Version 3.0 Quick Guide
Contents
1. Fille Edit Tools Window Help PECE ND CETA PCES E EI AA Security Policy Standard Confirmed File Checksum version Rule attributes Count Message Firewall Rules 2 Programs f Ports lk Protocols Trusted Nets Banned Nets 88 Scripts By Replica Servers Unconfirmed File Checksum version Rule Attributes Count Confirmed Files 0 Unconfirmed Files 0 Ports 58 Protocols 136 Trusted Nets 0 2 Replica Server Status x w 0 MyComputer Updated Server MyComputer Administrator Replica Status B Firewall Logons 0 2 Its window contains in its work panel or multiple Security Policy windows in which the Security Policies of the logged on to Master Server are managed and a Replica Server Status window NetOp Policy Server Console is explained in the User s Manual section 3 3 NetOp Policy Server Console and in the matching NetOp Policy Server Help section 21 NetOp Policy Server Console Manage Security Policies Security Policy is the key element in NetOp Policy Server A Security Policy specifies Firewall Rules applied to NetOp Desktop Firewalls for Programs Ports Protocols Trusted Nets and Banned Nets Scripts specify NetOp Desktop Firewall configuration options that can be applied by a Security Policy Replica Servers specifies which Replica Servers are enabled to NetOp Desktop Firewalls A Security Policy can specify firew2. Edit E Active Directory Accounts iy company local company local Groups Computers Users B amp Policy Accounts Accounts Logons ES Anonymous Account Firewall Logon Administration is explained in the User s Manual section 3 4 2 Firewall Logon Administration and in the matching NetOp Policy Server Help section It can assign a Security Policy individually to an Active Directory Group individually to a Policy Account specified in the window and generally to 4nonymous Account It specifies which Security Policy shall be assigned to a VetOp Desktop Firewall based on the identification of the firewall at logon 25 Tools NetOp Policy Server will first try to identify a logging on NetOp Desktop Firewall computer as an Active Directory Group member and assign to it the Security Policy assigned to the Active Directory Group If unsuccessful it will then request Policy Account credentials from the NetOp Desktop Firewall to assign to it the Security Policy assigned to the Policy Account with matching credentials If unsuccessful it will then log on the NetOp Desktop Firewall as Anonymous Account if a Security Policy is assigned to Anonymous Account If no Security Policy is assigned to Anonymous Account it will reject the NetOp Desktop Firewall logon Manage Administrators Select the Console window Tools menu Administrator Manager command to display this wind
3. Policy Server overview and guides you through initial installation and startup NetOp Product Services NetOp Policy Server Overview NetOp Policy Server includes the modules NetOp Policy Server Console Master Server and Replica Server NetOp Policy Server Console NetOp Policy Server Master Server ZIN Replica Replica Replica Server Server Server NetOp NetOp NetOp Desktop Desktop Desktop Firewall Firewall Firewall NetOp Policy Server Overview NetOp Policy Server Console is the main user interface from which an administrator can control a Master Server NetOp Policy Server Console is typically installed on a system or network administrator workstation Master Server stores Security Policies controls which Security Policy is assigned to each NetOp Desktop Firewall and stores records of interaction with NetOp Desktop Firewalls Master Server interacts with NetOp Desktop Firewalls only through a cluster of up to 32 Replica Servers One Master Server is typically installed on each local area network on a server computer that must run almost continuously with only short downtime periods A Master Server and its cluster of Replica Servers operate jointly to appear at the Console end as well as at the NetOp Desktop Firewall end as one NetOp Policy Server and can be designated as such as illustrated in the image above Replica Servers interact with NetOp Desktop Firewalls and record interaction Replica Serve
4. User 5 Guide that is available as a Portable Document Format PDF file on the NetOp Desktop Firewall CD and the NetOp Policy Server Help system that becomes available when NetOp Policy Server is installed on a computer Updates NetOp Policy Server may be improved from time to time through the release of updated versions Updated versions will be available from the website www netop com select Support They include a NPSReadMe txt file that explains what has been updated since the original release of the product Users should verify that the most recent update of the product is installed Install Note This section explains the default installation of NetOp Policy Server Console Master Server and Replica Server on one computer Install If NetOp Policy Server is new to you we recommend that you initially carry through this installation on a Windows 2000 or XP computer with at least 32 MB of RAM and at least 40 MB of free disk space to get familiar with the product Insert the NetOp Desktop Firewall CD into a CD drive and select Install NetOp Policy Server to display this window m NetOp Policy Server Ea Welcome to NetOp Policy Server Setup program This program will install NetOp Policy Server 3 0 0 33 on your computer It is strongly recommended that you exit all Windows programs before running this Setup Program Click Cancel to quit Setup and close any programs you have tunning Click Next to continue with the
5. User s Manual section 3 4 4 Change Password or the matching NetOp Policy Server Help topic Client Log logs NetOp Desktop Firewall program firewall rule File Requests and Logons It can display log entry records applying limiting criteria Client Log can be searched from a Security Policy window Programs pane record to display File History It can be searched from a Firewall Logon Administration window Active Directory Computer or User record a Policy Accounts Account or Logon record or an Anonymous Account logon record to display Logon History see the User s Manual section 3 4 5 Client Log or the matching NetOp Policy Server Help section Statistics can display graphs of the number per hour day or month of Confirmed File firewall rule requests Unconfirmed File firewall rule requests Logons and Synchronizations for each or all Security Policies on a NetOp Policy Server to monitor the historical load 27 Tools see the User s Manual section 3 4 6 Statistics or the matching NetOp Policy Server Help section Options specifies options for the Console the logged on to Master Server and the update of NetOp Desktop Firewall installations see the User s Manual section 3 4 7 Options or the matching NetOp Policy Server Help section Configure Tools enables adding other tools to the Console window Tools menu and toolbar to start them from there see the User s Manual section 3 4 8 Configure Tools or th
6. 205 Westwood Ave Long Branch NJ 07740 Phone 866 94 BOARDS 26273 732 222 1511 Fax 732 222 7088 E mail sales touchboards com NetOp Policy Server Version 3 0 Quick Guide Moving expertise not people Copyright 1981 2005 Danware Data A S All Rights Reserved Portions used under license from third parties Document revision 2004313 Please send comments to CrossTec Corp 500 NE Spanish River Blvd Suite 201 Boca Raton FL 33431 USA Toll Free 1 800 675 0729 E mail info crossteccorp com http www crossteccorp com Contents Contents oem ee ee ae ee a lS Welcome rel n ae eee do NetOp Policy Server Documentation 0 0 0 cette Updates ERU bee eS ea ee ne eee Install 0e oe pe RED ep ee ee ee A eee ee Open NetOp Policy Server NetOp Policy Server Console Manage Security 5 Rate Be ee E Manage 5 Manage Firewall Logons Manage Administrators Other Tools s Se a sean ER LA NetOp Policy Server Welcome Welcome Welcome to NetOp Policy Server from Danware This Quick Guide provides a NetOp
7. Setup program WARNING This program is protected by copyright law and international treaties Unauthorized reproduction or distribution of this program or any portion of it may result in severe civil and criminal penalties and will be prosecuted to the maximum extent possible under law Click Next gt to display this window Install q NetOp Policy Server xi License Agreement 2 You must agree with the license agreement below to proceed oco NetOp Policy Server SOFTWARE LICENSE AGREEMENT COMPANY DANWARE SECURITY A S DANISH COMPANY REGISTRATION NUMBER 2514 4228 BREGNERODVEJ 127 DK 3460 BIRKEROD DENMARK AND OR ITS SUBSIDIARIES YOU YOUR THE INDIVIDUAL THE COMPANY OR THE LEGAL ENTITY THAT WILL BE UTILIZING THE SOFTWARE SOFTWARE THE SOFTWARE AND DOCUMENTATION THAT ACCOMPANIES THIS LICENSE IMPORTANT NOTICE TO ALL USERS PLEASE READ THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE THE COMPANY IS WILLING TO LICENSE THE SOFTWARE TO YOU ONLY ON THE 1 accept the license agreement 1 accept the license agreement Check this box to enable the Next gt button Click Next gt to display this window Install m NetOp Policy Server LX Destination Location Setup will install NetOp Policy Server in the following folder To install into a different folder click Browse and select another folder You can choos
8. all rule variants in Profiles Add remove rename open and close a Security Policy from the Console window File menu A newly added Security Policy created from the Default template such as the initial Security Policy named Standard of a newly installed Master Server has default properties with no Programs display pane records Security Policy Standard x Confirmed File Checksum version Rule Attributes Count message Firewall Rules 2 Programs Ports Protocols Trusted Nets Banned Nets Scripts iy Replica Servers nad Unconfirmed File Checksum version Rule Attributes count Profiles A Confirmed Files 0 Unconfirmed Files 0 Ports 58 Protocols 136 Trusted Nets 0 Z The Security Policy window Programs display pane is explained in the User s Manual section 3 3 4 1 3 Programs and in the matching NetOp Policy Server Help section 22 NetOp Policy Server Console Confirmed File pane records specify Program firewall rules that have been assigned by administrators to be applied on NetOp Desktop Firewalls logged on to the NetOp Policy Server Confirmed File pane records can be copied from an available Security Policy but if no other Security Policy is available Confirmed File pane records must be added from scratch To do this run NetOp Policy Server with a pilot group of NetOp Desktop Firewalls to automaticall
9. ard button in the notification area in the lower right corner of the screen to display this menu Open NetOp Policy Server Guard Open NetOp Policy Server Console Exit NetOp Policy Server Guard Select Open NetOp Policy Server Console to display the NetOp Policy Server Console window with an empty work panel and this window in front of it CH NetOp Policy Server NetOp og On to Master Server User Name Administrator Password Server MyComputer v Cancel Specify in this window your administrator credentials to log on to the Master Server User Name This field displays Administrator For an initial trial session leave it at that Password Specify in this field the initial administrator password masterkey 13 Open NetOp Policy Server Console Server The field of this drop down box displays the name of your computer Click OK to log on to the Master Server closing the window and displaying this window The system has detected Replica servers that are not approved Replica servers will only work if approved by an administrator with assigned administrator rights Do you want to open the Server Manager to approve the Replica s Don t show this dialog again Click OK to display this window E Server Manager oix File Edit J Master Servers amp mycomputer igj MyComputer In the Replica Servers pane select the u
10. e Master Server While retrieving logged data TCP port 1229 used for this purpose can be blocked for other traffic for a considerable amount of time Therefore other communication between the Console and the Master Server uses TCP port 1226 29 NetOp Policy Server Communication When manually or automatically requested from the Console the Master Server requests by TCP port 1228 that the Replica Servers in its cluster update i e download an updated set of Security Policies from the Master Server Replica Servers connect to their Master Server once every minute by TCP port 1226 to report their status They forward their firewall interaction recordings residing in memory for storage on the Master Server when a predefined number of recordings have accumulated and when the Console requests logged data If required by their settings when Replica Servers have been updated they request by UDP port 1230 that Firewalls synchronize i e download an updated set of firewall rules and settings from the Replica Server Firewalls request program firewall rules according to their settings and refresh their logon regularly typically once every five minutes by connecting to a Replica Server by TCP port 1230 If the firewall rules on a Firewalls are outdated as indicated by a checksum included with its logon the Replica Server will request that the Firewall synchronizes To ensure smooth NetOp Policy Server operation network elements in the comm
11. e matching NetOp Policy Server Help topic NetOp Policy Server Database Backup is a separate NetOp Policy Server tool for backup restoration and backup scheduling of NetOp Policy Server configuration databases It is installed with NetOp Policy Server Console and can by default be started from the Tools menu or Tools toolbar see the User s Manual section 3 5 NetOp Policy Server Database Backup or the matching NetOp Policy Server Help section NetOp Policy Server Guard is a separate NetOp Policy Server tool for monitoring server failures It is installed with NetOp Policy Server Console and is by default displayed as a button in the Console computer notification area in the lower right corner of the screen see the User s Manual section 3 6 NetOp Policy Server Guard or the matching NetOp Policy Server Help section 28 NetOp Policy Server Communication NetOp Policy Server Communication NetOp Policy Server communication can be illustrated like this Console Log requests TCP port 1229 Other TCP port 1226 Master Server Update now TCP port 1228 I am alive TCP port 1226 T Replica Server Synchronize now UDP port 1230 File requests and logons TCP port 1230 Firewall Arrows indicate the path of initial communication Typically return communication uses the same protocol and port as the initial communication An administrator at the Console can request logged data and execute tasks on th
12. e not to install NetOp Policy Server by clicking Cancel to exit Setup Destination Folder Program Files D anware Data NetOp Policy Server Browse Destination Folder This section displays the path of the directory in which NetOp Policy Server will be installed Click Next gt to accept this selection and display this window Install m NetOp Policy Server Lx Select Components PA In the options list to v NetOp Policy Server Master 868k the right select the v NetOp Policy Server Replica 576 pei pum NetOp Policy Server Console 10572 would like to have installed The disk space fields reflect the requirements of the options you have selected Disk Space Required 12016 k Disk Space Remaining 24598433 k By default all three boxes are checked to install NetOp Policy Server Console Master Server and Replica Server on the computer Click Next gt to accept this selection and display this window Install q NetOp Policy Server xi Database Destination Location Setup will install the database files in the following folder To install into a different folder click Browse and select another folder Database Destination Folder Application DataXDanware Data NetOp Policy Server 3 0 DB Browse Database Destination Folder This section displays the path of the directory in which Master Server configuration databases w
13. er Server acquire a licensed version of NetOp Policy Server and register Master Server with its license Buy Now Click this button to display a list of NetOp distributors from whom you can acquire a licensed version of NetOp Policy Server Register Click this button to display this window NetOp Policy Server Registration Wizard xi Welcome to the NetOp Policy Server m Registration Wizard Using this wizard you can registrate NetOp Policy Server You will be quided through the wizard step by step 3 M lt Back Cancel Click Next gt to display this window 16 Open NetOp Policy Server Console NetOp Policy Server Registration Wizard x NetOp Policy Server 3 0 0 33 Choose the desired registration method Register using your internet connection Register using an imported Software Activation From a file C Register later lt Back Cancel Keep the Register using your Internet connection selection and click Next gt to display this window 17 Open NetOp Policy Server Console NetOp Policy Server Registration Wizard xi NetOp Policy Server 3 0 0 33 7 Please fill out Registration Form all items marked with must be filled out TAS 2 Enter Registration Number Enter Registration Key Cancel Enter Registration Number Specify in these fields your registration number Enter Registration Key Specify in this field your registrat
14. ill be stored Click Next 7 to accept this selection and display this window 10 Install NetOp Policy Server LX Start Installation You are now ready to install NetOp Policy Server Press the Next button to begin the installation or the Back button to reenter the installation information Cancel Click Next gt to start installation When installation has completed this window will be displayed 11 Install q NetOp Policy Server xi m NetOp Policy Server 3 0 0 33 has been successfully installed View Readme file Automatically start Guard Start Guard now Press the Finish button to exit this installation View Readme file Check this box default unchecked to display the contents of the NPSReadMe txt file when clicking Finish gt Automatically start Guard Check this box default checked to automatically start NetOp Policy Server Guard monitoring server failures when Windows starts on the computer Start Guard now Check this box default checked to start NetOp Policy Server Guard when clicking Finish gt Click Finish gt to accept this selection end the installation 12 Open NetOp Policy Server Console Open NetOp Policy Server Console Note This section explains opening NetOp Policy Server Console on a computer named MyComputer after an installation according to the Install section above Right click the NetOp Policy Server Gu
15. ion key Click Next gt to display this second page of the registration form 18 Open NetOp Policy Server Console NetOp Policy Server Registration Wizard EI NetOp Policy Server 3 0 0 33 7 Please fill out Registration Form all items marked with must be filled out Veto Full name Company name Address Address 2 City State Region Country E mail address Verify E mail address Back Cancel Fill in at least the fields that must be filled in Click Next gt to forward your registration data across the Internet When registered this registration confirmation window will be displayed 19 Open NetOp Policy Server Console NetOp Policy Server Registration Wizard xi NetOp Policy Server 3 0 0 33 7 Licence registration summary TAS 2 NetOp Policy Server has been successfully registered Registered to Name User EMail user amp company com Information From 9 24 2004 12 00 00 PM To 10 15 2004 12 00 00 PM Support http security netop com Click Finish to close this window and end registration to display the Security Policy Standard and Replica Server Status windows in the NetOp Policy Server Console window work panel 20 NetOp Policy Server Console NetOp Policy Server Console NetOp Policy Server Console is the main user interface of NetOp Policy Server E NetOp Policy Server Console iof x
16. med File pane and taking the appropriate action with them Tools The NetOp Policy Server Console window Tools menu and toolbar provide access to a range of tools as described in the following sections Manage Servers Select the Console window Tools menu Server Manager command or click the Tools toolbar Server Manager button to display this window Server Manager iof xi File Edit Help Ej 3i Master Servers w REPLICA iB MASTER Server Manager is explained in the User s Manual section 3 4 1 Server Manager and in the matching NetOp Policy Server Help section It adds installed Master Servers to enable controlling them from the Console and removes them 24 Tools It adds installed Replica Servers to a Master Server cluster approves them moves them from one Master Server cluster to another and removes them If the user logged on to Windows on the Console computer has installation rights on the network a Replica Server can be installed and uninstalled from Server Manager Note The Replica Server Status window that by default is displayed in the Console window work panel displays the status of the Replica Servers in the cluster of the logged on to Master Server Manage Firewall Logons Select the Console window Tools menu Firewall Logon Administration command or click the Tools toolbar Firewall Logon Administration button to display this window Firewall Logon Administration of x Elle
17. napproved Replica Server record and select the Edit menu or right click popup menu Approve command to approve the Replica Server and change its yellow triangle icon into a green checkmark icon Close the Server Manager window to continue 14 Open NetOp Policy Server Console If a trial version of NetOp Policy Server with a valid trial license was installed the NetOp Policy Server Console window will now display the Security Policy Standard and Replica Server Status windows in its work panel If a licensed version was installed this window will be displayed in front of the NetOp Policy Server Console window E NetOp Policy Server x Remote Control NetOp School Support Salesinfo News Testimonials Press Secure remote control software for large networks p Remote Control FREE qs download uu j full function trial copy gt NetOp Real remote gt The NetOp Policy Server located on Server MyComputer is not registered Register Cancel This window notifies you that the logged on to Master Server is unregistered Note A trial version Master Server is registered with a temporary NetOp Policy Server license that is valid only within the trial period When the trial period is about to expire or has expired a window similar to the one shown above will be displayed 15 Open NetOp Policy Server Console To upgrade a trial version Master Server to a licensed version Mast
18. ow Administrator Manager Of x File Edit Help E gA Security Accounts Bg fa Sub adminstrators E ity Security Policies A Standard Database Backup Security Policy Options Master Replica Servers Administrator Management Statistics Client Log Firewall Login Administration 2 5 Guests 3 Administrators Predefined Security Accounts for the NetOp Policy Server Administrator Manager is explained in the User s Manual section 3 4 3 Administrator Manager and in the matching NetOp Policy Server Help section 26 Tools Every Master Server has one chief administrator initially named Administrator and can have multiple assistant administrators The chief administrator Security Account named Administrator enables any management task on a Master Server including administrator management Note In a large local area network NetOp Policy Server management tasks should be distributed among multiple administrators with different Security Accounts Only the chief administrator should be enabled to manage administrators Administrator Manager manages Security Accounts and Administrators and assigns a Security Account to assistant administrators A Security Account specifies Policies that can be enabled or disabled Other Tools The Console window Tools menu and Tools toolbar also provides access to these built in tools Change Password enables an administrator to change the Server Logon password see the
19. rs should be installed in different parts of a local area network for proximity to NetOp Desktop Firewalls Each Replica Server can service up to several thousands NetOp Desktop Firewalls At least one Replica Server should be available at all times to service NetOp Desktop Firewall requests If there are multiple Replica Servers in a cluster individual Replica Server uptime does not need to be high to achieve that one is available at all times One Replica Server address is specified on NetOp Desktop Firewalls as the address of the NetOp Policy Server When logging on to this Replica Server NetOp Desktop Firewalls are informed about the addresses of all active Replica Servers in the cluster and can interact with any of them To service newly logged on NetOp Desktop Firewalls the Replica Server specified on NetOp Desktop Firewalls should have only short downtime periods 4 Documentation Replica Servers regularly connect to their Master Server to report their status They occasionally update their Security Policies and forward their NetOp Desktop Firewall interaction recordings for storage on the Master Server Each of multiple Consoles can control each of multiple Master Servers at the same time This enables control of multiple distributed firewall systems in any location from multiple Consoles in any location through connections across the Internet Documentation NetOp Policy Server documentation includes the NetOp Policy Server
20. unication path must be configured to allow this communication 30
21. y add records of programs for which NetOp Desktop Firewalls request rules in the Unconfirmed File pane Confirm Unconfirmed File pane records to move them to the Confirmed File pane and assign the appropriate firewall rules to them Doing this over time records of the programs run by the pilot group will become listed in the Confirmed File pane and the number of new Unconfirmed File pane records will diminish Administrators should aim for high precision Program firewall rules by assigning firewall rules to as many as possible of the programs run by NetOp Desktop Firewall computers While doing this review and adjust Port Protocol Trusted Net and Banned Net firewall rules Review and adjust Scripts and Replica Servers Add and specify Profiles as required Execute these tasks to make the resulting Security Policy comply with organization policies When satisfied with the Security Policy precision expand the pilot group gradually to finally include all relevant computers on the local area network Note Building a Security Policy from scratch may take from days to weeks depending on the complexity of NetOp Desktop Firewall computer operations and precision demands Add other required Security Policies using the first built Security Policy as a template 23 Tools Security Policies must be maintained regularly while in use to fine tune their precision particularly by reviewing which new records have been added to the Unconfir
Download Pdf Manuals
Related Search