- Page 1: ADMINISTRATION GUIDE
- Page 6 and 7: ii SECURE COMPUTING'S AND ITS LICEN
- Page 8 and 9: iv Technical Support information Se
- Page 10 and 11: T Table of Contents vi Table of Con
- Page 12 and 13: Table of Contents viii Table of Con
- Page 14 and 15: Table of Contents x Table of Conten
- Page 16 and 17: Table of Contents xii Table of Cont
- Page 18 and 19: Table of Contents xiv Table of Cont
- Page 20 and 21: Table of Contents xvi Table of Cont
- Page 22 and 23: Table of Contents xviii Table of Co
- Page 24 and 25: P What is covered in this guide Tab
- Page 26 and 27: Where to find additional informatio
- Page 28 and 29: Typographical conventions Typograph
- Page 30 and 31: 1 1-2 Introduction What is the Side
- Page 32 and 33: 1-4 Introduction The Type Enforced
- Page 34 and 35: 1-6 Introduction The Type Enforced
- Page 36 and 37: 1-8 Introduction The Type Enforced
- Page 38 and 39: 1-10 Introduction Additional Sidewi
- Page 40 and 41: 1-12 Introduction Additional Sidewi
- Page 42 and 43: 1-14 Introduction Additional Sidewi
- Page 44 and 45: 1-16 Introduction Additional Sidewi
- Page 46 and 47: 1-18 Introduction Additional Sidewi
- Page 48 and 49: 2 Administration interface options
- Page 50 and 51: Admin Console basics 2-4 Administra
- Page 52 and 53:
Admin Console basics 2-6 Administra
- Page 54 and 55:
Admin Console basics Figure 2-4. Ma
- Page 56 and 57:
Admin Console basics 2-10 Administr
- Page 58 and 59:
Using the Admin Console File Editor
- Page 60 and 61:
Using the Admin Console File Editor
- Page 62 and 63:
Using the Admin Console File Editor
- Page 64 and 65:
Remote administration using Secure
- Page 66 and 67:
Remote administration using Secure
- Page 68 and 69:
Remote administration using Secure
- Page 70 and 71:
Administering Sidewinder G2 using T
- Page 72 and 73:
Administering Sidewinder G2 using T
- Page 74 and 75:
3 Restarting or shutting down the s
- Page 76 and 77:
Restarting or shutting down the sys
- Page 78 and 79:
Setting up and maintaining administ
- Page 80 and 81:
Setting up and maintaining administ
- Page 82 and 83:
Setting the system date and time Fi
- Page 84 and 85:
Using system roles to access type e
- Page 86 and 87:
Configuration file backup and resto
- Page 88 and 89:
Configuration file backup and resto
- Page 90 and 91:
Configuration file backup and resto
- Page 92 and 93:
Activating the Sidewinder G2 licens
- Page 94 and 95:
Activating the Sidewinder G2 licens
- Page 96 and 97:
Activating the Sidewinder G2 licens
- Page 98 and 99:
Activating the Sidewinder G2 licens
- Page 100 and 101:
Protected host licensing and the Ho
- Page 102 and 103:
Enabling and disabling servers Enab
- Page 104 and 105:
Enabling and disabling servers Serv
- Page 106 and 107:
Configuring scanning services Confi
- Page 108 and 109:
Configuring scanning services About
- Page 110 and 111:
Configuring scanning services 3-38
- Page 112 and 113:
Configuring the shund server Figure
- Page 114 and 115:
Loading and installing patches Figu
- Page 116 and 117:
Loading and installing patches 3-44
- Page 118 and 119:
Loading and installing patches Figu
- Page 120 and 121:
Modifying the burb configuration Mo
- Page 122 and 123:
Modifying the interface configurati
- Page 124 and 125:
Modifying the interface configurati
- Page 126 and 127:
Modifying the static route Modifyin
- Page 128 and 129:
Configuring remote Admin Console ma
- Page 130 and 131:
Configuring the Sidewinder G2 to us
- Page 132 and 133:
Configuring the Sidewinder G2 to us
- Page 134 and 135:
4 Policy configuration basics Figur
- Page 136 and 137:
Policy configuration basics Figure
- Page 138 and 139:
Rule elements 4-6 Understanding Pol
- Page 140 and 141:
Rule elements 4-8 Understanding Pol
- Page 142 and 143:
Rule elements 4-10 Understanding Po
- Page 144 and 145:
Rule elements Figure 4-5. Netgroup
- Page 146 and 147:
Application Defenses Application De
- Page 148 and 149:
Application Defenses 4-16 Understan
- Page 150 and 151:
Proxy rule basics 4-18 Understandin
- Page 152 and 153:
Proxy rule basics 4-20 Understandin
- Page 154 and 155:
Proxy rule basics Figure 4-6. Sampl
- Page 156 and 157:
Proxy rule basics 4-24 Understandin
- Page 158 and 159:
Proxy rule basics Additional rules
- Page 160 and 161:
IP Filter rule basics Mutually excl
- Page 162 and 163:
IP Filter rule basics 4-30 Understa
- Page 164 and 165:
IP Filter rule basics Figure 4-9. E
- Page 166 and 167:
IP Filter rule basics Figure 4-10.
- Page 168 and 169:
IP Filter rule basics 4-36 Understa
- Page 170 and 171:
5 Creating users and user groups Fi
- Page 172 and 173:
Creating users and user groups Figu
- Page 174 and 175:
Creating users and user groups Figu
- Page 176 and 177:
Creating users and user groups Abou
- Page 178 and 179:
Creating network objects Creating n
- Page 180 and 181:
Creating network objects About the
- Page 182 and 183:
Creating network objects Entering h
- Page 184 and 185:
Creating network objects Figure 5-1
- Page 186 and 187:
Creating network objects Figure 5-1
- Page 188 and 189:
Creating network objects Figure 5-1
- Page 190 and 191:
Creating service groups 5-22 Creati
- Page 192 and 193:
6 Viewing Application Defense infor
- Page 194 and 195:
Creating Web or Secure Web Applicat
- Page 196 and 197:
Creating Web or Secure Web Applicat
- Page 198 and 199:
Creating Web or Secure Web Applicat
- Page 200 and 201:
Creating Web or Secure Web Applicat
- Page 202 and 203:
Creating Web or Secure Web Applicat
- Page 204 and 205:
Creating Web or Secure Web Applicat
- Page 206 and 207:
Creating Web or Secure Web Applicat
- Page 208 and 209:
Creating Web or Secure Web Applicat
- Page 210 and 211:
Creating Web Cache Application Defe
- Page 212 and 213:
Creating Mail Application Defenses
- Page 214 and 215:
Creating Mail Application Defenses
- Page 216 and 217:
Creating Mail Application Defenses
- Page 218 and 219:
Creating Mail Application Defenses
- Page 220 and 221:
Creating Mail Application Defenses
- Page 222 and 223:
Creating Citrix Application Defense
- Page 224 and 225:
Creating IIOP Application Defenses
- Page 226 and 227:
Creating Multimedia Application Def
- Page 228 and 229:
Creating Oracle Application Defense
- Page 230 and 231:
Creating Oracle Application Defense
- Page 232 and 233:
Creating SNMP Application Defenses
- Page 234 and 235:
Creating SNMP Application Defenses
- Page 236 and 237:
Configuring Application Defense gro
- Page 238 and 239:
Configuring connection properties C
- Page 240 and 241:
Configuring connection properties 6
- Page 242 and 243:
7 Viewing rules and rule groups Fig
- Page 244 and 245:
Creating proxy rules About the Dupl
- Page 246 and 247:
Creating proxy rules Figure 7-2. Pr
- Page 248 and 249:
Creating proxy rules Figure 7-3. Pr
- Page 250 and 251:
Creating proxy rules Entering infor
- Page 252 and 253:
Creating IP Filter rules Creating I
- Page 254 and 255:
Creating IP Filter rules Figure 7-7
- Page 256 and 257:
Creating IP Filter rules 7-16 Creat
- Page 258 and 259:
Creating IP Filter rules Figure 7-9
- Page 260 and 261:
Creating and managing rule groups 7
- Page 262 and 263:
Selecting your active policy rules
- Page 264 and 265:
Selecting your active policy rules
- Page 266 and 267:
Selecting your active policy rules
- Page 268 and 269:
8 Proxy basics Figure 8-1. Example
- Page 270 and 271:
Proxy basics 8-4 Configuring Proxie
- Page 272 and 273:
Redirected proxy connections 8-6 Co
- Page 274 and 275:
Redirected proxy connections Figure
- Page 276 and 277:
Standard Sidewinder G2 proxies Prox
- Page 278 and 279:
Standard Sidewinder G2 proxies Prox
- Page 280 and 281:
Transparent & non-transparent proxi
- Page 282 and 283:
Notes on selected proxy configurati
- Page 284 and 285:
Notes on selected proxy configurati
- Page 286 and 287:
Notes on selected proxy configurati
- Page 288 and 289:
Notes on selected proxy configurati
- Page 290 and 291:
Notes on selected proxy configurati
- Page 292 and 293:
Notes on selected proxy configurati
- Page 294 and 295:
Configuring proxies Configuring pro
- Page 296 and 297:
Configuring proxies 8-30 Configurin
- Page 298 and 299:
Setting up a new proxy Figure 8-8.
- Page 300 and 301:
Setting up a new proxy 8-34 Configu
- Page 302 and 303:
9 Authentication overview 9-2 Setti
- Page 304 and 305:
Authentication overview 9-4 Setting
- Page 306 and 307:
Supported authentication methods 9-
- Page 308 and 309:
Supported authentication methods 9-
- Page 310 and 311:
Authentication process overview Fig
- Page 312 and 313:
Configuring authentication services
- Page 314 and 315:
Configuring authentication services
- Page 316 and 317:
Configuring authentication services
- Page 318 and 319:
Configuring authentication services
- Page 320 and 321:
Configuring authentication services
- Page 322 and 323:
Configuring authentication services
- Page 324 and 325:
Configuring authentication services
- Page 326 and 327:
Configuring authentication services
- Page 328 and 329:
Configuring SSO Figure 9-10. SSO Co
- Page 330 and 331:
Setting up authentication for servi
- Page 332 and 333:
Setting up authentication for Web s
- Page 334 and 335:
Allowing users to change their pass
- Page 336 and 337:
How users can change their own pass
- Page 338 and 339:
How users can change their own pass
- Page 340 and 341:
10 What is DNS? 10-2 Domain Name Sy
- Page 342 and 343:
About mail exchanger records About
- Page 344 and 345:
Enabling and disabling your DNS ser
- Page 346 and 347:
Advanced configurations Advanced co
- Page 348 and 349:
Configuring transparent name server
- Page 350 and 351:
Configuring hosted DNS servers Figu
- Page 352 and 353:
Configuring hosted DNS servers Ente
- Page 354 and 355:
Configuring hosted DNS servers 10-1
- Page 356 and 357:
Configuring hosted DNS servers 10-1
- Page 358 and 359:
Configuring hosted DNS servers 10-2
- Page 360 and 361:
Configuring hosted DNS servers 10-2
- Page 362 and 363:
Configuring hosted DNS servers Dele
- Page 364 and 365:
Configuring hosted DNS servers 10-2
- Page 366 and 367:
Configuring hosted DNS servers Addi
- Page 368 and 369:
Reconfiguring DNS 10-30 Domain Name
- Page 370 and 371:
Reconfiguring DNS Figure 10-11. Rec
- Page 372 and 373:
Reconfiguring DNS Figure 10-12. Rec
- Page 374 and 375:
DNS message logging DNS message log
- Page 376 and 377:
11 Overview of e-mail on Sidewinder
- Page 378 and 379:
Overview of e-mail on Sidewinder G2
- Page 380 and 381:
Administering mail on Sidewinder G2
- Page 382 and 383:
Managing sendmail 11-8 Electronic M
- Page 384 and 385:
Editing the mail configuration file
- Page 386 and 387:
Editing the mail configuration file
- Page 388 and 389:
Configuring advanced anti-spam opti
- Page 390 and 391:
Configuring advanced anti-spam opti
- Page 392 and 393:
Configuring advanced anti-spam opti
- Page 394 and 395:
Redirecting mail to a different des
- Page 396 and 397:
Other sendmail features Other sendm
- Page 398 and 399:
Other sendmail features 11-24 Elect
- Page 400 and 401:
Other sendmail features 11-26 Elect
- Page 402 and 403:
Managing mail queues 11-28 Electron
- Page 404 and 405:
12 An overview of Web Services on S
- Page 406 and 407:
Implementation options for Web acce
- Page 408 and 409:
Using the HTTP proxy Using the HTTP
- Page 410 and 411:
Using the HTTP proxy 12-8 Setting U
- Page 412 and 413:
Using the Web proxy server Using th
- Page 414 and 415:
Configuring the Web proxy server Co
- Page 416 and 417:
Configuring the Web proxy server 12
- Page 418 and 419:
Configuring the Web proxy server Fi
- Page 420 and 421:
Configuring the Web proxy server Fi
- Page 422 and 423:
Configuring browsers for the Web pr
- Page 424 and 425:
Configuring browsers for the Web pr
- Page 426 and 427:
13 Sidewinder G2 VPN overview Figur
- Page 428 and 429:
Sidewinder G2 VPN overview 13-4 Con
- Page 430 and 431:
Sidewinder G2 VPN overview 13-6 Con
- Page 432 and 433:
Sidewinder G2 VPN overview 13-8 Con
- Page 434 and 435:
Sidewinder G2 VPN overview 13-10 Co
- Page 436 and 437:
Configuring the ISAKMP server 13-12
- Page 438 and 439:
Configuring the Certificate server
- Page 440 and 441:
Understanding virtual burbs Figure
- Page 442 and 443:
Configuring client address pools Te
- Page 444 and 445:
Configuring client address pools Ab
- Page 446 and 447:
Configuring client address pools Ad
- Page 448 and 449:
Configuring client address pools Ad
- Page 450 and 451:
Configuring client address pools Ad
- Page 452 and 453:
Configuring Certificate Management
- Page 454 and 455:
Configuring Certificate Management
- Page 456 and 457:
Configuring Certificate Management
- Page 458 and 459:
Configuring Certificate Management
- Page 460 and 461:
Configuring Certificate Management
- Page 462 and 463:
Configuring Certificate Management
- Page 464 and 465:
Configuring Certificate Management
- Page 466 and 467:
Configuring Certificate Management
- Page 468 and 469:
Importing and exporting certificate
- Page 470 and 471:
Importing and exporting certificate
- Page 472 and 473:
Importing and exporting certificate
- Page 474 and 475:
Importing and exporting certificate
- Page 476 and 477:
Configuring VPN Security Associatio
- Page 478 and 479:
Configuring VPN Security Associatio
- Page 480 and 481:
Configuring VPN Security Associatio
- Page 482 and 483:
Configuring VPN Security Associatio
- Page 484 and 485:
Configuring VPN Security Associatio
- Page 486 and 487:
Configuring VPN Security Associatio
- Page 488 and 489:
Configuring VPN Security Associatio
- Page 490 and 491:
Example VPN Scenarios Figure 13-18.
- Page 492 and 493:
Example VPN Scenarios Figure 13-19.
- Page 494 and 495:
Example VPN Scenarios 13-70 Configu
- Page 496 and 497:
Example VPN Scenarios Summary Each
- Page 498 and 499:
Example VPN Scenarios 13-74 Configu
- Page 500 and 501:
Example VPN Scenarios 13-76 Configu
- Page 502 and 503:
Example VPN Scenarios 13-78 Configu
- Page 504 and 505:
14 SNMP and Sidewinder G2 Figure 14
- Page 506 and 507:
SNMP and Sidewinder G2 14-4 Configu
- Page 508 and 509:
SNMP and Sidewinder G2 14-6 Configu
- Page 510 and 511:
Setting up the SNMP agent on Sidewi
- Page 512 and 513:
About the management station 14-10
- Page 514 and 515:
Communication with systems in an ex
- Page 516 and 517:
15 Overview Figure 15-1. A typical
- Page 518 and 519:
Example scenario using a One-To-Man
- Page 520 and 521:
Configuring One-To-Many 15-6 One-To
- Page 522 and 523:
Configuring One-To-Many Figure 15-3
- Page 524 and 525:
Configuring One-To-Many 15-10 One-T
- Page 526 and 527:
Configuring One-To-Many 15-12 One-T
- Page 528 and 529:
Understanding the One-To-Many tree
- Page 530 and 531:
Understanding the One-To-Many tree
- Page 532 and 533:
16 How High Availability works 16-2
- Page 534 and 535:
HA configuration options 16-4 High
- Page 536 and 537:
Configuring HA 16-6 High Availabili
- Page 538 and 539:
Configuring HA 16-8 High Availabili
- Page 540 and 541:
Configuring HA 16-10 High Availabil
- Page 542 and 543:
Configuring HA 16-12 High Availabil
- Page 544 and 545:
Configuring HA 16-14 High Availabil
- Page 546 and 547:
Configuring HA Removing a secondary
- Page 548 and 549:
Managing an HA cluster Figure 16-2.
- Page 550 and 551:
Managing an HA cluster Figure 16-1.
- Page 552 and 553:
Managing an HA cluster 16-22 High A
- Page 554 and 555:
Managing an HA cluster 16-24 High A
- Page 556 and 557:
Managing an HA cluster 16-26 High A
- Page 558 and 559:
Managing an HA cluster 16-28 High A
- Page 560 and 561:
Managing an HA cluster 16-30 High A
- Page 562 and 563:
17 Configuring alarm events and eve
- Page 564 and 565:
Configuring alarm events and event
- Page 566 and 567:
Configuring alarm events and event
- Page 568 and 569:
Configuring alarm events and event
- Page 570 and 571:
Configuring alarm events and event
- Page 572 and 573:
Configuring alarm events and event
- Page 574 and 575:
Example alarm event scenario 17-14
- Page 576 and 577:
Sample Strikeback results 17-16 Ala
- Page 578 and 579:
Ignoring network probe attempts 17-
- Page 580 and 581:
Checking system status 17-20 Alarm
- Page 582 and 583:
Checking network status Checking ne
- Page 584 and 585:
Checking network status 17-24 Alarm
- Page 586 and 587:
Checking network status 17-26 Alarm
- Page 588 and 589:
18 Overview of the audit process Fi
- Page 590 and 591:
Monitoring Sidewinder G2 status 18-
- Page 592 and 593:
Auditing on the Sidewinder G2 18-6
- Page 594 and 595:
Auditing on the Sidewinder G2 18-8
- Page 596 and 597:
Auditing on the Sidewinder G2 18-10
- Page 598 and 599:
Auditing on the Sidewinder G2 About
- Page 600 and 601:
Auditing on the Sidewinder G2 Table
- Page 602 and 603:
Auditing on the Sidewinder G2 Filte
- Page 604 and 605:
Auditing on the Sidewinder G2 18-18
- Page 606 and 607:
Auditing on the Sidewinder G2 18-20
- Page 608 and 609:
Logging application messages using
- Page 610 and 611:
Generating and viewing reports usin
- Page 612 and 613:
Generating and viewing reports usin
- Page 614 and 615:
Generating and viewing reports usin
- Page 616 and 617:
Viewing auto-generated reports View
- Page 618 and 619:
Using third party reporting tools 1
- Page 620 and 621:
Using third party reporting tools 1
- Page 622 and 623:
A Summary of cf structure Summary o
- Page 624 and 625:
Summary of cf structure Sidewinder
- Page 626 and 627:
Summary of cf structure Sidewinder
- Page 628 and 629:
Summary of cf structure Sidewinder
- Page 630 and 631:
Working with files on the Sidewinde
- Page 632 and 633:
Working with files on the Sidewinde
- Page 634 and 635:
Working with files on the Sidewinde
- Page 636 and 637:
Understanding automatic (cron) jobs
- Page 638 and 639:
Understanding automatic (cron) jobs
- Page 640 and 641:
B Overview Figure B-1. NTP servercl
- Page 642 and 643:
Overview Figure B-3. The Sidewinder
- Page 644 and 645:
Configuring NTP on a Sidewinder G2
- Page 646 and 647:
References References NTP is a comp
- Page 648 and 649:
C Overview Figure C-1. Three OSPF p
- Page 650 and 651:
OSPF processing on a Sidewinder G2
- Page 652 and 653:
Setting up OSPF routing on the Side
- Page 654 and 655:
Setting up OSPF routing on the Side
- Page 656 and 657:
Setting up OSPF routing on the Side
- Page 658 and 659:
Setting up OSPF routing on the Side
- Page 660 and 661:
Other implementation details C-14 C
- Page 662 and 663:
D RIP with standard IP routers Figu
- Page 664 and 665:
RIP processing on the Sidewinder G2
- Page 666 and 667:
RIP with the Sidewinder G2 using tr
- Page 668 and 669:
RIP with the Sidewinder G2 NOT usin
- Page 670 and 671:
RIP with the Sidewinder G2 NOT usin
- Page 672 and 673:
Configuring RIP on the Sidewinder G
- Page 674 and 675:
Configuring RIP on the Sidewinder G
- Page 676 and 677:
Trace and log information Trace and
- Page 678 and 679:
E Evaluating the SmartFilter Contro
- Page 680 and 681:
Configuring SmartFilter on the Side
- Page 682 and 683:
Configuring SmartFilter on the Side
- Page 684 and 685:
Editing the SmartFilter files Editi
- Page 686 and 687:
Editing the SmartFilter files E-10
- Page 688 and 689:
Editing the SmartFilter files E-12
- Page 690 and 691:
F Powering-up the system to the Adm
- Page 692 and 693:
Backing up system files Backing up
- Page 694 and 695:
Backing up system files F-6 Basic T
- Page 696 and 697:
Restoring system files Restoring sy
- Page 698 and 699:
Restoring system files F-10 Basic T
- Page 700 and 701:
Restoring system files F-12 Basic T
- Page 702 and 703:
Adding hardware to an active Sidewi
- Page 704 and 705:
What to do if the boot process fail
- Page 706 and 707:
Re-imaging your Sidewinder G2 F-18
- Page 708 and 709:
If you forget your administrator pa
- Page 710 and 711:
Interpreting beep patterns Table F-
- Page 712 and 713:
Troubleshooting proxy rules F-24 Ba
- Page 714 and 715:
Troubleshooting proxy rules F-26 Ba
- Page 716 and 717:
Understanding FTP and Telnet connec
- Page 718 and 719:
Troubleshooting High Availability F
- Page 720 and 721:
Troubleshooting High Availability F
- Page 722 and 723:
Troubleshooting NTP Troubleshooting
- Page 724 and 725:
VPN troubleshooting commands VPN tr
- Page 726 and 727:
G Glossary G-2 Glossary Administrat
- Page 728 and 729:
Glossary G-4 Glossary digital certi
- Page 730 and 731:
Glossary G-6 Glossary group Logical
- Page 732 and 733:
Glossary G-8 Glossary login ID When
- Page 734 and 735:
Glossary G-10 Glossary OSPF (Open S
- Page 736 and 737:
Glossary G-12 Glossary RFC (Request
- Page 738 and 739:
Glossary G-14 Glossary strong authe
- Page 740 and 741:
Glossary G-16 Glossary
- Page 742 and 743:
In Index In-2 Index alias IP addres
- Page 744 and 745:
Index In-4 Index configuring networ
- Page 746 and 747:
Index In-6 Index fsck command F-16
- Page 748 and 749:
Index In-8 Index audit 18-19 DNS 10
- Page 750 and 751:
Index In-10 Index displaying inform
- Page 752 and 753:
Index In-12 Index default proxy 4-2
- Page 754 and 755:
Index In-14 Index T messages F-17 T
- Page 756:
Index In-16 Index