Dell PowerConnect J-SRX100 Getting Started Guide
Contents
1. Statistics type Counter rotalReqests p White List Hit o Black List Hit o Queries To Server lo Server Reply Permit o Server Reply Block uU Custom Category Permit o Custom Category Block o Cache Hit Permit b Cache Hit Block o Web Filtering Session total 4000 Web Filtering Session Inuse o f Fall Back tea and Permit Block Default Je le Timeout Je le Server Connectivity le le Too Many Requests o le Clear Web Filtering Statistics 34 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 4 5 5 5 Verifying an Anti Spam Configuration To verify an anti spam configuration 1 Click the Monitor tab 2 Choose Security UTM Anti Spam NOTE If you want to clear the data click Clear Anti Spam Statistics UTMs Anti spam UTM Anti spam Status DNS Server Setting DNS Server I Primary _ 208 67 222 222 Fe 0 0 0 Secondary 192 169 5 68 _ ffe 0 0 1 Ternary __ 192 169 60 131 Fe 0 0 2 Source Interface UTM Anti spam Statistics statistics type Counter Total Connections Denied Connections Total Greetings Denied Greetings Total Email Scanned Spam Total Spam Tagged Spam Dropped DNS Errors Ti2. Default Gateway Static IP Primary DNS DNS 2 optional DNS 3 optional 2 2 Connecting the Device This section covers the following tasks 2 2 1 Connecting the Power Cable to the Device 2 2 2 Connecting the Management Device 2 2 3 Connecting to Your Internet Service Provider 8 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 2 2 1 Connecting the Power Cable to the Device NOTE You must allow the device between 5 and 7 To connect the power cable to the device minutes to boot fully after you have powered it on Wait until the STATUS LED is steadily green before proceeding 1 Plug the DC connector end of the power cable in to the to 2 2 2 Connecting the Management Device power connector on the back of the device 2 Plug the AC adapter end of the power cable in to an AC power outlet We recommend using a surge protector Note the following indications see 1 1 Dell PowerConnect Connect the management device to the services gateway using J Series J SRX100S SU Services Gateway Front Panel an RJ 45 cable Ethernet cable from any one of the fe 0 0 1 through fe 0 0 7 ports on the front panel to the Ethernet port on the management device 2 2 2 Connecting the Management Device POWER LED green The device is receiving power STATUS LED green The device is operating normally Figure 1 Connecting the Management Device to the Services ALARM LED amber T
3. To inspect transit traffic and evaluate it against the anti virus This task is optional and can be performed if you want to profile you must apply the UTM policy to a firewall policy configure a new anti virus profile To apply the UTM policy to a firewall policy To create an anti virus profile 1 Click the Configure tab and choose Security Policy FW 1 Click the Configure tab and choose Security gt UTM gt Policies Anti Virus 2 Click Edit to edit an existing policy 2 Click Add for a new anti virus profile 3 Click the Application Services tab Add peofie z i Main Fallback settings Notification options Notification options cont 4 In UTM Policy select custom utm policy from the list cuu mu Profile name custom antivirus profil Edit Policy x Paley Legomolcount Scheduling Permit Actin Application Services i Profile type O Kaspersky x Profile type O Sophos twee O Trickling timeout L Redirect Options Redrect wx Scan options oia ia Intelligent prescreening yes UTM Polley Ono UTM Policy Y custom utm polic URI check Dyes Content size Limit 10000 Scan engine timeout 5 Click OK Number of retries Decompress layer limit 2 Scan mode Scan all files Scan files with specified extension Scan engine filename extension Ce Cera 28 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide Do the following a Enter a
4. 4 1 Activating Licenses on the Device x osocscss oe a cma ieee nad nra xa eee ee cee 26 4 2 Installing and Verifying a License 0 cece eet hh n nnn 26 4 3 Unified Threat Management 22 sicso cR se gta acres Ga nes AUR CRURA CRCRUR GR CR URS nae ee 26 4 4 Intrusion Detection and Prevention sssseeeeeeeeeee eee eee eee 35 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 25 4 1 Activating Licenses on the Device Before you can configure any UTM features the UTM feature license must be installed on the device Follow the licensing activation instructions included with your license authorization code 4 2 Installing and Verifying a License To automatically add subscription licenses to the Dell PowerConnect J Series J SRX100S SU Services Gateway after registering ensure that you are connected to the Internet and that DNS is configured To install and verify the installed license 1 Click the Maintain tab at the top of the page and navigate to Licenses 2 Click Download Keys to download the licenses automatically 3 Inthe Feature Summary check that all the licenses are installed o Feature Summary Feature Licenses Used Licenses Installed Licenses Needed License Expires on Kaspersky AV 3 o 2011 06 30 Anti Virus with Sophos Engine 0 2 o 2011 06 30 Anti Spam o 5 0 2011 06 30 Web Filtering o 4 0 2011 06 30 IDP Signature 0 3 0 2011 06
5. Manual management device clock or NTP Server To set the date and time 1 Click the Configure tab at the top of the page and navigate to System Properties Date Time 3 Select the set time options in Set time 2 Click Edit at the top right corner of the page and then select 4 Click OK your required time zone from the list 14 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 2 7 5 Creating a User Account To configure a user other than an administrative account and to set different permissions while accessing the Dell PowerConnect J Series J SRX100S SU Services Gateway 1 Click the Configure tab at the top of the page and choose System Properties User Management 2 Click Edit at the top right corner of the page and then click Add Enter the username and password 4 Select the required permission from the list in Login class 5 Click OK nit User name lab User Id Full name Password Confirm password eseeeee Login class read ony Co Cea 2 7 4 Assigning a Static IP Address to the WAN Facing Interface To assign a static IP address to the WAN facing internet interface 1 Click the Configure tab at the top of the page and navigate to Interfaces Expand fe 0 0 0 and select the logical interface Click Edit and select the zone as untrust from the list Click the IPv4 Address tab aoe woN Select Ena
6. Peak Kbits Available MB usedivte ie Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 39 5 Powering Off the Device To power off the services gateway you can shut it down in one of the following ways e Graceful shutdown Press and immediately release the Power button The device begins gracefully shutting down the operating system Forced shutdown Press the Power button and hold it for 10 seconds The device immediately shuts down Press the Power button again to power on the device 40 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 6 Support and Training Options This chapter provides a link to customer support and technical documentation information for the Dell PowerConnect J Series J SRX100S SU Services Gateway device Section 6 Contents 6 1 Customer Support i ccc chee rnm bk ne ee eee ee UR UR DR ee wee ee dee carae 42 6 2 Technical Documentation 0 00 ccc eee eee hrs 42 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 41 6 1 Customer Support If there are any technical issues while setting up Dell PowerConnect J Series J SRX100S SU Services Gateway contact Dell customer support www support dell com 6 2 Technical Documentation For Technical documentation refer to www support dell com manuals 42 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide D
7. 30 AX411 WLAN AP o 2 0 Memory Upgrade o 1 0 Installed Licenses Add 1D State Version Group Enabled Features JUNOS260100 valid No group information IDP Signature Display Keys Download Keys JUNOS260101 valid No group information Kaspersky AV JUNOS260102 valid Ao group information Anti Spam JUNOS260103 valid Ao group information Anti Virus with Sophos Engine JUNOS260104 valid Alo group information Anti Virus with Sophos Engine JUNOS260105 valid Ao group information Anti Spam JUNOS260106 valid Ao group information Web Filtering JUNOS260107 valid No group information IDP Signature JUNOS260108 valid Ao group information Anti Spam JUNOS260109 valid Ao group information Kaspersky AV JUNOS260110 valid No group information Anti Spam MOM 9 NN NN MN ON ON ON JUNOS260111 valid No group information Web Filtering 1 4 3 Unified Threat Management This section provides the Dell PowerConnect J Series J SRX100S SU Services Gateway configuration instructions for using a UTM policy to secure the network 4 3 1 Enabling Anti Virus 4 3 2 Enabling Web Filtering 26 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 4 3 3 Enabling Anti Spam 4 3 4 Applying the UTM Configuration Settings 4 3 5 Verifying the UTM Configuration Settings 4 3 1 Enabling Anti Vir
8. Server oreet 7pm OMZ Services pre cetees o Owen ONS Sarvew precetres 3 Dinan Fle Server ore oetees o Qoi Gate Suros ore setres Qnis 109 Dota pre catoes 3 o Ou Reconmensea precatees 4 4 5 Enabling IDP Series Detection on the Existing Firewall Security Policy To enable IDP series detection on the existing firewall security policy from the trust zone to the untrust zone 1 Click the Configure tab and choose Security gt Policy gt FW Policies 2 Click Edit to edit a policy 38 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 3 Click the Application Services tab and select Enable IDP Add Policy x Policy LooginglCount Scheduing Permit Action Application Services IDP Enable IDP g L JRedirect Options Redirect wx Reverse Redirect wx 4 Click OK 4 4 6 Applying the IDP Configuration Settings To save the IDP configuration settings select Commit Options at the top right corner of the page and click Commit 4 4 7 Verifying the IDP Configuration Settings To verify the IDP configuration settings T 2 Click the Monitor tab Choose Security gt IDP gt Status Up Since 2010 07 28 22 14 19 EDT 03 02 44 ago Peak 0 2010 07 29 01 01 21 EDT Peak Kbits 0 2010 07 29 01 01 21 EDT min 0 max 0 avg 0 IDP Memory Statistics PIC Name Total IDP Data Plane Memory MB Status of IDP Disabled
9. Settings This section covers the following configuration tasks 2 7 1 Setting the System Hostname Domain Name Server and Root Authentication 2 7 2 Setting the Date and Time 2 7 3 Creating a User Account 2 7 4 Assigning a Static IP Address to the WAN Facing Interface 2 7 5 Creating a Default Route to the WAN Interface 2 7 6 Applying the Basic Configuration Settings 2 7 1 Setting the System Hostname Domain Name Server and Root Authentication If you have not configured the hostname and DNS settings in the J Web Initial Setup page to set or change the hostname DNS settings or the root authentication password 1 Click the Configure tab at the top of the page and navigate to System Properties System Identity 2 Click Edit and enter the hostname and root password 3 Click Add and enter the DNS server IP address For example 208 67 222 222 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 13 Add DNS Server edit Date and Time Settings IP address 208 67 222 222 Timezone AmericafIndiana Indianap Current date time 2010 07 27 21 51 01 PDT O synchronize with PC time NTP servers O Manual NTP Servers 4 Click OK and then click OK again 64 25 96 23 5 Click Commit to save the basic configuration 2 7 2 Setting the Date and Time Gate You can synchronize the Dell PowerConnect J Series J SRX100S SU Services Gateway clock using three options
10. data click Clear Anti Virus Statistics urs Anti Virus UTM Anti Virus av Key Expire Date 2011 06 29 20 00 00 Update Server nttp ffupdate juniper undates net AV SRxt00 Interval fo Auto Update Status next update in 1 minutes Last Result download list File faled lav Signature Version not loaded Scan Engine Info Pattern Type UTM Anti Virus Statistics E Antivirus Statistics Statistics type Counter Intelligent prescreening Passed b Forwarded to scan engine Scan Mode Counter Scan All b Scan Extension b Fall Back Log and Permit Block Engine Not Ready Password File Decompress Layer Corrupt File Dut Of Resources Timeout Maxmium Content Size n Too Many Requests Others Clear Anti Virus Statistics 4 3 5 2 Verifying a Web Filtering Configuration To verify a Web filtering configuration 1 Click the Monitor tab 2 Choose Security gt UTM gt Web Filtering NOTE If you want to clear the data click Clear Web Filtering Statistics UTM Web Filtering Statistics
11. Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide This Getting Started Guide provides instructions for basic installation and configuration of the Dell PowerConnect J Series J SRX100S SU Services Gateway Document Contents 1 Getting Started with the Dell PowerConnect J Series J SRX100S SU Services Gateway 3 2 Setting Up Your Network sso edie cne eee eee ww ele ee Re ee dee ee ee eee eee 6 3 Performing Advanced Network Configuration 0 0 00 c ects 19 4 Enabling Security Services icons eec osea eter ee CIR eade dau oe da me wae aed do eee one 25 5 Powering Off the Device xus tee het enn me VOR cca eww OR ERU EA ace sce qo e Eee Xr 40 6 Supportand Training Options ois dds dia ehh xcexorg er e ware ie Since od edd ndm ae Earns 41 2 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 1 Getting Started with the Dell PowerConnect J Series J SRX100S SU Services Gateway The Dell PowerConnect J Series J SRX100S SU Services Gateway offers features that provide complete functionality and flexibility for delivering secure Internet and intranet access The services gateway offers stable reliable and efficient IP routing in addition to switching support and LAN connectivity The device provides firewall anti virus anti spam anti spyware Web filtering IP Security IPsec and virt
12. Hand HTTP Policy Action permit From Zone untrust v To Zone OMZ x Source Address Destination Address Address Book Matched Address Book Matched add 123024 any any am 234024 B add 3 4 5 0 24 L Add new source address Lladd new destination address applications Application Applications Sets Matched junos tfta junoshttos junos rtsp junos ssh junos netbios session junos telnet junos smtp 3 Search ox Cancel 2 Inthe Policy tab enter the policy name and select the Policy Action as permit from the list 3 Inthe Policy tab select untrust from the list for From Zone and DMZ from the list for To Zone 4 Inthe Source Address and Destination Address areas move any to Matched NOTE For any specific source or destination address select Add new destination address 5 In Applications move junos https and junos ssh to Matched and then click OK NOTE To allow HTTP SSH traffic from the DMZ to the untrust zone create a new policy and configure a security policy from the DMZ to the untrust zone D To perform this follow the steps mentioned in 3 3 Configuring Security Policies however you need select DMZ from the list for From Zone and untrust from the list for To Zone 22 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 3 4 Enabling Remote Access to the Dell PowerConnect J Series J SRX100S SU Services Gateway To manage the Dell PowerCo
13. IDP Signature Update and click Download Setting button 3 Click OK 4 Click the Template tab and select Install Template 5 Click OK NOTE You can verify the progress of a download or installation by clicking Check Status gt Download Status or Check Status gt Install Status 4 4 3 Loading the Policy Templates File To view all the pre defined IDP templates available on the Dell PowerConnect J Series J SRX100S SU Services Gateway you must load the policy templates file To load the policy templates file 1 Click the Configure tab and choose Security gt Policy gt IDP Policies 2 Click the Template tab and select Load Template e NOTE It will take a few minutes to load the Templates file Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 37 3 Click OK NOTE If the configuration delivery status is fail click Details for more information NOTE Before you use one of the predefined Junos IDP policies as an active policy you must load the policy templates See 4 4 3 Loading the Policy Templates File To configure an active IDP policy 1 Click the Configure tab and choose Security Policy IDP Policies 2 Click the Recommended policy link and then click Activate at the top right corner of the page IDP Policy Configuration Template Check Status gt F add x Policy Un sma Nowe Twe PS Re Narter Exergt Rule Noter m Wet
14. Profile name For example custom antivirus profile b Select Profile Type as Kaspersky C Enter the Trickling timeout In the Scan options do the following a Select the Intelligent prescreening as yes b Enter the Content size Limit c Enter the Decompress layer limit In the Scan mode select Scan all files Click OK Add profile x Main Fallback settings Notification options Notification options cont l Profile name custom antivirus profil Profile type kaspersky Trickling timeout 600 Scan options Intelligent prescreening GO yes Ono Content size Limit 10000 Scan engine timeout Decompress layer limit 2 Scan mode Scan all fles Scan files with specified extension o Scan engine filename extension E 4 5 2 Enabling Web Filtering This section provides an example for configuring the Web filtering feature using the default junos wf cps default Web filtering profile To enable Web filtering you must perform the following configuration tasks 4 3 2 1 Applying a Web Filtering Profile to a UTM Policy 4 3 2 2 Applying a UTM Policy to a Firewall Policy 4 3 2 3 Creating a Web Filtering Profile Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 29 4 5 2 1 Applying a Web Filtering Profile to a UTM Policy To configure the predefined Web filtering profile to use the configured UTM policy 1 Click the Configure tab and choose Securit
15. ace will take between 1 and 2 minutes for displaying the initial setup page only Host Name and Root Password is mandatory Other fields are address on your services gateway ensure that you make the following J Web modifications optional a Clear the Enable DHCP on fe 0 0 0 0 check box b Enter the manual IP address provided by your ISP in the Era fe 0 0 0 0 address box The IP address must be entered eed Pct in the a b c d xx format where xx is the subnet mask c Enter the IP address of the gateway in the Default Gateway box Your ISP provides the IP address for the gateway g d Enter server names in the DNS name servers box Your Gar ad ISP provides the server names e Click Apply The J Web login page appears again f Enter the username and password and click Log In After 5 Enter the hostname and root password You can also alle Cessnll tal the Dashboardipage appears configure DNS server time zone and so on on this page 6 Click Apply 7 Click Commit Options on the top right corner and click Commit 12 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide Dashboard Juniper 9 Access the Internet from your management device For example type www dell com in your browser This connectivity ensures that you can pass traffic through the services gateway For more information on verification see 2 8 Verifying the Configuration 2 7 Configuring the Basic
16. an be performed if you want to configure a new anti spam profile To create a new anti spam profile 1 Click the Configure tab and choose Security UTM Anti Spam 2 Click Add Add profile ix Profile name Custom anti spam pro Default SBL server yes Ono Custom tag string SPAM Default action O Tag subject Block email O Tag header ok came 3 Enter the profile name NOTE By default the Default SBL server is yes and the Default action is Block email 4 Click OK The download successful message appears 5 Click OK NOTE If the configuration delivery status is Fail click Details for more information 4 5 4 Applying the UTM Configuration Settings To save the UTM configuration settings select Commit Options at the top right corner of the page and click Commit 4 5 5 Verifying the UTM Configuration Settings To verify the UTM configuration settings perform the following tasks 4 3 5 1 Verifying an Anti Virus Configuration 4 3 5 2 Verifying a Web Filtering Configuration 4 3 5 3 Verifying an Anti Spam Configuration Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 33 4 5 5 1 Verifying an Anti Virus Configuration To verify an anti virus configuration 1 Click the Monitor tab 2 Choose Security UTM Anti Virus NOTE Click the plus sign to view the UTM anti virus statistics If you want to clear the
17. ble address configuration and then select the IPv4 Address check box NOTE The IPv4 Address check box must be selected before the Add button is automatically enabled Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 15 Edit interface fe 0 0 0 0 General Unit Zone Description Vlan Id Protocol family Logical Interface Description Z Pva Address IE IPv6 Address Il T Ethernet Switching I Address DHCP configuration O Enable DHCP Enable address configuration V Pv Address Subnet Web Auth ARP V 208 867 222 222 24 E Edt Cx 6 Click Add and enter the IP address and subnet mask provided by your ISP 7 Click OK 2 7 5 Creating a Default Route to the WAN Interface NOTE Creating a default route is required only if you have used a static IP address To create a default route to the WAN interface 1 Click the Configure tab at the top of the page and navigate to Routing Static Routing 2 Click Add 3 Enter the IP address as 0 0 0 0 and the Subnet mask as 0 0 0 0 NOTE While adding the next hop the field is separated by tabs instead of dots 16 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide Add Default route Ove TP address o Subnet mask o o o o of Nexthop 1442 Add Delete 4 Click Add in Nexthop a
18. ces move the required interfaces to selected interfaces NOTE Before enabling HTTPS access ensure that the system date and time is set accurate 6 Click OK 3 6 Allowing Host Inbound Traffic To allow host inbound service for a zone interface 1 Click the Configure tab at the top of the page navigate to Security Zones Screens 2 Click the security zone that you want to modify for example untrust 3 Inthe Main tab ensure fe 0 0 0 interface is in the Selected column 4 Click the Host inbound traffic Zone tab 5 Select the required services and protocols and move them to Selected 6 Optionally to allow host inbound traffic at interface level instead of allowing to the entire zone a Click the Host inbound traffic Interface tab b Click on the fe 0 0 0 interface for this example c Follow step 4 and step 5 7 Click OK 3 7 Applying the Security Policy Configuration Once the configuration is complete you can save the changes To save the configuration select Commit Options on the top right corner of the page and click Commit 24 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 4 Enabling Security Services This chapter provides the Unified Threat Management UTM and Intrusion Detection and Prevention IDP policy configuration and installation instructions for accessing your Dell PowerConnect J Series J SRX100S SU Services Gateway Section 4 Contents
19. ck Add on the top right corner This task is optional and can be performed if you want to 7 In the Main tab do the following configure a new Web filtering profile a Enter the Profile name To create a Web filtering profile For example custom web filtering profile 1 Click the Configure tab and choose Security UTM Web Filtering b Select Permit in default action c Enter the timeout value 2 Click Global Options at the top right corner of the page 8 Click OK 3 In Filtering type select Surf Control Integrated 4 In Surf Control Integrated Options enter the value for Cache time out and Cache size 4 5 5 Enabling Anti Spam This section provides an example for configuring the anti spam 5 Click OK feature using the default junos as defaults anti spam profile To Global WF Options enable UTM anti spam on the Dell PowerConnect J SRX100S SU aint Services Gateway you must perform the following tasks Filtering type Surf Control Integrated Websense Redirect o Oo 4 3 3 1 Applying an Anti Spam Profile to a UTM Policy Local 4 3 3 2 Applying a UTM Policy to a Firewall Policy Surf Control Integrated Options Cache timeout 10 4 3 3 3 Creating an Anti Spam Profile Cache size 20 Server host cpa surfcpa com Server port 9020 Cancel Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 31 4 5 5 1 Applying an Anti Spam Profile to a UTM Policy To configu
20. ctivity vlan0 192 168 1 1 24 Restore the device to the factory default configuration 10 100 Ethernet fe 0 0 0 DHCP Client 1 2 Dell PowerConnect J Series J SRX100S SU Services Gateway Back Panel Power Supply Point DC power connection for use with the supplied power cable Grounding Point Cable Tie Holder For grounding the For holding the device to earth power cord on the Lo k power supply For securing the device to the installation site 4 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 1 3 Checking the Dell PowerConnect J Series J SRX100S SU Services Gateway Package Contents Before setting up your Dell PowerConnect J Series J SRX100S SU Services Gateway verify that your package contains the following parts Dell PowerConnect J Series J SRX100S SU Services Gateway DB9 gt RJ 45 cable Quick Start Guide Getting Started Guide Safety and Environmental Regulation Information SERI End User License Agreement EULA Registration and Software Updates information Warranty and support Information WSI Open Source Code Notice 1 3 1 Any Items Missing If any items are missing from your package contact Dell customer support at www support dell com NOTE If you have purchased a UTM subscription the license authorization codes certificate will be shipped separately in an envelope You will need this certificate to set up security services for you
21. e correct IP address DNS and you are still not able to access internet go to Step 5 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 17 4 To ensure that the services gateway has the default route 0 0 0 0 when you are using DHCP a Click the Monitor tab and navigate to Routing Route Information Static Routing Route Filter Destination Address Next hop Address C Best Route lect Route Route Tabie inet Statio Route Adress 10400 10500 1051280 10900 104208 101348 1043400 p 1095120 Nest Hop Type Reuter Rider Router EEG Net Hop temno tenno Team tano fanno fanno tommo Dr teamo Frotocol Receive Protocol Dliractive Routes E Haden Routes Route Information 2e destinations 23 routes 27 active O hold down 1 hidden age 13622 1362 1362 13622 13022 13022 22622 2362 1362 Protocol Static Static Static p Preterence State Active NoFeadt rt Ext Active NoReadvtirt Ext Acte NoReadw in Ext Active NoResdvi t Ext Active Noficadhtir Ext Active Nofsani irt Ext Active NoReodvrt irt Et Active NoResdvrt irt Ext Active NoReadvt in Et b Select inet O from the Route Table list and then click Generate Report C Save the report on your local disk Contact Dell customer support at www support dell com 18 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 5 Performing Advanced Network Configu
22. ell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 43 Information in this document is subject to change without notice All rights reserved Reproduction of these materials in any manner whatsoever without the written permission of Juniper Networks is strictly forbidden Trademarks used in this text Dell the DELL logo and PowerConnect are trademarks of Dell Inc Juniper Networks and G330 are registered trademarks of Juniper Networks Inc in the United States and other countries All other trademarks service marks registered trademarks or registered service marks are the property of their respective owners Juniper Networks assumes no responsibil ity for any inaccuracies in this document Juniper Networks reserves the right to change modify transfer or otherwise revise this publication without notice Products made or sold by Juniper Networks or components thereof might be covered by one or more of the following patents that are owned by or licensed to Juniper Networks U S Patent Nos 5 473 599 5 905 725 5 909 440 6 192 051 6 333 650 6 359 479 6 406 312 6 429 706 6 459 579 6 493 347 6 538 518 6 558 899 6 552 918 6 567 902 6 578 186 and 6 590 785 Copyright 2010 Juniper Networks Inc All rights reserved Printed in USA amp Printed on recycled paper Part Number 530 036103 Revision 1 August 2010
23. enses do not proceed with the instructions provided in this section Use the following information when you are enabling Unified Threat Management UTM Intrusion Detection and Prevention IDP licenses on the device Record the serial number found on the bottom of the chassis of your Dell PowerConnect J Series J SRX100S SU Services Gateway Serial Number Authorization Code Record the authorization code provided by Dell NOTE Use the authorization code only if you have purchased subscription licenses for UTM and IDP 2 1 2 Login Information Use the following default username and password information for the first time login Record this information for your future reference Username Select an administrator account name Default is root Password Password is not required Leave this box blank Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 7 2 1 3 Internet Service Provider Information Use the following information to connect to the Internet when your Internet Service Provider ISP provides the static settings such as IP address Domain Name Server DNS and so on NOTE Do not use this information if your ISP uses Dynamic Host Configuration Protocol DHCP IF YOU CONNECT USING PLEASE RECORD No information is usually required although some providers may require a DHCP hostname Hostname IF YOU CONNECT USING PLEASE RECORD IP Address Subnet Mask
24. ernet see Figure 1 Connecting the Management Device to the Services Gateway The DHCP server that resides in your ISP network provides the necessary settings such as default route DNS and so on to the services gateway to connect to the Internet NOTE If you are using a static IP address to connect to the provider s network do not perform 2 3 Verifying Internet Connectivity To access the Internet from your management device workstation or laptop you need to first configure the static IP address on the fe 0 0 0 interface and configure a default route 2 3 Verifying Internet Connectivity With a default configuration of the Dell PowerConnect J Series J SRX100S SU Services Gateway you can access the Internet when you connect the management device into any one of the Ethernet ports fe 0 0 1 through fe 0 0 7 and your ISP is connected to the fe 0 0 0 port For more information on default configuration see 2 4 Understanding the Default Configuration Settings Now you can browse the Internet from your management device For example type www dell com in your browser NOTE If you are using DHCP to verify the network settings from your service provider verify your Internet e connectivity If you are using a static IP address to connect to the provider s network do not verify the internet connectivity 10 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 2 4 Understanding the Default C
25. he device is operating normally but a Gateway rescue configuration has not yet been set This is not a panic ott condition however Internet Untrust Zone A i D DHCP Client NOTE Initially if the rescue configuration has not been fe 0 0 0 set a steadily amber ALARM LED indicates a minor alarm condition and a steadily red ALARM LED indicates that a major alarm condition on the services gateway VlanO fe 0 0 1 to fe 0 0 7 DHCP Server Li Management Ll Devices Trust Zone Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 9 After you connect the management device to the services gateway the DHCP server process on the services gateway automatically assigns an IP address to the management device Ensure that the management device acquires an IP address in the range of 192 168 1 2 through 192 168 1 254 from the services gateway NOTE For the services gateway to assign an IP address to the management device the management device must be set up to connect using DHCP If an IP address is not assigned to the management device you can manually configure an IP address in the range of 192 168 1 2 24 through 192 168 1 99 24 Ensure you do not use 192 168 1 1 as this IP address is configured on the services gateway 2 2 5 Connecting to Your Internet Service Provider Connect the fe 0 0 0 port on the Dell PowerConnect J Series J SRX100S SU Services Gateway to your ISP or Int
26. he latest available version for download from the security server 2 To configure URL click Download setting button L 3 Select Full Package and click OK The downloading message appears NOTE It will take a few minutes to download You can verify the progress of download by clicking Check Status gt Download Status 4 Click OK 5 Click the Install tab in the Security IDP Signature Configuration page C po not set to active after installed NOTE This is an asynchronous process running at the back end It will take a while to finish 6 Click Install NOTE The request will be processed in asynchronous mode It will take a few minutes to install You can verify the progress of an installation by clicking Check Status gt Install Status 7 Click OK The installation successful message appears 8 Click OK 36 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 4 4 2 Downloading and Installing the IDP Security Policy Templates To download and install the IDP security policy templates 1 Click the Configure tab and choose Security Policy IDP Policies 2 Click the Template tab and select Download Template Security Template Load xi URL Current template version is NJA NOTE 1 New template will overwrite existing Pre defined policies Do you want to install the new template 2 To configure URL please go to Security
27. inding one or more physical interfaces fe 0 0 1 through fe 0 0 7 on services gateway to a zone 3 2 Creating a New Security Zone and Adding an Interface to the New Zone This example shows how to create a new zone DMZ and assign interface fe 0 0 2 to it This example also shows how to make fe 0 0 2 an L3 interface and assign an IP address to it To create and assign an interface port to the DMZ zone 1 Click the Configure tab at the top of the page navigate to Security Zones Screens and then click Add 2 Enter the Zone name as DMZ and select the zone type as security Add Zone Main Host inbound traffic Zone Host inbound traffic Interface Zone name DMZ Zone type security O functional Traffic control options Send RST for non matching session Binding screen Y interfaces in this zone Available Selected fe 0 0 1 0 fe 0 0 2 0 fe 0 0 3 0 fe 0 0 4 0 fe 0 0 5 0 fe 0 0 6 0 fe 0 0 7 0 HE 3 Inthe Interfaces in this zone field move fe 0 0 2 from the Available list to the Selected list 20 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 4 Click the Host inbound traffic Zone tab 6 To modify the fe 0 0 2 interface to be an L3 interface by default it is Layer 2 NOTE This step is optional However you must select a Click the Configure tab at the top of the page and the required services and protocols to enable a
28. meout Errors reererererrrrn Return Errors Invalid Parameter Errors 0 07 28 2010 22 17 04 tatistics for the last 10 days Day Permitted Emails Spams None found Statistics Start time Clear Anti spam Statistics 4 4 Intrusion Detection and Prevention This section provides the Dell PowerConnect J Series J SRX100S SU Services Gateway configuration instructions for using a predefined IDP Series policy to secure the network 4 4 1 Downloading and Installing the Latest Security Package 4 4 2 Downloading and Installing the IDP Security Policy Templates 4 4 3 Loading the Policy Templates File 4 4 4 Configuring an Active IDP Policy 4 4 5 Enabling IDP Series Detection on the Existing Firewall Security Policy 4 4 6 Applying the IDP Configuration Settings 4 4 7 Verifying the IDP Configuration Settings 4 4 1 Downloading and Installing the Latest Security Package To download and install the latest security package 1 Click the Configure tab and choose Security gt IDP gt Signature Update 2 Click the Download tab and select Latest Version from the list Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 35 Security Package Manual Download x URL Version Latest Version x Full Package le NOTE 1 It will take approximately one minute to retrieve t
29. nd enter the default gateway IP address provided by your ISP 5 Click OK 2 7 6 Applying the Basic Configuration Settings When you edit a configuration you work in a copy of the current configuration to create a candidate configuration The changes you make to the candidate configuration are visible through the user interface immediately but do not take effect on the device until you commit the changes When you commit the configuration the candidate file is checked for proper syntax activated and marked as the current operational software configuration file To save the configuration select Commit Options on the top right corner of the page and click Commit NOTE You can commit your configuration settings at the end of each task or you can commit all the configuration settings at one time 2 8 Verifying the Configuration To verify the basic configuration access any external website for example www dell com to ensure that you are connected to the Internet If you are unable to connect to Internet from your management PC verify the following 1 Inthe J Web interface click the Troubleshoot tab and then click Ping Host 2 Enter www dell com in Remote Host and click Start If your ping is successful go to Step 3 otherwise go to Step 4 3 Ensure the Management PC has acquired IP address in the range 192 168 1 2 through 192 168 1 99 and DNS settings from the services gateway If the PC acquired th
30. nnect J Series J SRX100S SU Services Gateway from a remote location for example through fe 0 0 0 that is connected to your Internet Service Provider you must enable system services like HTTP Telnet SSH allow host inbound traffic at the zone or specific interface level in this case zone is untrust and interface is fe 0 0 0 3 5 Enabling System Services To enable system services like HTTP Telnet and SSH 1 Click the Configure tab at the top of the page navigate to System Properties Management Access The Management Access Configuration page appears 2 Click Edit 3 Click the Services tab 4 In Services select the check box for the service that you want to enable Edit Management Access Management Services Certificates Services JUNOScript Z Enable telnet Z Enable JUNOScript over clear text V Enable SSH l Enable JUNOScript over SSL JUNOScript certificate WJEnable HTTP C Enable on all interfaces Available interfaces Selected interfaces fe 0 0 0 0 sj lo0 0 i Enable HTTPs HTTPs certificate x C Enable on all interfaces Available interfaces Selected interfaces fe 0 0 0 0 ag 100 0 ae Ok cancel Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 23 5 n Enable HTTP HTTPS to enable HTTP HTTPs on all available interfaces a Click the Enable on all interfaces check box or b To add HTTP HTTPS only to certain interfa
31. ny kind of navigate to Interfaces service or protocol DHCP OSPF and so on nPE PENE ATENENT IIIS HE Q b Expand fe 0 0 2 select the logical interface fe 0 0 2 0 and then click Edit 5 Select the required services and protocols and move them to Selected and click OK C Clear the Ethernet switching check box and select the IPv4 Address check box Main Host inbound traffic Zone Host inbound traffic Interface d Select the IPv4 Address check box Protocols Available Selected pam ali e Click Add and enter the IP address e f Click OK kal k Available Selected Sores snmp al al shmp trap ssh telnet tftp traceroute xnm dear text nm si ae Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 21 3 3 Configuring Security Policies Security policies provide a set of rules for transit traffic to use to identify which traffic can pass through the firewall and what actions to take on the traffic as it passes through the firewall To assign an IP address For example to define a security policy between the untrust and the DMZ zones that will allow HTTP SSH traffic between them 1 Click the Configure tab choose Security Policy FW Policies and then click Add Add Policy x Policy Loagng Count scheduling Permit Action Application Services eerte Ss
32. onfiguration Settings The device has the following default configuration settings when you power it on for the first time for more information on trust and untrust zones see 3 1 Zones and Interfaces Overview Factory Default Settings PORT SECURITY DHCP LABEL INTERFACE ZONE STATE IP ADDRESS fe 0 0 0 untrust client Unassigned 0 1 to 0 7 fe 0 0 1 to trust server 192 168 1 1 24 fe 0 0 7 SOURCE ZONE DESTINATION ZONE POLICY ACTION For Security Policies trust untrust permit trust trust permit untrust trust deny For NAT Rule trust untrust source NAT to untrust zone interface 2 5 Verifying the System Requirements Before you begin the setup process verify that you have one of the following supported browsers BROWSER VERSION ICON ACCEPTED BROWSER NUMBER e Internet Explorer 7 0 and later 2 6 Accessing the J Web Interface Mozilla Firefox 3 0 and later To access the J Web interface 1 Launch a Web browser on the management device or PC 2 Enter http 192 168 1 1 in the URL address box The J Web login page appears 3 Specify the default username as root Do not enter any value in the Password box 4 Click Log In The first time you log in the J Web Initial Setup page appears Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 11 rises attin iate AAA ova Taio tele anite anda tue A 8 Iycurhave used acdtatie lp address te contigute a ie NOTE The J Web interf
33. r gateway NOTE The power supply adapter and the power cord are shipped in a separate box Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 5 2 Setting Up Your Network This chapter provides preconfiguration and configuration instructions for connecting your Dell PowerConnect J Series J SRX100S SU Services Gateway Review this chapter to set up your services gateway Section 2 Contents 2 1 Recording Configuration Information lsseseeeeeeeeeeeeeee en nnn 7 2 2 Connecting the Device ssec ula xe aue ca ur mane eked maaan hee ADR Re RS 8 2 5 Verifying Internet Connectivity icis ilo pees we wur ee ue o ro ex E doas ea e 10 2 4 Understanding the Default Configuration Settings 2 0 00 cece eee eee 11 2 5 Verifying the System Requirements 0 0 ccc eee eee enn nnn 11 2 6 Accessing the J Web Interface 0 62 eee Rr rb rrr xh oe ee pa mk wn 11 2 7 Configuring the Basic Settings aber nmt nme x Rio Ruhm SR Ru Ros SR UR A BUR 13 2 8 Verifying the Configuration ssi iets oca ey ecu Seit aed Rok RU Fond d dea Rede E i 17 6 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 2 1 Recording Configuration Information This section provides the following information 2 1 1 Registration Information 2 1 2 Login Information 2 1 3 Internet Service Provider Information 2 1 1 Registration Information NOTE If you have not purchased the UTM or IDP lic
34. ration This chapter provides the security zone and policies configuration instructions for connecting your Dell PowerConnect J Series J SRX100S SU Services Gateway Section 3 Contents 3 1 Zones and Interfaces Overview llle e n n nnn 20 3 2 Creating a New Security Zone and Adding an Interface to the New Zone 20 3 3 Configuring Security Policies osse dili Er Rc regis ER ER PEERS ER ME adieu 22 3 4 Enabling Remote Access to the Dell PowerConnect J Series J SRX100S SU Services EL UL mm 23 5 5 Enabling System Services uus s ovre mh e OEE Ne aot a ends eaten E hare 23 3 6 Allowing Host Inbound Traffic estie rl Ree eae owes oe a ee eee 24 3 7 Applying the Security Policy Configuration 0 0 cece eee 24 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 19 3 1 Zones and Interfaces Overview Zones split a network infrastructure into logical areas each with its own set of usage rules security services and policies Most networks include multiple definitions of zones including those for trusted untrusted public encrypted and wireless traffic The Dell PowerConnect J Series J SRX100S SU Services Gateway comes preconfigured with basic zones such as Untrust zone Zone through which you connect to the Internet rust zone Zone that contains all the trusted local network resources The security features and settings that zones carry are enforced by b
35. re the predefined anti spam profile to use a UTM policy 1 Click the Configure tab and choose Security gt Policy gt UTM Policies 2 Click Edit 3 Click the Anti Spam profiles tab Edit policy x Main Anti Virus profiles ll Web filtering profiles Anti Spam profiles Content filtering profiles SMTP profile junos as defaults M 4 In SMTP profile select junos as defaults from the list NOTE If the configuration delivery status is fail click Details for more information If you want to create a new anti spam profile see 4 3 3 3 Creating an Anti Spam Profile 4 5 5 2 Applying a UTM Policy to a Firewall Policy To inspect transit traffic and evaluate it against the anti spam profile you must apply the UTM policy to a firewall policy To apply a UTM policy to a firewall policy 1 Click the Configure tab and choose Security Policy FW Policies 2 Click Edit to edit an existing policy 3 Click the Application Services tab Edit Policy x Policy Loggina Count Scheduling Permit Action Application Services IDP Enable IDP m L IRedirect Options Redirect wx Reverse Redirect wx UTM Policy UTM Policy v custom anti span 4 In UTM Policy select the required UTM policy from the list 5 Click OK 2 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 4 5 5 5 Creating an Anti Spam Profile This task is optional and c
36. ual private network VPN services for small sized and medium sized companies The services gateway can be connected directly to traditional private networks such as leased lines Frame Relay or MPLS or to the public Internet The services gateway runs the Junos operating system Junos OS This chapter provides the Dell PowerConnect J Series J SRX100S SU Services Gateway front and back panel views and the package content information Section 1 Contents 1 1 Dell PowerConnect J Series J SRX100S SU Services Gateway Front Panel 4 1 2 Dell PowerConnect J Series J SRX100S SU Services Gateway Back Panel 4 1 3 Checking the Dell PowerConnect J Series J SRX100S SU Services Gateway Package Contents oos farses dessa ase Cy ROLE eve aces advan RERO CRUCE AURRCKRURUR aaa ce RU RITE eae He ADRDR CR CR aI 5 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 3 1 1 Dell PowerConnect J Series J SRX100S SU Services Gateway Front Panel Console Port USB Port For use with Dell supported USB storage devices For connection to Junos Command line interface DOLL PowerConnect J SRX100 Power HA couno VE CONSOLE UNK Reset Config Button Power Button On I and Off o power LED ALARM minor major alarm POWER device is powered on STATUS device is functioning HA device is part of chassis clustering 10 100 Ethernet Provide 10 100 Ethernet conne
37. us This section provides an example for configuring the full file based anti virus scanning feature using the default junos av defaults anti virus profile To enable anti virus you must perform the following configuration steps 4 3 1 1 Applying an Anti Virus Profile to a UTM Policy 4 3 1 2 Applying the UTM Policy to a Firewall Policy 4 3 1 3 Creating an Anti Virus Profile 4 3 1 1 Applying an Anti Virus Profile to a UTM Policy To apply an anti virus profile to a UTM policy NOTE You can either create a new UTM policy or use an existing UTM policy if any exits to add Anti Virus to it If you want to create a new anti virus profile see 4 3 1 3 Creating an Anti Virus Profile Click the Configure tab choose Security gt Policy gt UTM Policies and then click Add Click the Main tab and enter the policy name as custom utm policy Click the Anti Virus profiles tab select junos av defaults from the list in HTTP Profile box and then click OK Add policy x Main Anti Virus profiles Web filtering profiles Anti Spam profiles Content filtering profiles L l Hi HTTP profile junos av defaults FTP upload profile FTP download profile IMAP profile SMTP profile EIEIEKJEKIK POP3 profile ok Cancel Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 27 4 5 1 2 Applying the UTM Policy to a Firewall Policy 4 5 1 5 Creating an Anti Virus Profile
38. y Policy UTM Policies 2 Click Add 3 Click the Main tab and enter the policy name as web filtering policy 4 Click the Web filtering profiles tab 5 In HTTP Profile select junos wf cpa default from the list add policy x Main Il Anti Virus profiles Web filtering profiles Anti Spam profiles Content filtering profiles HTTP profile junos wfcpadefaut v 6 Click OK NOTE If you want to create a new Web filtering profile see 4 3 2 3 Creating a Web Filtering Profile 4 5 2 2 Applying a UTM Policy to a Firewall Policy To inspect transit traffic and evaluate it against the Web filtering profile you must apply the UTM policy to a firewall policy To apply a UTM policy to a firewall policy 1 Click the Configure tab and choose Security Policy FW Policies 2 Click Edit to edit an existing policy 3 Click the Application Services tab 4 In UTM Policy select web filtering policy from the list Edit Policy x Policy Logging Count Scheduling Permit Action Application Services IDP Enable 10P o L Redirect Options Redirect wx Reverse Redirect wx UTM Policy UTM Policy Y web filtering polir 5 Click OK 6 Click Commit Options on the top right corner of the page and click Commit 30 Dell PowerConnect J Series J SRX100S SU Services Gateway Getting Started Guide 4 5 2 5 Creating a Web Filtering Profile 6 Cli
Download Pdf Manuals
Related Search