Clavister cOS Core Administration Guide

More documents

Recommendations

Info

Chapter 2: Management and Maintenance • Emergency • Alert • Critical • Error • Warning • Notice • Info • Debug By default, cOS Core sends all messages of level Info and above to any configured log servers but the level for sending can be changed by the administrator. The Debug severity is intended for system troubleshooting only and should only be used if required. All log event messages of all severity levels are listed in the separate cOS Core Log Reference Guide. Event Message Timestamping When a log messages are sent by cOS Core to external log receivers, they are always timestamped with time expressed as UTC/GMT (Greenwich Mean Time). This means that it is easy to compare events from a network consisting of many security gateways spread over different time zones. The exception to this is log messages displayed through Memlog which are always stamped with the current system time. 2.2.3. Creating Log Receivers To distribute and log the event messages generated by cOS Core, it is necessary to define one or more event receivers that specify what events to capture, and where to send them. cOS Core can distribute event messages to different types of receivers and these are enabled by creating any of the following Log Receiver objects. • MemoryLogReceiver cOS Core has its own logging mechanism also known as the MemLog. This retains all event log messages in memory and allows direct viewing of recent log messages through the Web Interface. This is enabled by default but can be disabled. This receiver type is discussed further below in Section 2.2.4, “Logging to MemoryLogReceiver”. • Syslog Receiver Syslog is the de-facto standard for logging events from network devices. If other network devices are already logging to Syslog servers, using syslog with cOS Core messages can simplify overall administration. This receiver type is discussed further below in Section 2.2.5, “Logging to Syslog Hosts”. • FWLog The Clavister proprietary format for logging event messages, the FWLog format has a high level of detail and is suitable for analyzing large amounts of log data. This receiver type is discussed further below in Section 2.2.6, “Logging to the Clavister Logger”. • SNMP Traps 68
Chapter 2: Management and Maintenance An SNMP2c Event Receiver can be defined to collect SNMP Trap log messages. These receivers are typically used to collect and respond to critical alerts from network devices. This receiver type is discussed further below in Section 2.2.8, “SNMP Traps”. 2.2.4. Logging to MemoryLogReceiver The MemoryLogReceiver (also known as Memlog) is an optional cOS Core feature that allows logging direct to memory in the Clavister Security Gateway instead of sending messages to an external server. These messages can be examined through the standard user interfaces. Memory for Logging is Limited Memlog memory available for new messages is limited to a fixed predetermined size. When the allocated memory is filled up with log messages, the oldest messages are discarded to make room for newer incoming messages. This means that MemLog holds a limited number of messages since the last system initialization and once the buffer fills they will only be the most recent. This means that when cOS Core is creating large numbers of messages in systems with, for example, large numbers of VPN tunnels, the Memlog information becomes less meaningful since it reflects a limited recent time period. Memlog Timestamps The timestamp shown is Memlog console output is always the local system time of the security gateway. This is different from the timestamp on log messages sent to defined Log Receiver objects which are always timestamped with GMT time. Disabling Memory Logging The MemoryLogReceiver object exists by default in cOS Core. If this receiver is not required then it can be deleted and this type of logging will be switched off. 2.2.5. Logging to Syslog Hosts Overview Syslog is a standardized protocol for sending log data although there is no standardized format for the log messages themselves. The format used by cOS Core is well suited to automated processing, filtering and searching. Although the exact format of each log entry depends on how a Syslog receiver works, most are similar. The way in which logs are read is also dependent on how the syslog receiver works. Syslog daemons on UNIX servers usually log to text files, line by line. Message Format Most Syslog recipients preface each log entry with a timestamp and the IP address of the machine that sent the log data: Feb 5 2000 09:45:23 gateway.ourcompany.com This is followed by the text the sender has chosen to send. 69
Page 1 and 2:
Clavister cOS Core Administration G
Page 3 and 4:
Table of Contents Preface .........
Page 5 and 6:
Clavister cOS Core 3.10. DNS ......
Page 7 and 8:
Clavister cOS Core 8.2.5. Authentic
Page 9 and 10:
List of Figures 1.1. Packet Flow Sc
Page 11 and 12:
List of Examples 1. Example Notatio
Page 13 and 14:
Clavister cOS Core 8.3. User Authen
Page 15 and 16:
Preface prompt followed by the comm
Page 17 and 18: Chapter 1: cOS Core Overview This c
Page 19 and 20: Chapter 1: cOS Core Overview For de
Page 21 and 22: Chapter 1: cOS Core Overview • Th
Page 23 and 24: Chapter 1: cOS Core Overview combin
Page 25 and 26: Chapter 1: cOS Core Overview use of
Page 27 and 28: Chapter 1: cOS Core Overview Figure
Page 29 and 30: Chapter 1: cOS Core Overview Apply
Page 31 and 32: Chapter 2: Management and Maintenan
Page 67: Chapter 2: Management and Maintenan
Page 115 and 116: Chapter 3: Fundamentals This chapte
Page 117 and 118: Chapter 3: Fundamentals 4. Click OK
Page 119 and 120:
Chapter 3: Fundamentals Follow the
Page 121 and 122:
Chapter 3: Fundamentals Using folde
Page 123 and 124:
Chapter 3: Fundamentals 2. Specify
Page 125 and 126:
Chapter 3: Fundamentals enabled by
Page 127 and 128:
Chapter 3: Fundamentals Web Interfa
Page 129 and 130:
Chapter 3: Fundamentals 3.3. Servic
Page 131 and 132:
Chapter 3: Fundamentals 3.3.2. Crea
Page 133 and 134:
Chapter 3: Fundamentals sent to red
Page 135 and 136:
Chapter 3: Fundamentals When a mess
Page 137 and 138:
Chapter 3: Fundamentals a configura
Page 139 and 140:
Chapter 3: Fundamentals • Virtual
Page 141 and 142:
Chapter 3: Fundamentals Each logica
Page 143 and 144:
Chapter 3: Fundamentals The informa
Page 145 and 146:
Chapter 3: Fundamentals Device:/> s
Page 147 and 148:
Chapter 3: Fundamentals Enabling DH
Page 149 and 150:
Chapter 3: Fundamentals Below is a
Page 151 and 152:
Chapter 3: Fundamentals VLANs are u
Page 153 and 154:
Chapter 3: Fundamentals cOS Core do
Page 155 and 156:
Chapter 3: Fundamentals broadband s
Page 157 and 158:
Chapter 3: Fundamentals Network=all
Page 159 and 160:
Chapter 3: Fundamentals (see Sectio
Page 161 and 162:
Chapter 3: Fundamentals is enabled
Page 163 and 164:
Chapter 3: Fundamentals Figure 3.2.
Page 165 and 166:
Chapter 3: Fundamentals 1. Go to: N
Page 167 and 168:
Chapter 3: Fundamentals 3.5. ARP 3.
Page 169 and 170:
Chapter 3: Fundamentals The Size of
Page 171 and 172:
Chapter 3: Fundamentals To understa
Page 173 and 174:
Chapter 3: Fundamentals ARP Request
Page 175 and 176:
Chapter 3: Fundamentals This determ
Page 177 and 178:
Chapter 3: Fundamentals 3.6. IP Rul
Page 179 and 180:
Chapter 3: Fundamentals Specifying
Page 181 and 182:
Chapter 3: Fundamentals which allow
Page 183 and 184:
Chapter 3: Fundamentals types allow
Page 185 and 186:
Chapter 3: Fundamentals rules with
Page 187 and 188:
Chapter 3: Fundamentals be used whe
Page 189 and 190:
Chapter 3: Fundamentals box is sele
Page 191 and 192:
Chapter 3: Fundamentals Creating IP
Page 193 and 194:
Chapter 3: Fundamentals Device:/> a
Page 195 and 196:
Chapter 3: Fundamentals Web Interfa
Page 197 and 198:
Chapter 3: Fundamentals Last, assoc
Page 199 and 200:
Chapter 3: Fundamentals The name pa
Page 201 and 202:
Chapter 3: Fundamentals Section 3.9
Page 203 and 204:
Chapter 3: Fundamentals 3.8. Certif
Page 205 and 206:
Chapter 3: Fundamentals many certif
Page 207 and 208:
Chapter 3: Fundamentals To associat
Page 209 and 210:
Chapter 3: Fundamentals 3.9. Date a
Page 211 and 212:
Chapter 3: Fundamentals principles
Page 213 and 214:
Chapter 3: Fundamentals performed.
Page 215 and 216:
Chapter 3: Fundamentals Primary Tim
Page 217 and 218:
Chapter 3: Fundamentals 2. Enter th
Page 219 and 220:
Chapter 3: Fundamentals 3.11. Inter
Page 221 and 222:
Chapter 3: Fundamentals See Chapter
Page 223 and 224:
Chapter 3: Fundamentals • Interfa
Page 225 and 226:
Chapter 3: Fundamentals • Destina
Page 227 and 228:
227 Chapter 3: Fundamentals
Page 229 and 230:
Chapter 4: Routing 4.2. Static Rout
Page 231 and 232:
Chapter 4: Routing Route # Interfac
Page 233 and 234:
Chapter 4: Routing second network m
Page 235 and 236:
Chapter 4: Routing • It does not
Page 237 and 238:
Chapter 4: Routing When this option
Page 239 and 240:
Chapter 4: Routing Tip: Understandi
Page 241 and 242:
Chapter 4: Routing disabled and ins
Page 243 and 244:
Chapter 4: Routing Minimum Number o
Page 245 and 246:
Chapter 4: Routing Grace time The l
Page 247 and 248:
Chapter 4: Routing Proxy ARP and Hi
Page 249 and 250:
Chapter 4: Routing Routing Tables c
Page 251 and 252:
Chapter 4: Routing Example 4.6. Cre
Page 253 and 254:
Chapter 4: Routing 2. A search is n
Page 255 and 256:
Chapter 4: Routing Contents of the
Page 257 and 258:
Chapter 4: Routing 3. If more than
Page 259 and 260:
Chapter 4: Routing different metric
Page 261 and 262:
Chapter 4: Routing Example 4.8. Set
Page 263 and 264:
Chapter 4: Routing • Use two ISPs
Page 265 and 266:
Chapter 4: Routing ISP1 provides In
Page 267 and 268:
Chapter 4: Routing Route # Interfac
Page 269 and 270:
Chapter 4: Routing per-interface ro
Page 271 and 272:
Chapter 4: Routing connection will
Page 273 and 274:
Chapter 4: Routing In contrast to D
Page 275 and 276:
Chapter 4: Routing and to determine
Page 277 and 278:
Chapter 4: Routing With cOS Core, t
Page 279 and 280:
Chapter 4: Routing Figure 4.11. Vir
Page 281 and 282:
Chapter 4: Routing interface partic
Page 283 and 284:
Chapter 4: Routing There can only b
Page 285 and 286:
Chapter 4: Routing InfTrans Delay W
Page 287 and 288:
Chapter 4: Routing received routing
Page 289 and 290:
Chapter 4: Routing OSPF Tag Specifi
Page 291 and 292:
Chapter 4: Routing Finally, a Dynam
Page 293 and 294:
Chapter 4: Routing 2. Choose a rand
Page 295 and 296:
Chapter 4: Routing Follow the same
Page 297 and 298:
Chapter 4: Routing Example 4.12. Im
Page 299 and 300:
Chapter 4: Routing Command-Line Int
Page 301 and 302:
Chapter 4: Routing The OSPF CLI com
Page 303 and 304:
Chapter 4: Routing For multicast to
Page 305 and 306:
Chapter 4: Routing 1. Go to: Object
Page 307 and 308:
Chapter 4: Routing The following SA
Page 309 and 310:
Chapter 4: Routing Figure 4.20. Mul
Page 311 and 312:
Chapter 4: Routing 4.7.3.2. IGMP Ru
Page 313 and 314:
Chapter 4: Routing • Destination
Page 315 and 316:
Chapter 4: Routing The interval in
Page 317 and 318:
Chapter 4: Routing • Routing Mode
Page 319 and 320:
Chapter 4: Routing Specifying a net
Page 321 and 322:
Chapter 4: Routing public IPv4 addr
Page 323 and 324:
Chapter 4: Routing The other conseq
Page 325 and 326:
Chapter 4: Routing • Service: htt
Page 327 and 328:
Chapter 4: Routing SourceNetwork=al
Page 329 and 330:
Chapter 4: Routing • Action: Allo
Page 331 and 332:
Chapter 4: Routing 4.8.6. Advanced
Page 333 and 334:
Chapter 4: Routing Default: DropLog
Page 335 and 336:
Chapter 5: DHCP Services This chapt
Page 337 and 338:
Chapter 5: DHCP Services DHCP Optio
Page 339 and 340:
Chapter 5: DHCP Services The asteri
Page 341 and 342:
Chapter 5: DHCP Services Comments:
Page 343 and 344:
Chapter 5: DHCP Services 5.3. DHCP
Page 345 and 346:
Chapter 5: DHCP Services Max PPM Ho
Page 347 and 348:
Chapter 5: DHCP Services Receive In
Page 349 and 350:
349 Chapter 5: DHCP Services
Page 351 and 352:
Chapter 6: Security Mechanisms and
Page 353 and 354:
Chapter 6: Security Mechanisms 1. G
Page 355 and 356:
Chapter 6: Security Mechanisms Maxi
Page 357 and 358:
Chapter 6: Security Mechanisms will
Page 359 and 360:
Chapter 6: Security Mechanisms FTP
Page 361 and 362:
Chapter 6: Security Mechanisms mode
Page 363 and 364:
Chapter 6: Security Mechanisms In t
Page 365 and 366:
Chapter 6: Security Mechanisms 3. F
Page 367 and 368:
Chapter 6: Security Mechanisms B. C
Page 369 and 370:
Chapter 6: Security Mechanisms be w
Page 371 and 372:
Chapter 6: Security Mechanisms As d
Page 373 and 374:
Chapter 6: Security Mechanisms emai
Page 375 and 376:
Chapter 6: Security Mechanisms emai
Page 377 and 378:
Chapter 6: Security Mechanisms •
Page 379 and 380:
Chapter 6: Security Mechanisms The
Page 381 and 382:
Chapter 6: Security Mechanisms Impo
Page 383 and 384:
Page 385 and 386:
Page 387 and 388:
Page 389 and 390:
Chapter 6: Security Mechanisms Here
Page 391 and 392:
Page 393 and 394:
Chapter 6: Security Mechanisms allo
Page 395 and 396:
Chapter 6: Security Mechanisms H.32
Page 397 and 398:
Page 399 and 400:
Chapter 6: Security Mechanisms the
Page 401 and 402:
Chapter 6: Security Mechanisms 1. G
Page 403 and 404:
Chapter 6: Security Mechanisms 2. N
Page 405 and 406:
Chapter 6: Security Mechanisms poss
Page 407 and 408:
Page 409 and 410:
Page 411 and 412:
Page 413 and 414:
Chapter 6: Security Mechanisms 6.3.
Page 415 and 416:
Chapter 6: Security Mechanisms Gate
Page 417 and 418:
Page 419 and 420:
Chapter 6: Security Mechanisms Acti
Page 421 and 422:
Chapter 6: Security Mechanisms the
Page 423 and 424:
Chapter 6: Security Mechanisms user
Page 425 and 426:
Chapter 6: Security Mechanisms cult
Page 427 and 428:
Page 429 and 430:
Chapter 6: Security Mechanisms A we
Page 431 and 432:
Page 433 and 434:
Chapter 6: Security Mechanisms 4. U
Page 435 and 436:
Chapter 6: Security Mechanisms Patt
Page 437 and 438:
Chapter 6: Security Mechanisms iii.
Page 439 and 440:
Chapter 6: Security Mechanisms Comm
Page 441 and 442:
Page 443 and 444:
Chapter 6: Security Mechanisms Sett
Page 445 and 446:
Page 447 and 448:
Chapter 6: Security Mechanisms Sign
Page 449 and 450:
Chapter 6: Security Mechanisms Acti
Page 451 and 452:
Chapter 6: Security Mechanisms 1. S
Page 453 and 454:
Page 455 and 456:
Page 457 and 458:
Chapter 6: Security Mechanisms If t
Page 459 and 460:
Chapter 6: Security Mechanisms It i
Page 461 and 462:
Chapter 7: Address Translation This
Page 463 and 464:
Chapter 7: Address Translation 7.2.
Page 465 and 466:
Chapter 7: Address Translation 195.
Page 467 and 468:
Chapter 7: Address Translation Serv
Page 469 and 470:
Chapter 7: Address Translation is r
Page 471 and 472:
Chapter 7: Address Translation is r
Page 473 and 474:
Chapter 7: Address Translation •
Page 475 and 476:
Chapter 7: Address Translation betw
Page 477 and 478:
Page 479 and 480:
Page 481 and 482:
Chapter 7: Address Translation 7.4.
Page 483 and 484:
Chapter 7: Address Translation Publ
Page 485 and 486:
Chapter 7: Address Translation Devi
Page 487 and 488:
Chapter 7: Address Translation orde
Page 489 and 490:
489 Chapter 7: Address Translation
Page 491 and 492:
Chapter 8: User Authentication C ar
Page 493 and 494:
Chapter 8: User Authentication then
Page 495 and 496:
Chapter 8: User Authentication •
Page 497 and 498:
Chapter 8: User Authentication 8.2.
Page 499 and 500:
Page 501 and 502:
Chapter 8: User Authentication LDAP
Page 503 and 504:
Page 505 and 506:
Chapter 8: User Authentication auto
Page 507 and 508:
Chapter 8: User Authentication For
Page 509 and 510:
Chapter 8: User Authentication The
Page 511 and 512:
Page 513 and 514:
Chapter 8: User Authentication Web
Page 515 and 516:
Page 517 and 518:
Chapter 8: User Authentication Exam
Page 519 and 520:
Chapter 8: User Authentication Figu
Page 521 and 522:
Page 523 and 524:
523 Chapter 8: User Authentication
Page 525 and 526:
Chapter 9: VPN 2. Client to LAN con
Page 527 and 528:
Chapter 9: VPN access per user (gro
Page 529 and 530:
Chapter 9: VPN 9.2.1. IPsec LAN to
Page 531 and 532:
Chapter 9: VPN Note: The system tim
Page 533 and 534:
Chapter 9: VPN Note The option to d
Page 535 and 536:
Chapter 9: VPN 2. Define two other
Page 537 and 538:
Chapter 9: VPN 9.2.7. PPTP Roaming
Page 539 and 540:
Chapter 9: VPN i. Authentication Ag
Page 541 and 542:
Chapter 9: VPN IPsec protocol used
Page 543 and 544:
Chapter 9: VPN Endpoint Identificat
Page 545 and 546:
Chapter 9: VPN IKE Lifetime This is
Page 547 and 548:
Chapter 9: VPN Manual Keying Advant
Page 549 and 550:
Chapter 9: VPN Figure 9.2. The ESP
Page 551 and 552:
Chapter 9: VPN CAST128, MD5, SHA1.
Page 553 and 554:
Chapter 9: VPN 2. Enter a name for
Page 555 and 556:
Chapter 9: VPN • Country: Sweden
Page 557 and 558:
Chapter 9: VPN Rules setting. An ex
Page 559 and 560:
Chapter 9: VPN When configuring VPN
Page 561 and 562:
Chapter 9: VPN 6. Select Email as T
Page 563 and 564:
Chapter 9: VPN • Remote Endpoint:
Page 565 and 566:
Chapter 9: VPN IP Validation cOS Co
Page 567 and 568:
Chapter 9: VPN Step 1. Client Initi
Page 569 and 570:
Chapter 9: VPN Authentication metho
Page 571 and 572:
Chapter 9: VPN Step 7. Client Sends
Page 573 and 574:
Chapter 9: VPN Cookies : 0x6098238b
Page 575 and 576:
Chapter 9: VPN In other words, the
Page 577 and 578:
Chapter 9: VPN A common problem wit
Page 579 and 580:
Chapter 9: VPN Use User Authenticat
Page 581 and 582:
Chapter 9: VPN C. Setup the L2TP Tu
Page 583 and 584:
Chapter 9: VPN • Service: all_ser
Page 585 and 586:
Chapter 9: VPN the interface. The p
Page 587 and 588:
Chapter 9: VPN Figure 9.4. An L2TPv
Page 589 and 590:
Chapter 9: VPN i. The VLAN ID is th
Page 591 and 592:
Chapter 9: VPN 9.6. SSL VPN 9.6.1.
Page 593 and 594:
Chapter 9: VPN A private IP network
Page 595 and 596:
Chapter 9: VPN Figure 9.5. SSL VPN
Page 597 and 598:
Chapter 9: VPN • Traffic can now
Page 599 and 600:
Chapter 9: VPN • Originator IP: a
Page 601 and 602:
Chapter 9: VPN Gateway through the
Page 603 and 604:
Chapter 9: VPN 9.8. VPN Troubleshoo
Page 605 and 606:
Chapter 9: VPN For example, with a
Page 607 and 608:
Chapter 9: VPN Since the tunnel L2T
Page 609 and 610:
Chapter 9: VPN The reason for this
Page 611 and 612:
Chapter 10: Traffic Management This
Page 613 and 614:
Chapter 10: Traffic Management Clav
Page 615 and 616:
Chapter 10: Traffic Management Figu
Page 617 and 618:
Chapter 10: Traffic Management A si
Page 619 and 620:
Page 621 and 622:
Chapter 10: Traffic Management hand
Page 623 and 624:
Chapter 10: Traffic Management If m
Page 625 and 626:
Chapter 10: Traffic Management In a
Page 627 and 628:
Chapter 10: Traffic Management bala
Page 629 and 630:
Chapter 10: Traffic Management amou
Page 631 and 632:
Chapter 10: Traffic Management Note
Page 633 and 634:
Chapter 10: Traffic Management 10.2
Page 635 and 636:
Chapter 10: Traffic Management Unin
Page 637 and 638:
Chapter 10: Traffic Management Devi
Page 639 and 640:
Chapter 10: Traffic Management •
Page 641 and 642:
Page 643 and 644:
Page 645 and 646:
Page 647 and 648:
Chapter 10: Traffic Management •
Page 649 and 650:
Chapter 10: Traffic Management 3. A
Page 651 and 652:
651 Chapter 10: Traffic Management
Page 653 and 654:
Chapter 11: High Availability longe
Page 655 and 656:
Chapter 11: High Availability 11.2.
Page 657 and 658:
Chapter 11: High Availability 4. Th
Page 659 and 660:
Chapter 11: High Availability If an
Page 661 and 662:
Chapter 11: High Availability conne
Page 663 and 664:
Chapter 11: High Availability addre
Page 665 and 666:
Page 667 and 668:
Page 669 and 670:
Page 671 and 672:
671 Chapter 11: High Availability
Page 673 and 674:
Chapter 12: Advanced Settings attac
Page 675 and 676:
Chapter 12: Advanced Settings IP ro
Page 677 and 678:
Chapter 12: Advanced Settings Defau
Page 679 and 680:
Chapter 12: Advanced Settings TCP S
Page 681 and 682:
Chapter 12: Advanced Settings 12.3.
Page 683 and 684:
Chapter 12: Advanced Settings • L
Page 685 and 686:
Chapter 12: Advanced Settings Conne
Page 687 and 688:
Chapter 12: Advanced Settings Max A
Page 689 and 690:
Page 691 and 692:
Chapter 12: Advanced Settings of th
Page 693 and 694:
Page 695 and 696:
Chapter 12: Advanced Settings Enabl
Page 697 and 698:
Chapter 12: Advanced Settings segme
Page 699 and 700:
Appendix A: Update Subscriptions Ov
Page 701 and 702:
Appendix A: Update Subscriptions To
Page 703 and 704:
Appendix B: IDP Signature Groups Gr
Page 705 and 706:
Appendix B: IDP Signature Groups Gr
Page 707 and 708:
Appendix C: Verified MIME filetypes
Page 709 and 710:
Appendix C: Verified MIME filetypes
Page 711 and 712:
Alphabetical Index A access rules,
Page 713 and 714:
Alphabetical Index D date and time,
Page 715 and 716:
Alphabetical Index Interval between
Page 717 and 718:
Alphabetical Index Ping Idle Lifeti
Page 719 and 720:
Alphabetical Index TCP SYN/PSH sett
Page 721:
Clavister AB Sjögatan 6J SE-89160
show all

Clavister cOS Core Administration Guide

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?