- Page 1:
ADMINISTRATION GUIDE
- Page 5 and 6:
Copyright © 2006 Secure Computing
- Page 7 and 8:
Other Terms and Conditions This pro
- Page 9 and 10:
CONTENTS Preface . . . . . . . . .
- Page 11 and 12:
Table of Contents Modifying the sta
- Page 13 and 14:
Table of Contents Configuring the S
- Page 15 and 16:
Table of Contents About mail exchan
- Page 17 and 18:
Table of Contents Configuring and d
- Page 19 and 20:
Table of Contents CHAPTER 20 IPS At
- Page 21 and 22:
Table of Contents APPENDIX F Basic
- Page 23 and 24:
PREFACE Who should read this guide
- Page 25 and 26:
Online help Preface The Sidewinder
- Page 27 and 28:
1 CHAPTER Introduction In this chap
- Page 29 and 30:
Figure 2: Protecting multiple netwo
- Page 31 and 32:
Chapter 1: Introduction The Type En
- Page 33 and 34:
Type Enforced attributes Chapter 1:
- Page 35 and 36:
Figure 4: Multiple Type Enforced ar
- Page 37 and 38:
Chapter 1: Introduction Additional
- Page 39 and 40:
Chapter 1: Introduction Additional
- Page 41 and 42:
Network Services Sentry (NSS) Chapt
- Page 43 and 44:
2 CHAPTER Administrator’s Overvie
- Page 45 and 46:
Admin Console basics Chapter 2: Adm
- Page 47 and 48:
Figure 7: Admin Console Login windo
- Page 49 and 50:
Figure 9: Main Admin Console menu M
- Page 51 and 52:
Admin Console conventions Chapter 2
- Page 53 and 54:
Figure 11: Open File window Opening
- Page 55 and 56:
Figure 14: Find/Replace window Ente
- Page 57 and 58:
Chapter 2: Administrator’s Overvi
- Page 59 and 60:
Chapter 2: Administrator’s Overvi
- Page 61 and 62:
Figure 15: sshd Server Configuratio
- Page 63 and 64:
To access the trusted Telnet server
- Page 65 and 66:
3 CHAPTER General System Tasks In t
- Page 67 and 68:
Figure 16: System Shutdown window E
- Page 69 and 70:
Setting up and maintaining administ
- Page 71 and 72:
Figure 18: Administrator Informatio
- Page 73 and 74:
Changing passwords Setting the syst
- Page 75 and 76:
Using system roles to access type e
- Page 77 and 78:
Figure 20: Configuration file backu
- Page 79 and 80:
Chapter 3: General System Tasks Con
- Page 81 and 82:
Activating the Sidewinder G2 licens
- Page 83 and 84:
Chapter 3: General System Tasks Act
- Page 85 and 86:
Figure 23: Firewall License: Compan
- Page 87 and 88:
Figure 25: Firewall License: Enroll
- Page 89 and 90:
Chapter 3: General System Tasks Pro
- Page 91 and 92:
Enabling and disabling servers Figu
- Page 93 and 94:
Server Name Notes Chapter 3: Genera
- Page 95 and 96:
Configuring virus scanning services
- Page 97 and 98:
Chapter 3: General System Tasks Con
- Page 99 and 100:
Chapter 3: General System Tasks Con
- Page 101 and 102:
Figure 32: IDS Server window About
- Page 103 and 104:
Figure 34: Software Management: Sum
- Page 105 and 106:
Chapter 3: General System Tasks Loa
- Page 107 and 108:
Chapter 3: General System Tasks Loa
- Page 109 and 110:
Modifying the interface configurati
- Page 111 and 112:
About the Interface Status window M
- Page 113 and 114:
Chapter 3: General System Tasks Mod
- Page 115 and 116:
About the Aliases: New/Modify Netwo
- Page 117 and 118:
About the Static: Route window Conf
- Page 119 and 120:
About the SSL certificate fields fo
- Page 121 and 122:
Enabling/disabling the UPS server C
- Page 123 and 124:
4 CHAPTER Understanding Policy Conf
- Page 125 and 126:
Figure 45: Example of active rules
- Page 127 and 128:
Chapter 4: Understanding Policy Con
- Page 129 and 130:
Chapter 4: Understanding Policy Con
- Page 131 and 132:
Figure 47: User Groups user group n
- Page 133 and 134:
Figure 48: Netgroup Subnet objects
- Page 135 and 136:
Application Defenses Table 11: Samp
- Page 137 and 138:
Chapter 4: Understanding Policy Con
- Page 139 and 140:
Chapter 4: Understanding Policy Con
- Page 141 and 142:
Simple proxy rule examples Chapter
- Page 143 and 144:
Chapter 4: Understanding Policy Con
- Page 145 and 146:
Table 17: Proxy rules for the advan
- Page 147 and 148:
IP Filter rule basics Chapter 4: Un
- Page 149 and 150:
Chapter 4: Understanding Policy Con
- Page 151 and 152:
Figure 52: Example network Chapter
- Page 153 and 154:
Figure 53: Normal NAT IP Filter rul
- Page 155 and 156:
Chapter 4: Understanding Policy Con
- Page 157 and 158:
5 CHAPTER Creating Rule Elements In
- Page 159 and 160:
Chapter 5: Creating Rule Elements C
- Page 161 and 162:
About the Group Information tab Abo
- Page 163 and 164:
About the User Password tab Chapter
- Page 165 and 166:
About the User Group Membership win
- Page 167 and 168:
Figure 60: New Network Object windo
- Page 169 and 170:
Figure 62: Host network object wind
- Page 171 and 172:
Figure 63: IP Address network objec
- Page 173 and 174:
Figure 65: Subnet network object wi
- Page 175 and 176:
Figure 67: Group Membership window
- Page 177 and 178:
About the Service Groups window Cha
- Page 179 and 180:
6 CHAPTER Configuring Application D
- Page 181 and 182:
Chapter 6: Configuring Application
- Page 183 and 184:
Chapter 6: Configuring Application
- Page 185 and 186:
Chapter 6: Configuring Application
- Page 187 and 188:
About the URL Control tab Chapter 6
- Page 189 and 190:
Figure 73: Web/Secure Web: HTTP Rep
- Page 191 and 192:
Figure 74: Web/Secure Web: MIME/Vir
- Page 193 and 194:
Chapter 6: Configuring Application
- Page 195 and 196:
Figure 76: Web/Secure Web: SmartFil
- Page 197 and 198:
Chapter 6: Configuring Application
- Page 199 and 200:
Chapter 6: Configuring Application
- Page 201 and 202:
About the Keyword Search tab Chapte
- Page 203 and 204:
Figure 81: Mail (Sendmail) MIME/Vir
- Page 205 and 206:
Configuring MIME filtering rules Ch
- Page 207 and 208:
Creating Mail (SMTP proxy) Defenses
- Page 209 and 210:
Figure 84: Mail (SMTP proxy): Desti
- Page 211 and 212:
Creating Citrix Application Defense
- Page 213 and 214:
Configuring the FTP Enforcements ta
- Page 215 and 216:
Configuring Virus/Spyware filtering
- Page 217 and 218:
Creating IIOP Application Defenses
- Page 219 and 220:
Configuring the H.323 Filter tab Ch
- Page 221 and 222:
About the Service Name (SID): New S
- Page 223 and 224:
Creating SOCKS Application Defenses
- Page 225 and 226:
Figure 95: SNMP v1: OID Editing win
- Page 227 and 228:
Creating Standard Application Defen
- Page 229 and 230:
Configuring connection properties C
- Page 231 and 232:
Configuring connection ports Chapte
- Page 233 and 234:
7 CHAPTER Configuring Network Defen
- Page 235 and 236:
Figure 100: Network Defense window
- Page 237 and 238:
About the Network Defenses: TCP tab
- Page 239 and 240:
Configuring the UDP Network Defense
- Page 241 and 242:
Configuring the ICMP Network Defens
- Page 243 and 244:
Configuring the ARP Network Defense
- Page 245 and 246:
8 CHAPTER Creating Rules and Rule G
- Page 247 and 248:
About the Duplicate Rule Name windo
- Page 249 and 250:
Chapter 8: Creating Rules and Rule
- Page 251 and 252:
Figure 110: Proxy Rule: Authenticat
- Page 253 and 254:
Entering information on the Time ta
- Page 255 and 256:
Figure 113: IP Filter Rules window
- Page 257 and 258:
Figure 114: IP Filter Rules Source/
- Page 259 and 260:
Figure 115: IP Filter Time tab Abou
- Page 261 and 262:
Chapter 8: Creating Rules and Rule
- Page 263 and 264:
Figure 117: Modify Groups window Ch
- Page 265 and 266:
Selecting your active policy rules
- Page 267 and 268:
Figure 120: IP Filter General Prope
- Page 269 and 270:
9 CHAPTER Configuring Proxies In th
- Page 271 and 272:
Chapter 9: Configuring Proxies Prox
- Page 273 and 274:
Redirected proxy connections Chapte
- Page 275 and 276:
Figure 123: Port redirection for in
- Page 277 and 278:
Proxy Name Type and Port Descriptio
- Page 279 and 280:
Proxy Name Type and Port Descriptio
- Page 281 and 282:
Notes on selected proxy configurati
- Page 283 and 284:
Notes on using the FTP proxy Chapte
- Page 285 and 286:
HTTP/HTTPS considerations Chapter 9
- Page 287 and 288:
Figure 124: News server in front of
- Page 289 and 290:
About the T.120 proxy Chapter 9: Co
- Page 291 and 292:
Chapter 9: Configuring Proxies Note
- Page 293 and 294:
Figure 126: Proxies window About th
- Page 295 and 296:
Figure 127: ica proxy Advanced tab
- Page 297 and 298:
Configuring connection ports Chapte
- Page 299 and 300:
10 CHAPTER Setting Up Authenticatio
- Page 301 and 302:
Administrator authentication Chapte
- Page 303 and 304:
Supported authentication methods Ch
- Page 305 and 306:
SafeWord authentication Chapter 10:
- Page 307 and 308:
Chapter 10: Setting Up Authenticati
- Page 309 and 310:
Users, groups, and authentication C
- Page 311 and 312:
Chapter 10: Setting Up Authenticati
- Page 313 and 314:
Figure 131: SSO Cached Authenticati
- Page 315 and 316:
Chapter 10: Setting Up Authenticati
- Page 317 and 318:
Figure 133: Password Configuration
- Page 319 and 320:
Entering information on the RADIUS
- Page 321 and 322:
Adding or modifying a SafeWord serv
- Page 323 and 324:
Figure 137: SNK Configuration windo
- Page 325 and 326:
Entering information on the Windows
- Page 327 and 328:
Entering information on the Single
- Page 329 and 330:
Setting up authentication for servi
- Page 331 and 332:
Setting up authentication for Web s
- Page 333 and 334:
Chapter 10: Setting Up Authenticati
- Page 335 and 336:
Chapter 10: Setting Up Authenticati
- Page 337 and 338:
11 CHAPTER DNS (Domain Name System)
- Page 339 and 340:
About Sidewinder hosted DNS Chapter
- Page 341 and 342:
Figure 140: Mail exchanger example
- Page 343 and 344:
Advanced configurations Enabling an
- Page 345 and 346:
Figure 141: Transparent DNS Configu
- Page 347 and 348:
Chapter 11: DNS (Domain Name System
- Page 349 and 350:
Entering information on the Forward
- Page 351 and 352:
Adding an IP address Figure 146: DN
- Page 353 and 354:
About the Zone List window About th
- Page 355 and 356:
Figure 147: Master Zone Attributes
- Page 357 and 358:
Adding a forward lookup sub-domain
- Page 359 and 360:
Figure 148: Master Zone Contents ta
- Page 361 and 362:
Adding a new forward lookup entry C
- Page 363 and 364:
Table 26: DNS configuration options
- Page 365 and 366:
Figure 150: Reconfiguring Sidewinde
- Page 367 and 368:
About the Reconfiguring DNS: Sidewi
- Page 369 and 370:
DNS message logging Chapter 11: DNS
- Page 371 and 372:
12 CHAPTER Electronic Mail In this
- Page 373 and 374:
Chapter 12: Electronic Mail Overvie
- Page 375 and 376:
Sendmail differences on Sidewinder
- Page 377 and 378:
Reconfiguring mail Figure 152: Reco
- Page 379 and 380:
Managing sendmail Figure 153: sendm
- Page 381 and 382:
Chapter 12: Electronic Mail Editing
- Page 383 and 384:
Figure 155: Spamfilter: Whitelist C
- Page 385 and 386:
Chapter 12: Electronic Mail Configu
- Page 387 and 388:
About the COPY action Chapter 12: E
- Page 389 and 390:
Chapter 12: Electronic Mail Configu
- Page 391 and 392:
Other sendmail features Creating a
- Page 393 and 394:
5 Save the changes you made to file
- Page 395 and 396:
Allowing or denying mail on a user
- Page 397 and 398:
Chapter 12: Electronic Mail Managin
- Page 399 and 400:
13 CHAPTER Setting Up Web Services
- Page 401 and 402:
Figure 158: Access to your Web serv
- Page 403 and 404:
Figure 161: Option 2: The Web proxy
- Page 405 and 406:
Setting up Web access using the HTT
- Page 407 and 408:
Using the Web proxy server Figure 1
- Page 409 and 410:
Configuring the Web proxy server Fi
- Page 411 and 412:
Figure 168: Web Proxy Server window
- Page 413 and 414:
Configuring Web Proxy Server HTTP f
- Page 415 and 416:
Configuring browsers for the Web pr
- Page 417 and 418:
Certain browsers on UNIX Chapter 13
- Page 419 and 420:
14 CHAPTER Configuring Virtual Priv
- Page 421 and 422:
Protecting your information What ar
- Page 423 and 424:
Authenticating IKE VPNs Chapter 14:
- Page 425 and 426:
Configuring a VPN client Chapter 14
- Page 427 and 428:
Authentication Summary Automatic ke
- Page 429 and 430:
Chapter 14: Configuring Virtual Pri
- Page 431 and 432:
Understanding virtual burbs Chapter
- Page 433 and 434:
Create the virtual burb Configure p
- Page 435 and 436:
About the Client Address Pools wind
- Page 437 and 438:
Adding or modifying a subnet addres
- Page 439 and 440: Figure 178: Client Address Pools: F
- Page 441 and 442: Adding or modifying a client identi
- Page 443 and 444: Table 28: Supported X.500 Attribute
- Page 445 and 446: Single certificate versus Certifica
- Page 447 and 448: Adding a Certificate Authority Chap
- Page 449 and 450: Figure 180: Remote Identities tab A
- Page 451 and 452: Figure 181: Firewall certificates A
- Page 453 and 454: Figure 182: Remote certificates def
- Page 455 and 456: Chapter 14: Configuring Virtual Pri
- Page 457 and 458: Selecting a new proxy certificate I
- Page 459 and 460: Figure 185: Import Firewall Certifi
- Page 461 and 462: Chapter 14: Configuring Virtual Pri
- Page 463 and 464: Exporting both the certificate and
- Page 465 and 466: About the Security Associations win
- Page 467 and 468: Chapter 14: Configuring Virtual Pri
- Page 469 and 470: Configuring password information on
- Page 471 and 472: Entering Certificate + Certificate
- Page 473 and 474: Entering Manual information on the
- Page 475 and 476: Entering information on the Advance
- Page 477 and 478: Figure 191: VPN between two corpora
- Page 479 and 480: Figure 192: One VPN association per
- Page 481 and 482: Chapter 14: Configuring Virtual Pri
- Page 483 and 484: Figure 193: One VPN association for
- Page 485 and 486: Chapter 14: Configuring Virtual Pri
- Page 487 and 488: Chapter 14: Configuring Virtual Pri
- Page 489: 15 CHAPTER Configuring the SNMP Age
- Page 493 and 494: Figure 196: MIBs supported by the S
- Page 495 and 496: Defining a community name Defining
- Page 497 and 498: Communication with systems in an ex
- Page 499 and 500: 16 CHAPTER One-To-Many Clusters In
- Page 501 and 502: Considerations when using One-To-Ma
- Page 503 and 504: Configuring One- To-Many Chapter 16
- Page 505 and 506: Figure 201: One To Many Management
- Page 507 and 508: Chapter 16: One-To-Many Clusters Co
- Page 509 and 510: Chapter 16: One-To-Many Clusters Co
- Page 511 and 512: Chapter 16: One-To-Many Clusters Un
- Page 513 and 514: 17 CHAPTER High Availability In thi
- Page 515 and 516: HA configuration options Chapter 17
- Page 517 and 518: You can configure failover HA in on
- Page 519 and 520: Configuring the heartbeat burbs Cha
- Page 521 and 522: Chapter 17: High Availability Confi
- Page 523 and 524: Chapter 17: High Availability Confi
- Page 525 and 526: Chapter 17: High Availability Confi
- Page 527 and 528: Removing a secondary/standby from a
- Page 529 and 530: Managing an HA cluster Features tha
- Page 531 and 532: Chapter 17: High Availability Manag
- Page 533 and 534: Changing the multicast address Chap
- Page 535 and 536: About the Local Parameters tab Chap
- Page 537 and 538: Chapter 17: High Availability Manag
- Page 539 and 540: 18 CHAPTER Monitoring In this chapt
- Page 541 and 542:
About the dashboard Viewing device
- Page 543 and 544:
Figure 211: System information: Dis
- Page 545 and 546:
Figure 213: Network Traffic: Interf
- Page 547 and 548:
Viewing IPS attack and system event
- Page 549 and 550:
Figure 218: Attacks by Service wind
- Page 551 and 552:
Monitoring Sidewinder G2 status usi
- Page 553 and 554:
finger Chapter 18: Monitoring Monit
- Page 555 and 556:
dig Chapter 18: Monitoring Monitori
- Page 557 and 558:
19 CHAPTER Auditing and Reporting I
- Page 559 and 560:
Auditing on the Sidewinder G2 Chapt
- Page 561 and 562:
Figure 221: Audit Viewing: View Mod
- Page 563 and 564:
Chapter 19: Auditing and Reporting
- Page 565 and 566:
Figure 224: Audit Veiwing: Filterin
- Page 567 and 568:
Attack Description Application Defe
- Page 569 and 570:
Attack Description Chapter 19: Audi
- Page 571 and 572:
Example 2: Filtering for services a
- Page 573 and 574:
Understanding audit messages Chapte
- Page 575 and 576:
Chapter 19: Auditing and Reporting
- Page 577 and 578:
Generating reports using the Admin
- Page 579 and 580:
Figure 226: Show Report window Tabl
- Page 581 and 582:
Report type Description Chapter 19:
- Page 583 and 584:
Report type Description Table 37: A
- Page 585 and 586:
Generating reports using Sidewinder
- Page 587 and 588:
Chapter 19: Auditing and Reporting
- Page 589 and 590:
20 CHAPTER IPS Attack and System Ev
- Page 591 and 592:
About the IPS Attack Responses wind
- Page 593 and 594:
Attack Description Application Defe
- Page 595 and 596:
Chapter 20: IPS Attack and System E
- Page 597 and 598:
Figure 230: Attack Responses: Setti
- Page 599 and 600:
Figure 232: System Responses Modify
- Page 601 and 602:
Event Description system critical a
- Page 603 and 604:
Figure 233: System Responses: Respo
- Page 605 and 606:
Sidewinder G2 SNMP traps Chapter 20
- Page 607 and 608:
Chapter 20: IPS Attack and System E
- Page 609 and 610:
A APPENDIX Command Line Reference I
- Page 611 and 612:
Sidewinder G2 area Commands Area De
- Page 613 and 614:
Sidewinder G2 area Commands Area De
- Page 615 and 616:
Sidewinder G2 area Commands Area De
- Page 617 and 618:
Sidewinder G2 area Commands Area De
- Page 619 and 620:
Sidewinder G2 area Commands Area De
- Page 621 and 622:
About editing Sidewinder G2 files A
- Page 623 and 624:
Changing file types in the operatio
- Page 625 and 626:
etc/monthly Appendix A: Command Lin
- Page 627 and 628:
CRL and certificate retrieval cron
- Page 629 and 630:
B APPENDIX Setting Up Network Time
- Page 631 and 632:
Figure 235: Sidewinder G2 as an NTP
- Page 633 and 634:
Figure 237: NTP conflict: Sidewinde
- Page 635 and 636:
Using command line: Appendix B: Set
- Page 637 and 638:
C APPENDIX Configuring Dynamic Rout
- Page 639 and 640:
Figure 238: Three OSPF protocol pha
- Page 641 and 642:
Figure 240: Sidewinder G2 within OS
- Page 643 and 644:
Figure 242: OSPF Properties tab Abo
- Page 645 and 646:
Configuring the OSPF Area: Interfac
- Page 647 and 648:
Configuring the OSPF Areas: Network
- Page 649 and 650:
D APPENDIX Configuring Dynamic Rout
- Page 651 and 652:
RIP processing on the Sidewinder G2
- Page 653 and 654:
Appendix D: Configuring Dynamic Rou
- Page 655 and 656:
RIP with Sidewinder G2 not using tr
- Page 657 and 658:
Appendix D: Configuring Dynamic Rou
- Page 659 and 660:
Appendix D: Configuring Dynamic Rou
- Page 661 and 662:
Enabling/ disabling the routed serv
- Page 663 and 664:
E APPENDIX Setting Up SmartFilter S
- Page 665 and 666:
4 Click Evaluate this version. 5 Co
- Page 667 and 668:
Figure 252: SmartFilter for Web and
- Page 669 and 670:
Appendix E: Setting Up SmartFilter
- Page 671 and 672:
F APPENDIX Basic Troubleshooting In
- Page 673 and 674:
Restoring access to the Admin Conso
- Page 675 and 676:
Appendix F: Basic Troubleshooting B
- Page 677 and 678:
Restoring system files Appendix F:
- Page 679 and 680:
8 [Conditional] If needed, change p
- Page 681 and 682:
Appendix F: Basic Troubleshooting R
- Page 683 and 684:
Adding hardware to an active Sidewi
- Page 685 and 686:
Recovering when the licensed NIC fa
- Page 687 and 688:
What to do if the boot process fail
- Page 689 and 690:
If you forget your administrator pa
- Page 691 and 692:
Interpreting beep patterns Table 45
- Page 693 and 694:
Troubleshooting proxy rules Appendi
- Page 695 and 696:
Appendix F: Basic Troubleshooting T
- Page 697 and 698:
Understanding FTP and Telnet connec
- Page 699 and 700:
Active firewall list: 10.10.10.7 St
- Page 701 and 702:
Appendix F: Basic Troubleshooting T
- Page 703 and 704:
Why did NTP stop? Appendix F: Basic
- Page 705 and 706:
GLOSSARY ACE/Server A server made b
- Page 707 and 708:
Glossary burb A set of one or more
- Page 709 and 710:
Glossary external DNS External DNS
- Page 711 and 712:
ISAKMP (internet security associati
- Page 713 and 714:
ODBC (Open Database Connectivity) G
- Page 715 and 716:
eference implementation An IETF ter
- Page 717 and 718:
Glossary subnet A network addressin
- Page 719 and 720:
INDEX A A record (address record) 3
- Page 721 and 722:
B backup backup_file_list 51 comple
- Page 723 and 724:
domains access 7 Admn 8 checking 49
- Page 725 and 726:
Internet server 317 InterNIC 529 IP
- Page 727 and 728:
networks connections report 527 int
- Page 729 and 730:
R RADIUS authentication 281, 292 Re
- Page 731 and 732:
Sidewinder G2 Enterprise Manager xx
- Page 733 and 734:
user passwords 137 users changing p
- Page 736:
The Sidewinder G2 ® Security Appli