Selina aiii 103 High Availability ccccccscssssssssscssesesssescssesessseseeseversessseseversesneeseven 103 7 4 1 High AV dal tee a cack Soda veeap lp acetates tote 103 INM Pisa 109 7 5 1 A O NS 109 Remote Syslog Server cccsesseccsesseeeeeeseeseeeseeeeeesseeseenseeseesseeseenneees 110 7 6 1 Remote Connect Ud ie 110 Chapter8 Advanced Protection cccssssnnceceesees 117 8 1 8 2 8 3 ANOMALY IP Analysis sciciaconecanonicancranionncnadcnanadaala nada nono anacnan s 117 8 1 1 LOG ANO Visado 117 8 1 2 NO THY AMIOIIGNY caia 118 8 1 3 BIOCKANOMA Viridiana 120 8 1 4 Trusted Pai A its 121 8 1 5 Anomaly LO id 121 8 1 6 o A A PP cabence ashen cinta musta aca cnet eum enanieeie erate aencoonaraey 122 SWITCH M nage MEN isis cocinada 122 8 2 1 Ss A chara seaya gin aca aeheees 122 INTER Mal Protect Missodinisdinindinio dina 125 8 3 1 POONA Sel tal at tods 125 8 3 2 ARP SOOONINO ELO i 126 8 3 3 MAG COSIN LOG 0 e 127 8 3 4 PEA IL e 127 8 3 5 Ls A A eee Pee 128 Chapter9 IDP amp BotNet o oococcccccccoccoooooooooonnnnnnnnnmmmaa 129 9 1 9 2 9 3 9 4 IDP Selina nl ii 129 9 1 1 Basic DEMING ni idad 129 A
153. o be blocked Other Items In addition to SYN attack detection ICMP attack detection and UDP attack detection IT administrators can check to choose from various detections provided 6 8 2 Attack Log Select Objects gt Firewall Protection gt Attack Log You can see all of attack detection records which go through IFW320 machine see figure below Search Condition Time 2014 11 12 00 00 F 2014 11 12 23 59 Type All Attacker IP Victim IP search 1 0 Time Type Protocol Port Interface Attacker IP Victim IP 2013 09 10 14 03 31 UDP Attack 137 WAN1 192 168 1 15 192 168 1 255 2013 09 10 14 03 31 UDP Attack 137 WAN 192 168 1 15 192 168 1 255 2013 09 10 14 03 31 UDP Attack 137 WAN 192 168 1 15 192 168 1 255 2013 09 10 14 03 31 UDP Attack 137 WANA1 192 168 1 15 192 168 1 255 2013 09 10 14 03 31 UDP Attack 137 WAN1 192 168 1 15 192 168 1 255 2013 09 10 14 03 31 UDP Attack 137 WAN1 192 168 1 15 192 168 1 255 2013 09 10 14 03 31 UDP Attack 137 WAN1 192 168 1 15 192 168 1 255 2013 09 10 14 03 31 UDP Attack 137 WAN1 192 168 1 15 192 168 1 255 2013 09 10 14 03 31 UDP Attack 137 WAN1 192 168 1 15 192 168 1 255 2013 09 10 14 03 31 UDP Attack au 137 WAN1 192 168 1 15 192 168 1 255 2013 09 10 14 03 31 UDP Attack UDP 137 WAN1 192 168 1 15 192 168 1 255 2013 09 10 14 03 31 UDP Attack UDP 137 WAN1 192 168 1 15 192 168 1 255 2013 09 10 14 03 31 UDP Attack UDP 137 WAN1 192 168 1 15 192 168 1 255 2013 09 10 14 03 31 UDP A
154. o clear more spaces of hard disk delete some records and logs which are not necessary by clicking on It is also possible to check all connections by clicking on the Select All pane Data Storing Time Notify Log 12 Month s _ Change Anomaly Flow Log 1 Month s Change Firewall Log 12 Y Month s Change IDF Log 12 Month s Change Botnet Log 12 Month s Change system Log 12 Month s Change Traffic Analysis Log 14 Day s Range 1 30 Change Data Storing Time Select numbers Otherwise enter how many days you want to keep logs Click Change buttons if you modify numbers 3 2 5 SMTP Server Select Configuration gt Administration gt SMTP Server Add SMTP Server sender Alias Customize Admin sender Mame victoriai axiomtek com tw Mail Server IP Address axiomtek com tw Account victoria Password nunn show Password Authentication a TLS Add Sender Name Enter your SMTP account or user name Mail Server IP Address Enter SMTP server address Account Enter your SMTP account or user name Password Enter account password Authentication Select it if your SMTP server needs an authentication to connect to 22 Configuration IFW320 Industrial Firewall Appliance TLS Select it if your SMTP server used TLS protocol Delivery Domain Name If Delivery Domain Name is the same as the domain of receiver the email will be sent from this SMTP s
155. o provides the IT administrator with detailed statistical reports and charts In this section it shows Top Flow List Top Flow List by Port and Top Flow Search 14 3 1 Top N Flow Select Status gt Flow Analysis gt Top N Flow Top N Flow Search Flow Direction All Outgoing Y Top N Flow a Statistics Period 2014 11 13 00 00 00 2014 11 13 11 21 24 Search 1 0 No Computer Name IP Address MAC Address Up Flow kbytes Down Flow kbytes Flow Direction There are two selections Default setting is OutBound 1 Outgoing 2 Incoming Top N Flow select how many lists would be shown Default setting is 10 Computer Name The computer s network identification name IP Address It shows the computer IP Address MAC Address The computer s network adapter identification number Up Flow kbytes The accumulation of upload flows 1 bytes 8 bits kilobytes 1 kilobytes 1024 bytes Down Flow kbytes The accumulation of download flows 1 bytes 8 bits kilobytes 1 kilobytes 1024 bytes If you want to know which service port the IP address is connecting to select the rectangular form to show Top N Flow details Then you will see a figure as given below a IP 192 168 5 34 Type Outgoing Service Up Flow kbytes Percentage Down Flow kbytes Percentage Record FTP 1 011 40 3 1 493 16 lt 1 DNS 1 12 lt 1 3 18 lt 1 HTTP 5 047 43 14 92 152 68 25 HTTPS 5 322 36 15 16 945 72 5 other 24 773 51 69 25
156. of bandwidth Setting QoS List completed In addition select WIcheckbox and click on 4 4 to create a new sub content iit to modify contents or to cancel list Bandwidth Can Be Allocated 50 Gl Save QoS List Tid Mark QoS Name Priority Bandwidth Mode Interface User Down Speed User Up Speed i l LAN 256Kbps 1024 Kbps 256 Kbps 1024 Kbps Gos Policy 2 Outgoing AN Add Edit X Del 68 Objects IFW320 Industrial Firewall Appliance gt Here is an example showing how QoS List is used Example 1 Select Policy gt LAN Policy or WAN Policy Then select the function you need on the right side Here we use LAN to WAN as example Click on Bebida first 2 Set Action to Permit and then set QoS to QoSPolicy Per Source IP which you have just selected in section 6 4 QoS Basic Setting Policy Name Source Inside_Any v IP Address MAC Address Destination Outside_Any Y IP Address Action Policy Protocol ALL Y Service Port or Group User Defined y Service Port Software Access Control None Y Qos None v one S E h e d u e NAAA N F E A QoS Policy Per Source IP URL Access Control Authentication None Y Bulletin Board None Y Max Concurrent Sessions for Each Source IP Address 0 IDP Botnet None Y Packet Tracing Traffic Analysis Firewall Protection SYN Attack ICMP Attack UDP Attack Port Scan Add 3 Setting QoS Policy completed refer to the following
157. olicies started from the priority1 will be the implementation of eligible project If you want to ban non control information into the internal network it will need to last a total of all the packets into the internal prohibited Policy Name Enter any word for recognition Source Address and Destination Source Address source network and Destination Address the destination network are for the observation points connect one end of the active source network address be connected to one end of the network address for the purpose of apart from the policy choices users can also directly enter the IP address and MAC address 1 Source IP address VPN_Any will be the representative of the external section of all VPN tunnels either with IPSec PPTP set up Site to Site or the establishment of a single PPTP Server dial up account are in line with the conditions The default IP address of the PPTP server will also be included in the default source IP address 2 The destination IP Address Inside_Any will be the representative of the external section of all VPN tunnels either with IPSec PPTP set up Site to Site or the establishment of a single PPTP Server dial up account are in line with the conditions The demand for network administrators can allow or deny specific VPN access other end of the incoming IP address communication services and even time The default access control rule is when the VPN is established both materials are free to c
158. olicy Name 11 12 16 16 50 admin 192 168 189 244 Network Services Remote Syslog Server gt Remote Connect Setup Save Enable 11 12 16 16 46 admin 192 168 189 244 Network Services Remote Syslog Server gt Remote ConnectSetup Save Enable Logs 171 IFW320 Industrial Firewall Appliance This page is intentionally left blank 172 Logs IFW320 Industrial Firewall Appliance Chapter 14 Status This function provides current information about the device and the network including addresses for LAN WAN subnet masks default gateways DNS etc as well as current network connection status and various other information In this Status chapter you can enable the following lists e Performance e Connection Status e Flow Analysis 14 1 Performance There are three parts System Status Interface Flow and History Status Performance section shows the utilization of CPU Usage Memory Usage and System Usage Besides downloading each interface s current resource and flow capacity it is also possible to inquire the historical capacity information 14 1 1 System Status Generally speaking system status shows graphs of resource usage It shows last 12 hours machine status Select Status gt Performance gt System Status There are three graphs CPU Usage Memory Usage and System Usage gt CPU Usage E Average of 1 Minutes CPU0 percent 1 o8 8 Ses 0400 06200 0800 1000 1200 1400 cpu0 Average 5 57 Hax 15 15 Min 340
159. om 192 168 20 1 24 46 Network IFW320 Industrial Firewall Appliance Setting Routing Table completed the network subnets of 192 168 20 1 24 and 192 168 1 1 24 now not only communicate with each other but as well use NAT mode to access the Internet In addition select Mark tick box and click on 4 to create a new sub content t to modify contents or to cancel list Figure below shows the Routing Table list Route List 11 Mark Comment Destination IP Netmask Gateway Interface VLAN 152 168 26 0 A a Il 152 168 1 14 LAN dd Edit XDel 4 3 2 Dynamic Routing Select Network gt Routing gt Routing Table Click on to save Dynamic Routing Check to choose LAN or WAN Dynamic routingRIPve Interface LAM LO WAR Update Period 30 seconds Range 30 3600 Timeout 150 seconds Range 30 3600 El Save 4 3 3 IPv6 Routing Table Select Network gt Routing gt Routing Table Click on 444 to add IPv6 Routing Table The IPV6 Routing Table is set in the same way as Routing Table section Add Route Comment IPvb IP and Mask dj IPB Gateway Interface LAN Y Add Network 47 IFW320 Industrial Firewall Appliance 4 4 802 10 IEEE 802 10 is the networking standard that supports Virtual LANs VLANs on an Ethernet network The standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames The IEEE s
160. ommunicate with each other to exchange unless prohibited it from incoming VPN controls SSL VPN 145 IFW320 Industrial Firewall Appliance Action It offers two movements 1 ACCEPT means any meet the Policy of the packet will be released 2 Drop means discarded Protocol The protocol used for communication between two devices TCP and UDP are the two most frequently seen protocols among others Service group Port or Group With service groups the administrator in setting policy can simplify many processes gt For example there are ten different IP addresses on the server can access five different services such as HTTP FTP SMTP POP3 and TELNET If you do not use Example the service group functions you need to develop a total of 10x5 50 policies But with the use of service group functions you only need a policy to achieve the function of 50 QoS Select Objects gt QoS Then the VPN policy set the maximum bandwidth and rate bandwidth Bandwidth is consistent with the policy of the user to share Schedule Select Objects gt Schedule Then set your schedule time Packet tracing Select Packet tracing tick box to start function It records all packets passing through VPN tunnel Traffic Analysis Select Traffic Analysis tick box to start function 146 SSL VPN IFW320 Industrial Firewall Appliance Chapter 11 VPN To obtain a private and secure network link the IFW320 is capable of establishing
161. on 10 2011 02 08 15 37 50 192 168 1 117 Block Outgoing Session 332 2011 02 08 15 37 50 192 168 1 117 Notify Outgoing Session 332 12s 2011 02 08 15 37 50 192 168 1 117 Log Outgoing Session 332 12s 2011 02 08 15 36 50 192 168 1 117 Notify Outgoing Session 393 12s 2011 02 08 15 36 50 192 168 1 117 Log Outgoing Session 393 12s 2011 02 08 15 35 50 192 168 1 117 Log Outgoing Session 12s 2011 02 08 15 35 50 192 168 1 117 Notify Outgoing Session 2011 02 08 14 54 10 192 168 1 117 Log Outgoing Session 2011 02 08 14 53 10 192 168 1 117 Log Outgoing Session 2011 02 08 14 52 09 192 168 1 117 Notify Outgoing Session 2011 02 08 14 52 09 192 168 1 117 Log Outgoing Session 2011 02 08 14 51 09 192 168 1 117 Notify Outgoing Session 2011 02 08 14 51 09 192 168 1 117 Log Outgoing Session 2011 02 08 14 50 09 192 168 1 117 Notify Outgoing Session a a a a a a a a a a a a a a a o m Ea ca lea 3 a ea e lea e 2 m ea ie ale Advanced Protection 121 IFW320 Industrial Firewall Appliance Anomaly log http 192 168 1 161 Program Services AnomalyLog php fileName 192 168 1 117 1297150729 gt Record Protocol tcp tcp udp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp tcp ton 8 1 6 Source IP 192 168 1 117 192 168 1 117 192 168 1 117 192 168 1 117 192 168 1 117 192 168 1 117 192 168 1 117 192 168 1 117 192 168 1 117 192 168 1 117 192 168 1 117 192 168 1 117 192 168 1 117 192 168 1 117 1
162. on you can enable the following lists 7 1 1 LAN User List Select Network Services gt DHCP gt LAN User List LAN Info Physical Interface eth0 MAC Address 00 0d 48 32 50 95 IP Address 192 168 1 1 24 Broadcast 192 168 1 255 a DHCP Server Setting Start Address of IP Range 1 192 168 1 2 End Address of IP Range 1 192 168 1 200 Start Address of IP Range 2 End Address of IP Range 2 Primary DNS 168 95 1 1 Secondary DNS 168 95 192 1 Primary WINS Secondary WINS Lease time minu tes 3600 Max lease time minutes 3600 Default Gateway 192 168 1 1 Enabled v Domain Name internal example org E Sa Network Services 99 IFW320 Industrial Firewall Appliance 7 1 2 LAN DHCP Server Select Network Services gt DHCP gt LAN DHCP Server LAN Info Physical Interface eth MAC Address 00 0d 48 34 b6ba a3 IP Address 192 168 1124 Broadcast 192 168 1 255 DHCP Server Setting Start Address of IP Range 1 192 168 1 2 End Address of IP Range 1 192 168 1 100 Start Address of IP Range 2 End Address of IP Range 2 Primary DMS 168 95 1 1 secondary ONS 168 95 192 1 Primary VIM Secondary vs Lease timetminutes 3600 hax lease timetminutes 3600 Default Gateway 192 168 1 1 Enabled Domain Mame internal example org Olave Start End address of IP Range 1 and 2 Specify the range of addresses to be handed out These addresses have to be within the subnet that has been assigned to the corresponding zone Primary Secondary DNS This speci
163. ot be blocked If direct blocking is necessary please enable Inline mode applied with policy and Botnet Filter Setting Operation Mode Enabled Operation Mode Sniffer Inline Inline mode has to be used with policy Packet filter quantity Level 1 100 packets Y Level 1 100 packets Level 2 200 packets El Save Level 3 400 packets Level 4 800 packets Level 5 1600 packets All 9 3 2 BotNet Filter Setting Select IDP amp BotNet gt BotNet Setting gt BotNet Filter Setting BotNet traffic filtering have been classified into 2 modes basic and advanced In the basic mode signatures are organized into 3 levels High risk medium risk and low risk Administrators can check to activate log or blocking according to business needs Ps Sniffer Mode cannot enable blocking Botnet Filter Setting Mode Basic Mode Advance Mode Risk Level Log High Risk 1597 Medium Risk 1816 Low Risk 6073 IDP BotNet 135 IFW320 Industrial Firewall Appliance In the advanced mode Administrators can check to activate log or blocking according to business needs based on various signature categories Ps Sniffer Mode cannot enable blocking Add Botnet Group Name Mode Basic Mode Advance Mode Classification Log Block a Antiigi E ONS 52 ET DROP 226 ET MALYVARE S03 ET TROJAN T5177 l ET VIRUS 23 Fsecure 1b Kaspersky 2061 Malware 20 Microsof
164. our If forgery is discovered it will be blocked instantly Administrators can also setup trusted MAC list Linked abnormal IP block list Port Close The switch port will shut down once IP address exceeds the set values Linked Botnet Port Close If the BotNet attacks exceed the set value times minute protection will be enabled And the switch port will shut down once IP address exceeds the set values Notify Item When events mentioned above occur an email will send out to notify the administrator Notify items included Linked abnormal IP block BotNet Port blocking linked ARP Protection IP collision and MAC collision 8 3 2 ARP Spoofing Log ARP Spoofing Log contains time IP address MAC address Event Co Defense Switch Status and Action It splits the attackers and the victims allowing administrators to trouble shoot with efficient Select Advanced Protection gt Internal Protection gt ARP Spoofing Log gt search arp list IP Address Event T Status v O Search ARP Spoofing Log 1 274 1 gt Time IP Address Mac Address Event Co Defense Switch Status Action 2014 11 12 16 30 18 192 168 188 2 bO a8 6e 0715 81 Exceed ARP spoofing alert value EX2200 3 In Progress 2014 11 12 16 30 18 192 168 188 2 b0 a8 6e 0115 81 Exceed ARP spoofing alert value 2200 1 End 2014 11 12 16 30 18 2014 11 12 16 26 58 192 168 188 2 b0 a8 6e 0715 81 Exceed ARP spoofing alert value EX2200 3 End 2014 11 12 16 30 18 2014 11 12 16 02 58 192
165. p Name victoria 152 166 1 111 40 61 856 66 tr f dd Edit Del 6 1 2 LAN Group Select Objects gt Address Table gt LAN Group Select IP Mode It offers two modes 1 IPv4 Mode IPv4 Address 2 IPv6 Mode IPv6 Address Click on Create a LAN Group rule Add Member and Group Group Mame group select From LAN Address select From IP Range select From IP Mask select From OHCP Users User Define select MAC Address Group Add Objects IFW320 Industrial Firewall Appliance Group Name Enter any word for recognition Select From LAN Address The left user lists which you add in LAN IP Address victoria Add Select From IP Range Enter the range of IP addresses which you want to restrict to start IP End IP IP MAC Binding add Select From IP Mask IF and Metmask 255 255 255 0 p24 Y Add Select From DHCP Users It shows range of DHCP users and these will be restricted If you select IP MAC Binding tick box it will show list of IP MAC Objects 59 IFW320 Industrial Firewall Appliance Select Users Define Please enter an IP address or subnet IP MAC Binding Type the IP address and then ENTER Repeat this process in order to add multiple IP addresses Add Select MAC Address Group Please enter an MAC address or subnet ex 00 60 E0 46 06 06 Type the MAC address and press ENTER Repeat this process in order to add multiple IF addresses j
166. q 1 ttl 46 time 14 4 ms 40 bytes from tb in 104 1e100 net 14 125 31 104 icmp_seq ttl 46 time 16 0 ms 40 bytes from 74 l25 204 103 icmp seq 3 ttl 44 time 11 353 ms Target IP or Domain Enter the Target IP or Domain name in this field Package Size It configures the size of each packet Default setting is 32Bytes Times It configures the quantity of packets to send out Default setting is 4 Wait Time It specifies the duration to wait between successive pings Default setting is 1 second Using Interface amp IP Select an interface There are LAN and WAN Tools 159 IFW320 Industrial Firewall Appliance 12 1 2 Traceroute Traceroute command can be used by the IFW320 to send out packets to a specific address to diagnose the quality of the traversed network Select Tools gt Connection Test gt Traceroute Enter some information in the field and click on Then you will see Traceroute Result Traceroute Setting Target IF or Domain Mw google corm Wax 30 characters y Package Size 40 Bytes Range 40 94994 1 Max Next Hop 30 Modes Range 1 255 Wait Time 2 seconds Range z 49999 Tracing Methods CMP Y Source Interface LAM Y 20K traceroute to wii google com 74 125 204 99 30 hops max 40 byte packets l F D 5 on q Ww DA a 10 Algal Tz Ia 14 is 16 1 4 4 4 4 4 4 4 SS SS HS Hll 4 4 4 4 4 4 4 4 y H A l H 4 4 4 4 3 Targ
167. r says amame and psa OG sil ren ELCOME User Mame admin Log In Cancel Menu Bar Title Enter a name and then click on Sue The name you enter will be showed next to the logo picture To IFW x EE C D 192 168 186 79 ars A admin Oy AXIOMTEK Bi 192 168 189 244 pi OnLine 1 Configuration 19 IFW320 Industrial Firewall Appliance 20 Browser Title Enter a name and then click on Sue The name you enter will be showed on the top of browser IFW x ax E T C C 192 168 186 9 SLEG A admin YX AXIOMTEK Axiomtek El 192 168 189 244 mil OnLine 1 Change Logo Click on to upload resolution of 150x90 gif figure file and then click on BSave The image will automatically appear in the upper left corner of the screen x 3 192 168 16 79 WELCOME Memory Release How often the system checks memory When memory usage is up to the setting value system will release memory if it has high memory usage Please see memory status in Homepage Information Protocol Pass Through System supports H 323 and SIP Reset to Default Setting If you need to keep LAN and WAN IP setting please select the related check box If you do not select it means that you want to reset to default setting Reboot system Click on to reboot system Configuration IFW320 Industrial Firewall Appliance 3 2 3 IP Address Select Configuration gt Administration gt IP Address Click on 4
168. rmanently block when login failed more than Perform permanent blocking when login failures exceed the number of time s entered in this field 0 means no limits Caution Redirect successfully authenticated users to Authenticated user can be redirected to the designated website by assigning its address to this field Leaving it blank means the user will just go directly to their desired website Authentication Mode Setting LAFAR Edit tL Local 4 40 P POP3 R RADIUS Separate items with commas Select authentication mode Client Login Message Login Preview Logined Preview Subject Content Logined Message Upload Logo Choose File Mo file chosen Import Save Select Authentication Mode Click on 4 t button to enter mode These modes are separated by using comma 1 L Local 2 A AD 3 P POP3 Subject Enter some words for website subject Content Enter some messages for showing in the login screen Leaving it blank will result in no message being shown Upload logo Click on Choose File to select logo file After selected click on mt This picture will show when users use Internet through this Internet Authentication The Login screen shows before user accesses a website Objects 83 IFW320 Industrial Firewall Appliance You can click on Login Preview to preview login screen see an example screen in figure below 04 axiomrex Your IP is Account Password
169. rmware from head office For example you can have four IFW320 in one building or different places and be able to view each IFW320 interfaces from all of them on the same screen or monitor 32 Configuration IFW320 Industrial Firewall Appliance 3 8 1 CMS Setting Select Configuration gt CMS gt CMS Setting gt Assume Head office WAN IP 111 252 72 198 and LAN IP 192 168 1 163 Example Head office A office WAN IP 192 168 1 161 and LAN IP 192 168 99 161 Branch office WAN IP 60 249 6 184 and LAN IP 10 10 10 50 And the CMS network architecture is given as follows TN o C memet 2 memet J J 60 249 6 184 WAN 111 252 72 198 d A Branch Office Head Office LAN 10 10 10 50 DMZ Bi LAN 192 168 1 163 i DMZ WAN 192 168 1 161 ce ea IC lt LAN 192 168 M AA internal Users ERP Server FTP Server Gateway 192 168 99 161 Gateway 10 10 10 50 CRM server Customer database Client site Branch office CMS Setting Enable Y Mode Client Server Client Setting Server 111 252 72 198 Alias AAA Update Time 1 Y Minutes admin Y lfyou dont designated management account the server side will not be allowed to log into this device Administrator account Gi Save Mode Client Server Enter head office WAN IP 111 252 72 198 or domain Alias Enter a name for recognition Click on 2 Head office A office CMS Setting Enable Y Mode Client Server Clien
170. slog Server 9 2 0 Visit the Solar Winds website solarwinds mpleted Please click on Finish ler PL Ll Please select Policy gt LAN Policy gt LAN to WAN and must check on Packet Tracing See figures below Policy gt LAN Policy LAN to WAN LAN to LAN LAN to WAN IPv6 Basic Setting Policy Name Source Destination Inside_Any Y O IP Address Outside_Any Y O IP Address Action Policy Protocol Service Port or Group software Access Control QoS Schedule URL Access Control Authentication Bulletin Board Max Concurrent Sessions for Each Source IP Address IDP Botnet Traffic Analysis Firewall Protection LJ SYN Attack LJ ICMP Attack O UDP Attack J Port Scan Add MAC Address ALL v User Defined Y Service Port None None v None Y None Y None v None v Pp None v Network Services 113 IFW320 Industrial Firewall Appliance 114 3 LAN to WAN Policy 1 4 ad 4d ld No Policy Name Source Destination Services Action On Off Policy Edit Del Log oe Inside_Any Outside_Any ANY JB SUN group Outside_Any ANY gt FB 3 A Mail Server Pre Inside_Any Outside_Any ie ve gt FB 4 Working Inside_Any Outside_Any gt wo FB a Qos Inside_Any Outside_Any ANY gt gt JB 16 URLblock Inside_Any Outs
171. system administrator Let s see Status gt Connection Status gt Connect Track Connect Track List Total Session 532 532 OutBound 30second Refresh 1 1 IP Address Session Up speed bits 4 Down speed bits 4 Log As we saw in the figure above 192 168 1 117 should be blocked so user can see block lists in Advanced Protection gt Anomaly IP Analysis gt Block List 120 Advanced Protection IFW320 Industrial Firewall Appliance 8 1 4 Trusted IP If user has some IP addresses which do not want to be restricted by this function user could enter the IP ranges After that those IPs you entered would not be detected by anomaly analysis IP exception setting Trusted IP IP Hetmask 192 160 1 67 32 Ex 192 168 1 1424 Direction Outgoing Y Type Log Notify W Block Comment Dont block and log fonly for outgoing DAYE Setting IP exception completed Trusted IP IP Netmask Direction Log Notify Block Comment Edit Delete 192 168 1 67 32 Outgoing Dont block and log only for outgoing FS Add 8 1 5 Anomaly Log You can find anomaly log at Advanced Protection gt Anomaly IP Analysis gt Anomaly Log Anomaly search Search Condition Date 2011 02 08 00 00 y 2011 02 08 E Single IP v y v 1 4 1 ES gt Anomaly List Date IP Action Event Actual Value Period Block Time 12s 12s Need Adminstrator unlock 2011 02 08 15 38 49 192 168 1 117 Log Outgoing Sessi
172. t 1 pia Connect up 2 A It does not connect the Internet IP Address System binding IP address Total Packets Each network interface transmission receive wrapped packets quantity in bytes Total Flow Each network interface transmission receive current capacity in bytes Getting Started 13 IFW320 Industrial Firewall Appliance This page is intentionally left blank 14 Getting Started IFW320 Industrial Firewall Appliance Chapter 3 Configuration In this chapter you may learn how to configure Date Time Administrator Backup Upgrade and Language of your machine by enabling the following lists Date amp Time Administration System Language Notification Backup amp Mount Signature Update CMS SSL Proof 3 1 Date amp Time Your current time zone setting can also be changed in this section The first form in this section gives you the possibility to manually change the system time Second the system time synchronized to time server hosts on the Internet by using the network time protocol NTP Network Time Protocol A number of time server hosts on the Internet are preconfigured and used by the system This makes sense if the system clock is way off and you would like to speed up synchronization Finally this might be necessary if you are running a setup that does not allow Axiomtek to reach the Internet You can add a host on User Defined Time Server field In the Date amp Time section you can
173. t Contacts Tasks iw Archive Reportspam Delete DARD Movetow Labels w More actionsw Refresh 1 50 of 71 Older gt ana Admin 2011 01 25 20 15 Auto Backup Auto Backup System Config File List Time Current Version 2 Jan 25 as E Admin D 2011 01 25 12 45 Admin log Admin Log Time Admin IP Address Function Path Action Evel Jan 25 eee 24 Admin 2011 01 25 04 15 Auto Backup Auto Backup System Config File List Time Current Version P Jan 25 Priority Inbox 21 Buzz Y Admin D 2011 01 24 18 45 Admin log Admin Log Time Admin IP Address Function Path Action Ever Jan 24 Starred 7 Admin D 2011 01 24 03 27 WAN disconnect WAN Detection Time Type Status WAN1 2011 01 24 0 Jan 24 Sent Mail Admin D 2011 01 24 00 24 WAN disconnect WAN Detection Time Type Status WAN1 2011 01 24 0 Jan 24 Drafts Admin D 2011 01 23 20 39 WAN disconnect WAN Detection Time Type Status WAN1 2011 01 23 2 Jan 23 College Admin 2011 01 23 18 00 WAN disconnect WAN Detection Time Type Status WAN1 2011 01 23 1 Jan 23 Dropbox Admin D 2011 01 23 17 27 WAN disconnect WAN Detection Time Type Status WAN1 2011 01 23 1 Jan 23 ame of 2 Admin 2011 01 23 15 57 WAN disconnect WAN Detection Time Type Status WAN1 2011 01 23 1 Jan 23 Picasa Web Albums H Ps Bi H i S 2 Configuration 29 IFW320 Industrial Firewall Appliance 3 6 Backup amp Mount Some IT administrators get into huge trouble when IFW320 s hard disk is broken
174. t Setting Server 192 168 1 163 Alias BBB Update Time 1 Y Minutes Ta admin Ifyou dont designated management account the server side will not be allowed to log into this Administrator account aan oevice G Save Mode Client Server Head office and head office A are at the same internal subnet so enter head office LAN IP 192 168 1 163 or domain Alias Enter a name for recognition Click on 2 Configuration 33 IFW320 Industrial Firewall Appliance Server site Head office Click New client requests 1 New client requests 1 L Realtime monitoring Auto Backup Click Accept You will see the following figure showing CMS client s Client request list The last request time Action 2013 03 01 17 59 47 00 60 E0 52 38 F5 a Accept Delete O Connect succeed y Connection failed 3 9 SSL Proof If you don t like the general kind of SSL notification web page please apply for your own SSL Certification at local SSL Certification organizations lt depends on company domain your company WAN IP company logo and others The following figure shows SSL Error screen W 5 SSL Error x WEN gt Abtp 122 154 147 163 Ht Apps A The site s security certificate is not trusted You attempted to reach 122 154 147 163 but the server presented a certificate issued by an entity that is not trusted by your computer s operating system This may mean that the server has
175. t be reached anymore via its old IP address factory default or previous LAN address 1 2 3 4 5 Select Network Services gt High Availability gt High Availability Select Enable tick box to start function and set mode to Master The Manage IP is the first IP address of the management network The Remote IP is the special subnet to which all IFW320 that are part of a HA setup must be connected via the LAN interface Finally click on to activate the settings setup the firewall that is going to be the backup At this point an extra panel appears where the Backup specific settings can be configured l SS 6 In Execute the setup wizard including the network wizard filling in all needed information It is not necessary to configure services etc since this information will be synchronized from the master However it is necessary to register the backup with Axiomtek network Select Network Services gt High Availability gt High Availability Enable Select Enable tick box to start function and set mode to Backup Fill in the Manage IP management network address for the Backup Fill in the Remote IP the Backup needs this to synchronize its configuration from the Master Finally click on to activate the settings conclusion the Backup mode cannot be reached anymore via its old IP address factory default or previous LAN address since it is in standby mode It is co
176. t l3 E OTHERS 20 symantec a TR Erypti54 E TR Dlar 22 E TR Spy El HH E ll 9 4 BotNet Log 9 4 1 Today BotNet Log Select DP amp BotNet gt BotNet Log gt Today BotNet Log Today BotNet Log displays violations based on date classification event source IP address destination IP address protocol source port destination port action and risk level nn hal You may click on to list out all the items see figure below Today Botnet Log Botnet Log List 1 0 Export Date Classification Event Source IP Address Destination IP Address Protocol Source Port Destination Port Action Risk Level 136 IDP amp BotNet IFW320 Industrial Firewall Appliance 9 4 2 BotNet Log Search Select IDP amp BotNet gt BotNet Log gt BotNet Log Search BotNet Log Search provides various searching conditions such as date classification event source IP address destination IP address protocol source port destination port action and risk level Search Botnet Log Date 2014 11 07 I 00 00 2014 11 07 23 59 Classification All T Event source IP Address Destination IP Address Protocol All source Port Destination Part Action Al Risk Level All T Search IDP BotNet 137 IFW320 Industrial Firewall Appliance This page is intentionally left blank 138 IDP amp BotNet IFW320 Industrial Firewall Appliance Chapter 10
177. tch b Switch ML 9324 Switch Model lt depends on what you choose on switch type Name Enter switch model name Remarks Enter any words for recognition IP Address Enter switch IP address Number of Port Total number of switch port SNMP Read Community For switch ML 9324 default read community is public Administrator could click on Connection Test to check connection SNMP Write Community For switch ML 9324 default write community is private Administrator could click on Connection Test to ch e ck connec ti on Advanced Protection 123 IFW320 Industrial Firewall Appliance Web Management Enter switch web management port Default port is 80 Let s click on 44 After click on created successfully Switch List interface Switch Type Lan SMMP to create a new switch connection you will see switch list Figure below shows SNMP Switch is 171 x Search Switch Name IP Address Port Web Management Action ML 9324 192 168 168 165 24 ZE Add If IT administrator doesn t know the switch IP or doesn t know how many switches are under IFW320 IT administrator could click on to scan search for switches The Search Result is shown in figure below e https 192 168 188 1 8443 Program Services SearchResult php Windows Internet Explorer gt Search Result IP Address 192 168 188 74 192 168 188 75 192 168 188 144 192 168 188 145 192 168 188 165
178. tected the same ip 2013 11 12 09 54 40 08 00 27 5f 06 1f 172 16 100 100 Detected the same ip 2013 11 01 17 25 42 00 0c 29 99 eb c2 192 168 1 141 Detected the same ip 2013 11 01 17 25 42 00 0c 29 7b 41 f7 192 168 1 141 Detected the same ip 2013 10 30 11 50 46 00 0c 29 7b 41 f7 192 168 1 141 Detected the same ip 2013 10 30 11 50 46 00 00 00 00 00 01 192 168 1 141 Detected the same ip MAC Address Which MAC address is being forged IP Address Which MAC address is the forged IP address Status Which one is the problematic IP address 8 3 5 Lock Status When source IP address sends traffic that exceeds the set value IFW320 will list out the suspicious IPs and block them Lock Status contains ARP MAC IP BotNet and Anomaly IP Select Advanced Protection gt Internal Protection gt Lock Status Lock Status Lock Status 128 Advanced Protection IFW320 Industrial Firewall Appliance Chapter 9 IDP 8 BotNet Traditional firewall can inspect Layer 2 to Layer 4 of OSI model such as Source IP Address Destination IP Address Source Port Number Destination Port Number and Flag Fields However traditional defense system cannot protect industry s network from evolving threats and virus anymore Axiomtek IFW320 s built in IDP IDP Intrusion Detection and Prevention IDS IPS can inspect the packets from OSI layer 4 transport layer to OSI layer 7 application layer by using Deep Packet Inspection DPI and block conceale
179. tection When starting DPD function when VPN detects opposite party reaction time Hold stands for the system will retain IPSec SA Clear stands for the tunnel will clean away and waits for the new sessions Restart will delete the IPSec SA and reset VPN tunnel Drop SMB Protocol After the closure Network Neighborhood will be prevented Here is an example showing how to utilize two IFW320 devices Assume that A Company 192 168 168 51 wants to create a VPN connection with B Example Company 192 168 99 21 in order to access files VPN IPSec Can IP 211 20 227 193 o M 1P 61 11 11 11 ADSL ADSL D i A Company B C mpany i WAN iP 211 20 227 193 WAN IP 61 11 11 11 LAN IP 192 168 168 1 LAN IP 192 168 99 1 IP 192 168 168 51 IP 192 168 168 100 IP 192 168 99 34 IP 192 168 99 21 For A company Select VPN gt IPSec Tunnel gt Add VPN Tunnel Its WAN IP is 211 20 227 193 and LAN subnet is 192 168 168 0 24 Default gateway for the A company LAN IP 192 168 168 1 VPN 149 IFW320 Industrial Firewall Appliance NO MAGO N to So 11 12 13 14 15 VPN Tunnel Name Enter VPN_B in the field Interface Select WAN Suggest using static IP Local Subnet Enter 192 168 168 0 255 255 255 0 24 Remote Subnet Enter 192 168 99 0 255 255 255 0 24 Preshare Key Enter numbers for B Company Should be the same with B Company The maximum length of Preshare key is 103
180. ted Group List 1 1 Group Name Member Auth Setting Edit Del vic test victoria User defined setting 8 testgroup 111 POP3 User test com 222 POP3 User test com General setting ax 222 POP3 User test com General setting 222 POP3 User test com i In addition click on 4 to create a new sub content to modify contents or to cancel list Group List 1 1 Group Name Member Auth Setting Edit Del vic test victoria User defined setting SB testgroup 111 POP3 User test com 222 POP3 User test corn General setting 7 Add Objects 89 IFW320 Industrial Firewall Appliance gt Example Here is an example showing how User Group with Local User mode is used 1 2 3 4 Select Objects gt Policy gt LAN Policy Then select the function you need on the right side Click on and set Action to Permit and then set Authentication to vic test which you have previously set in section 6 9 Authentication Basic Setting Policy Name Source Inside_Any v IP Address MAC Address Destination Outside_Any Y IP Address Action Policy Protocol ALL Y Service Port or Group Ej User Defined v Service Port software Access Control None v QoS None v Schedule None v URL Access Control None Authentication Bulletin Board Max Concurrent Sessions for Each Source IP Address estgroup IDP Botnet None Y Packet Tracing Traffic Analysis Firewall Protection
181. ter account name Password The password for authentication Configuration 17 IFW320 Industrial Firewall Appliance 18 Password Strength wf Please input 3 to 16 characters notthe same with account Weak Fair Strong a weed Please input 3 to 16 characters notthe same with account Weak Fair strong 2 wef Please input 3 to 16 characters notthe same with account Weak Fair Strong Password Fassword Strength Password Fassword Strength Password Password Strength Confirm Password The confirmation of password Notes Easy to know who it is Privilege Sub administrators can be granted with Read Write or All Privileges to determine the right of system Besides sub administrators can be created edited or deleted User Defined Menu IT administrator could customize MENU by selecting see figure below User Defined Menu Configuration Network Policy Objects Network Services Advanced Protection IDP amp Botnet SSL VPN YPN Tools Logs Status Date amp Time Backup amp Mount Interface LAN Policy Address Table URL Filter DHCP Remote Syslog Server Anomaly IP Analysis IDP Setting SSL VPN Setting IPSec Tunnel Connection Test System Operation Performance Administration Signature Update Interface IPvb WAN Policy Services Virtual Server DDNS Switch IDP Log SSL YPN Log PPTP Server Connection Status System CMS Routing Schedule Fire
182. th Setting 1 General setting It accords with Auth Settings 2 User defined setting The settings of Idle timeout Re login after user has logged in for and Select Authentication Mode are defined by yourself Select user type There are two choices 1 This machine Local Users Objects 87 IFW320 Industrial Firewall Appliance Add Group Member Group Name vic test General setting Auth Setting User defined setting Idle timeout minutefs range 1 1000 Re login after user has logged in for hour s range 0 24 0 means no limit LAPR amp Edit L Local A AD P POP3 R RADIUS Separate items with commas Select authentication mode Select user type Local Y victoria Add Setting User Group with Local Users mode completed In addition click on to create a new sub content to modify contents or to cancel list Group List 1 1 Group Name Member Auth Setting Edit Del vic test victoria User defined setting P Add 88 Objects IFW320 Industrial Firewall Appliance 2 POPS Enter a group name choose POPS for user type And move the accounts from the left to the right Accounts can be a single account or a group of POP accounts Group Name test General setting Add Group Member Auth Setting User defined setting Select user type POP3 POP3_ALL POP3 Group test com 111 POP3 User test com 333 POP3 User test com Add Setting User Group with POP3 mode comple
183. the VPN in the past most were carried out from the policies or is unable to monitor IFW320 for the VPN is direct control from the VPN VPN on internal control and external control through the VPN connection points connected to internal network the Protocol Service port QoS bandwidth and Schedule Packet tracing and Traffic Analysis Select VPN gt VPN Policy gt VPN to Internal or Internal to VPN Click on Create a new VPN policy VPN s policy is as follows policies started from the priority1 will be the implementation of eligible project If you want to ban non control information into the internal network it will need to last a total of all the packets into the internal prohibited Policy Name Enter any word for recognition Source Address and Destination Source Address source network and Destination Address the destination network are for the observation points connect one end of the active source network address be connected to one end of the network address for the purpose of apart from the policy choices users can also directly enter the IP address and MAC address 1 Source IP address VPN_Any will be the representative of the external section of all VPN tunnels either with IPSec PPTP set up Site to Site or the establishment of a single PPTP Server dial up account are in line with the conditions The default IP address of the PPTP server will also be included in the default source IP address 2 The destination
184. ting Policy Name Mail Server Protocal MAC Address Source Inside_Any Y IP Address Destination Outside_Any Y IP Address Action Policy Protocol ALL Y User Defined Y Service Port POP3 a PETE RIP RLOGIN Schedule Real Audio SFTP SMTP over SSL SMTP Service Port or Group Software Access Control URL Access Control Authentication SNMP Bulletin Board SSH SYSLOG Max Concurrent Sessions for Each Source IP Address IDP Botnet Packet Tracing Traffic Analysis TFTP Telnet Terminal UUCP NC WAIS WINFRAME Firewall Protection SYN Attack ICMP Attack UDP Attack Port Scan 3 Setting Service Policy completed refer to the following figure LAN to WAN Policy 134 No Policy Name Source Destination Services Action On Off Edit Del Log Outside_Any gt Y Outside _Any CE a ax Outside_Any Mail i gt Group Name Port Start End Mail Server EA POP3 110 SMTP 25 1 22 Inside_Any AD group ey Mail Server Pre Inside_Any 6 3 Schedule The IT Administrator needs configure a schedule for policy to take effect and allow the policies to be used at those designated times And then the Administrator can set the start time and stop time or VPN connection in Policy or in VPN By using the Schedule function the Administrator can save a lot of management time and make the network system most effective In this section you can enable the following lists 6 3 1 Schedule L
185. torage You will see data items that you have ever backup Item Year Month User Flow Log 2011_09 Web Content 2011_08 2011_09 FTP Content MSN Content Mail Content o 2011_08 Mount Remote Data Click on Mount Remote Data __ gt Current Mount Item Item Year Month User Flow Log Web Content 2011 08 FTP Content MSN Content Mail Content 2011 08 Access to External Storage Unmount Remote Data Click on Unmount Remote Data Click on Unmount Remote Data if user does not want to search for Remote Data contents 3 7 Signature Update IFW320 provides auto signature update In this section it describes configuration samples of IDP and BotNet signature update The updates consist of the latest released signatures which allow them to prevent detect and remove malware 3 7 1 Signature Update Signature Update Name Version Last Check Time Auto Update Function IOP Signature Update 2 0 2014 09 30 17 23 54 Check Now Botnet Signature Update 1 3 2014 09 30 17 23 56 Check Now RERA To select update items check the box User can check the update item and enable Auto Update Click on Eneck Mow Then signatures can be updated to the latest version 3 8 CMS CMS is Central Management System This application not only allows you to view each one of the IFW320 equipment over the network and Internet but also allows you to backup each configure setting or update fi
186. ttack UDP 137 WAN1 192 168 1 15 192 168 1 255 2013 09 10 14 03 31 UDP Attack UDP 137 WAN1 192 168 1 15 192 168 1 255 6 9 Authentication Internet Authentication serves as a gateway to filter out unauthorized users from accessing the Internet Configuring the Authentication provides an effective method of managing the networks use Therefore IT administration can control the user s connection authority by setting account and password to identify the privilege and then users have to pass the authentication to access to Internet In this section it offers some authentication modes Local Users User Group External Authentication Settings including AD AD Active Directory and POP3 to add flexibility to your choice of authentication method In addition it also offers Internet Authentication Recorder and Authentication Status The IT administrator can use two methods to know the authentication of LAN s users and what they have been done In this Authentication section you can enable the following lists Objects 81 IFW320 Industrial Firewall Appliance 6 9 1 Auth Setting Select Objects gt Authentication gt Auth Setting Figure below shows Authentication common settings Authentication General Setting Authentication port 92 range 1 65535 0 means authentication disabled hax concurrent connections 256 range 10 256 Idle timeout BO minuters range 1 1000 Rie login after user has logged in for 24 hours range 0
187. tup to 1024000Kbps MAC address Enter a MAC address Netmask Enter a new Netmask Default setting is 255 255 255 0 Down Speed Down Speed Downstream Bandwidth The Kbps is a unit of Soeed Define a suitable maximum Downstream bandwidth in order that the device may use it as a basis for operating If Down Speed of LAN interface is 100M it can be setup to 102400Kbps Therefore 1Gbps will be setup to 1024000Kbps After click on e please enter a new IP address that you have just made in web browser and then login again Getting Started 9 IFW320 Industrial Firewall Appliance Select Network gt Interface gt WAN see figure below WAN Setting Interface Marne eth1 Connection Type Static IP Address 192 160 106 79 Metmask 255 255 255 0 Default Gateway 192 160 106 1 MAC Address 00 00 40 34 54 44 Up Speedi Max 1000Mbpsj 100Mbps User Define Down Speedi Max 1000 Mbps j 100Mbps User Define speed and Duplex Mode Auto OO0Mb Full MTU 1500 Load Balance Auto Manual 1 Y By source IP By Destination IP WAN Alive Detection Detection Method DNS ICMP NONE Detected IP Address 1168 95 192 1 Administrator Managernent Ping MI HTTP MI HTTPS Firewall Protection Firewall Protection Items SYN IMP LIDP Port Scan Log General Setting DNS Server Mode static Auto DNS Server 1 1568 95 1 1 DNS Server 2 168 95 192 1 HTTF Fort ll HTTPS Port 445 Wan Alive Detection Period 5 1 601 Seconds Idle Timeout
188. ults TA ES From Admin So To ting sharetech com tw Host 192 168 99 111 Folder UR 730A_report Total space 104755 MBytes Used space 43525 MBytes Available space 61230 MBytes Spend time 11 seconds Status Data Export Deatil 2011 09 06 2011 09 07 2011 09 08 2011 09 09 2011 09 10 2011 09 11 2011 09 12 2011 09 13 2011 09 14 2011 09 15 2011 09 16 2011 09 17 2011 09 18 Success b2011 08 m2011 08 b2011 09 m2011 09 2011 08 03 2011 08 04 2011 08 05 2011 08 06 Success 2011 08 07 2011 08 08 2011 08 09 2011 08 10 2011 08 11 2011 08 12 2011 08 13 2011 08 29 Success Click on You will see the following message Backup Setting E Scheduled Backup 01 00 Y Send Backup Result Notification Last Backup Time 2011 08 25 10 16 20 gt Spend Time 1 seconds Remote Available Space 47748 MBytes Backup Item There are five items User Flow Log Web Content FTP Content MSN Content and Mail Content 3 6 2 Data Mount If you want to see previous contents but you have ever reset machine to default setting or have ever Clear Data for these reasons there are no data contents in this machine hard disk Fortunately you have ever use Backup amp Mount application to backup contents to another server or computer Then you can mount these contents to search for Content Record items Configuration 31 IFW320 Industrial Firewall Appliance First please click on Access to External S
189. ur Axiomtek distributor as soon as possible for the Suitable solution For the computers that are no longer useful or no longer working well please contact your Axiomtek distributor for recycling and we will make the proper arrangement Conventions Used in This Manual The following typographical conventions are used in this book Content Style Menu gt Submenu gt Right Side Banner Selections e g Configuration gt Administrator gt System Setup Configuration gt Date amp Time gt Administration gt System Language Notification Backup amp Mount signature Update CMS I AAA em A OE To make sure that you perform certain tasks properly take note of the following symbols used throughout this manual gt gt Configuration gt Administration gt gt This icon indicates a tip or suggestion would like to tell users a special point on the Internet This icon indicates a limited or caution Pay attention to these to avoid running e into system Caution gt This icon indicates an example Give users examples and to show how to use Example vi Table of Contents DISCIAIMEO Soi il Safety PrecalllloNS aun lil IAS SING AMO I encia iv General Cleaning TS iv Cleaning ToolS dsc hese Sesh ierrrrsh entrEer meres nsnsnrsrere Tener V Scrap Computer Recycling ssia aaa V Conventions Used in This Manual coonnccnnnniconncicncncccncncnenancnenanonenannnenanns vi Chapter 1 Introductio
190. versions of Kiwi Syslog Server 7A es f neas 7 Coma sola rwinds Choose which features of Kiwi Syslog Server 9 2 0 you want to install This will install Kiwi Syslog Server version 9 2 0 Or select the optional Program files required ar you wish to Shortcuts apply to all users Add Start menu shortcut Add Desktop shortcut Add QuickLaunch shortcut Add Start up shortcut Description Space required 49 2MB Position Your MOUSE Over aCi description Back Next gt Cervar O 20 pe ae A e AS e er Choose Install Location sola rwinds Choose the folder in which to install Kiwi Syslog Server 9 2 0 Setup will install Kiwi Syslog Server 9 2 0 in the following folder To install in a different folder dick Browse and select another folder Click Install to start the installation Destination Folder Space required 49 2MB Space available 29 4GB Solarwinds Inc 112 Network Services IFW320 Industrial Firewall Appliance re being installed er U ins Wait while files a Installing solarwinds Please wait while Kiwi Syslog Server 9 2 0 is being installed Deak ee ee ee ee ee Next gt Cancel 8 Installation is co co yslog Serv 0 Completing the Kiwi Syslog Server 9 2 0 Setup Wizard Kiwi Syslog Server 9 2 0 has been installed on your computer Click Finish to dose this wizard Run Kiwi Sy
191. wall Protection DNS Proxy Intranet protect Botnet Setting YPN Policy PPTP Client Flow Analysis Language SSL Proof 802 10 Authentication High Availability Botnet Log YPN Policy Select All None Notification Application Control Bulletin Board SNMP Configuration IFW320 Industrial Firewall Appliance 3 2 2 System Select Configuration gt Administration gt System This function shows view of the screen and system default setting see figure below General Setting Login Message WELCOME LOGIN Homepage Message Axiomtek Browser Wessage Py Upload Logo PEMeociaia o ls w image size limit 150 90 pixel optimal image size 150x390 pixel GIF gt Memory Release Every 30 minutes check memory Usage more than 90 release memory Pass through Protocol H 323 SIF session timeout of established 600 SecthOO 286400 WatchDog Timer hen the system is crashed watchdog will immediately restan the system t Login Failure Block Settings Temporarily block when login failed more than o 0 means o limit IP blocking period 0 minutefsi 0 means permanent blocking Unblocked IP Mo blocked IP Save Reset Reboot Setting Resetto Default Setting Ok keep LAN WAN and Diz Setting Reboot System OK Login Title Enter a name and then click on Su The name you enter will be showed when you login Authentication Required The server hittp192 168 16 password The serve
192. word a show Password Authentication Ll TLS cl Add Setting SMTP Server completed In addition click on 4i to create a new sub SMTP 4 to modify its contents or to cancel list SMTP Server No Sender Alias Sender Name Mail Server IP Address Account SMTP Test Edit Del 1 Admin bumuzemar495co qmail com smtp qmail cam bumuzema 4a5 agmail com TEST FS Add 24 Configuration IFW320 Industrial Firewall Appliance 3 3 System In this section you can enable the following lists 3 3 1 System Backup Select Configuration gt System gt System Backup Then you will see two parts System Backup and System Recovery System Backup to USB system Backup to USB Backup System Backup system Backup Backup System Recovery system Recovery Choose File No file chosen OKE System Backup to USB Click on Backup and then please wait a minute You will see another window Click on o ok and do not forget where you save file System Recovery Click on Exowse and then select the file After you select the file do not forget to click on on the screen 3 3 2 Schedule Backup Select Configuration gt System gt Schedule Backup As long as IT administrators enable backup setup time and copies the system will provide scheduled backup Schedule Backup Enable Ll schedule Backup Every Davis ser Define Monday Tuesday Wednesday Thursday Friday O Saturday O Sunday Every
193. y Then select the function you need on the right side Here we use LAN to WAN for example Click on Edd first 2 Set Action to Drop and then set Schedule to Working which you have just selected in section Schedule List Basic Setting Example 1 Policy Name Source Inside_Any v IP Address MAC Address Destination Outside_Any Y IP Address Action Policy Protocol ALL Y Service Port or Group EY User Defined Y Service Port Software Access Control one Schedule None v URL Access Control Authentication Bulletin Board lone Max Concurrent Sessions for Each Source IP Address 0 IDP Botnet v Packet Tracing Traffic Analysis Firewall Protection SYN Attack ICMP Attack UDP Attack Port Scan Add 3 Setting Service Policy completed refer to the following figure LAN to WAN Policy 14 No Policy Name Source Destination Services Action On Off Edit Del Log 17 Inside_Any Outside_Any gt Pd 20y groupN Outside _Any ANY gt ax 3 Y Mail Server Pro Inside_Any Outside_Any Mail E Group Hame Port Start End Mail Server Maa POP3 110 SMTP 25 6 4 QoS By configuring the QoS IT administrator can control the Outbound and Inbound Upstream Downstream Bandwidth The administrator can configure the bandwidth according to the WAN bandwidth The QoS feature not only facilitates the bandwidth management but optimizes the bandwidth utilization as well The following two figures indicate the
Download Pdf Manuals
Related Search