Sofaware S-boxtm
Sofaware S-boxtm
Sofaware S-boxtm
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
SofaWare S-box TM<br />
Internet Security Appliance<br />
Part No.: 700615<br />
October 2002<br />
Getting Started Guide<br />
Version 3.0
COPYRIGHT & TRADEMARKS<br />
Copyright © 2001 SofaWare, All Rights<br />
Reserved. No part of this document may be<br />
reproduced in any form or by any means<br />
without written permission from SofaWare.<br />
Information in this document is subject to<br />
change without notice and does not represent a<br />
commitment on part of SofaWare<br />
Technologies Ltd.<br />
SofaWare, SofaWare S-box, Safe@Home and<br />
Safe@Office are trademarks, service marks, or<br />
registered trademarks of SofaWare<br />
Technologies Ltd.<br />
Check Point, the Check Point logo, FireWall-1,<br />
FireWall-1 SecureServer, FireWall-1<br />
SmallOffice, FloodGate-1, INSPECT, IQ<br />
Engine, Meta IP, MultiGate, Open Security<br />
Extension, OPSEC, Provider-1,<br />
SecureKnowledge, SecureUpdate,<br />
SiteManager-1, SVN, UAM, User-to-Address<br />
Mapping, UserAuthority, Visual Policy Editor,<br />
VPN-1, VPN-1 Accelerator Card, VPN-1<br />
Gateway, VPN-1 SecureClient, VPN-1<br />
SecuRemote, VPN-1 SecureServer, VPN-1<br />
SmallOffice, and ConnectControl are<br />
trademarks, service marks, or registered<br />
trademarks of Check Point Software<br />
Technologies Ltd. or its affiliates.<br />
All other product names mentioned herein are<br />
trademarks or registered trademarks of their<br />
respective owners.<br />
The products described in this document are<br />
protected by U.S. Patent No. 5,606,668 and<br />
5,835,726 and may be protected by other U.S.<br />
Patents, foreign patents, or pending<br />
applications.<br />
SAFETY PRECAUTIONS<br />
Carefully read the Safety Instructions the<br />
Installation and Operating Procedures provided<br />
in this User's Guide before attempting to install<br />
or operate the SofaWare S-box. Failure to<br />
follow these instructions may result in damage<br />
to equipment and/or personal injuries.<br />
♦ Before cleaning the S-box, unplug the<br />
power cord. Use only a soft cloth<br />
dampened with water for cleaning.<br />
2<br />
SofaWare S-box Getting Started Guide<br />
♦ Any changes or modifications to this<br />
product not explicitly approved by the<br />
manufacturer could void any assurances of<br />
Safety or Performance and could result in<br />
violation of Part 15 of the FCC Rules.<br />
♦ When installing the S-box, ensure that the<br />
vents are not blocked.<br />
♦ Do not use the S-box outdoors.<br />
♦ Do not expose the S-box to liquid or<br />
moisture.<br />
♦ Do not expose the S-box to extreme high<br />
or low temperatures.<br />
♦ Do not drop, throw, or bend the S-box<br />
since rough treatment could damage it.<br />
♦ Do not use any accessories other than<br />
those approved by SofaWare. Failure to<br />
do so may result in loss of performance,<br />
damage to the product, fire, electric shock<br />
or injury, and will void the warranty.<br />
♦ Do not disassemble or open the S-box.<br />
Failure to comply will void the warranty.<br />
♦ Do not route the cables in a walkway or in<br />
a location that will crimp the cables.<br />
POWER ADAPTER<br />
♦ The S-box should only be used with the<br />
power adapter provided. The power<br />
adapter should be plugged into a surge<br />
protected power source. In addition, be<br />
careful not to overload the wall outlets,<br />
extension cords, etc. used to power this<br />
unit.<br />
♦ Connect the power adapter only to power<br />
sources as marked on the product.<br />
♦ To reduce risk of damage to the electric<br />
cord, remove it from the outlet by holding<br />
the power adapter rather than the cord.<br />
SECURITY DISCLAIMER<br />
The S-box provides your home/office network<br />
with the highest level of security. However, no<br />
product can provide you with absolute<br />
protection against a determined effort to break<br />
into your system. We recommend using<br />
additional security measures to secure highly<br />
valuable or sensitive information.
Table of Contents<br />
Table of Contents<br />
Chapter 1<br />
Introduction ......................................................................................................7<br />
About Your SofaWare S-box..........................................................................7<br />
SofaWare S-box Software ..............................................................................7<br />
SofaWare Safe@Home...............................................................................8<br />
SofaWare Safe@Home Pro ........................................................................8<br />
SofaWare Safe@Office ..............................................................................8<br />
SofaWare Safe@Office Plus.......................................................................8<br />
About This Guide ...........................................................................................9<br />
SofaWare S-box Features and Compatibility ...............................................10<br />
Connectivity..............................................................................................10<br />
Security.....................................................................................................10<br />
Management .............................................................................................10<br />
Security Services ......................................................................................10<br />
VPN ..........................................................................................................11<br />
Package Contents......................................................................................11<br />
Network Requirements .............................................................................11<br />
Getting to Know Your SofaWare S-box.......................................................12<br />
Rear Panel.................................................................................................12<br />
Front Panel................................................................................................13<br />
Contacting Technical Support ......................................................................14<br />
Chapter 2<br />
Installing and Configuring the S-box............................................................15<br />
Before You Install the S-box ........................................................................15<br />
Windows 98/Millennium Operating Systems ...........................................15<br />
Windows 2000/XP Operating System ......................................................20<br />
Installing TCP/IP Protocol........................................................................22<br />
Mac OS.....................................................................................................24<br />
Connecting Your S-box to the Network .......................................................25<br />
Network Installation .....................................................................................26<br />
Configuring Your S-box for Internet Connection.........................................27<br />
Setting Up Your Password........................................................................27<br />
Using the Setup Wizard ............................................................................29<br />
Using Advanced Setup .............................................................................35<br />
Table of Contents 3
Table of Contents<br />
Chapter 3<br />
Getting Started ............................................................................................... 45<br />
Logging on to the SofaWare Safe@ Portal .................................................. 45<br />
Logging on with SofaWare Safe@Home or SofaWare Safe@Home Pro 45<br />
Logging on with SofaWare Safe@Office................................................. 47<br />
Accessing the SofaWare Safe@ Portal through HTTPS.............................. 48<br />
Using the SofaWare Safe@ Portal ............................................................... 49<br />
Navigation Bar ......................................................................................... 49<br />
Main Frame .............................................................................................. 50<br />
Status Bar ................................................................................................. 50<br />
Logging off................................................................................................... 51<br />
Chapter 4<br />
Managing Your Network............................................................................... 53<br />
Viewing Network Activity Information ....................................................... 53<br />
Configuring Network Settings...................................................................... 54<br />
Enabling/Disabling the DHCP Server ...................................................... 54<br />
Changing IP Addresses ............................................................................ 55<br />
Enabling/Disabling NAT.......................................................................... 57<br />
Changing the Internet Connection Configuration......................................... 57<br />
Using Quick Internet Connection/Disconnection......................................... 57<br />
Configuring HTTPS ..................................................................................... 58<br />
Static Routes................................................................................................. 59<br />
Adding a Static Route............................................................................... 59<br />
Viewing and Editing Static Routes........................................................... 61<br />
Deleting a Static Route............................................................................. 62<br />
Chapter 5<br />
Viewing Reports ............................................................................................. 65<br />
Viewing the Event Log................................................................................. 65<br />
Viewing Connections ................................................................................... 67<br />
Viewing Computers...................................................................................... 68<br />
Chapter 6<br />
Setting Your S-box Security Policy............................................................... 71<br />
Setting the Firewall Security Level .............................................................. 71<br />
Configuring Virtual Servers ......................................................................... 72<br />
Creating Rules.............................................................................................. 74<br />
Allow and Block Rules............................................................................. 74<br />
Demilitarized Zone (DMZ) ...................................................................... 77<br />
4<br />
SofaWare S-box Getting Started Guide
Table of Contents<br />
Chapter 7<br />
Using Subscription Services...........................................................................79<br />
Starting Your Subscription Services.............................................................79<br />
Viewing Services Information......................................................................83<br />
Canceling Subscription Services ..................................................................83<br />
Web Filtering................................................................................................84<br />
Enabling/Disabling Web Filtering When Locally Managed.....................84<br />
Selecting Categories for Blocking ............................................................85<br />
Temporary Disable for Web Filtering When Remotely Managed............85<br />
Virus Scanning .............................................................................................87<br />
Enabling/Disabling E-mail Anti Virus When Locally Managed ..............87<br />
Selecting Protocols for Scanning..............................................................88<br />
Temporary Disable for E-mail Anti Virus When Remotely Managed .....89<br />
Automatic and Manual Updates ...................................................................91<br />
Checking for Software Updates When Locally Managed.........................91<br />
Checking for Software Updates When Remotely Managed .....................92<br />
Refreshing Your Service Center Connection................................................93<br />
Configuring Your Account ...........................................................................93<br />
Chapter 8<br />
Working With VPNs.......................................................................................95<br />
Adding and Editing VPN Sites using SofaWare Safe@Home Pro...............96<br />
Adding and Editing VPN Sites using SofaWare Safe@Office...................102<br />
Configuring a Remote Access VPN Site ................................................104<br />
Configuring a Site to Site VPN Gateway................................................106<br />
Completing Site Creation........................................................................108<br />
Setting Up Your S-box as a VPN Server....................................................109<br />
Deleting a VPN Site....................................................................................110<br />
Enabling/Disabling a VPN Site ..................................................................110<br />
Installing a Certificate.................................................................................111<br />
Uninstalling a certificate.........................................................................113<br />
Logging on to a VPN Site...........................................................................114<br />
Logging on through the SofaWare Safe@ Portal ...................................115<br />
Logging on through the my.vpn page.....................................................117<br />
Logging off a VPN Site ..............................................................................118<br />
Viewing VPN Tunnels................................................................................118<br />
Table of Contents 5
Table of Contents<br />
Chapter 9<br />
Managing Users............................................................................................ 121<br />
Changing Your Password........................................................................... 121<br />
Using SofaWare Safe@Home and SofaWare Safe@Home Pro ............ 121<br />
Using SofaWare Safe@Office................................................................ 122<br />
Adding Users.............................................................................................. 124<br />
Viewing and Editing Users......................................................................... 124<br />
Deleting Users............................................................................................ 126<br />
Setting Up Remote VPN Access for Users ................................................ 126<br />
Chapter 10<br />
Upgrading and Updating ............................................................................. 127<br />
Upgrading Your Software Product............................................................. 127<br />
Registering Your S-box.............................................................................. 131<br />
Updating the Firmware Manually .............................................................. 132<br />
Chapter 11<br />
Troubleshooting............................................................................................ 135<br />
Frequently Asked Questions ...................................................................... 135<br />
Viewing Firmware Status........................................................................... 140<br />
Resetting the S-box to factory defaults....................................................... 141<br />
Rebooting the SofaWare S-box.................................................................. 142<br />
Running Diagnostics .................................................................................. 143<br />
Appendix<br />
Specifications ................................................................................................ 145<br />
Technical Specifications............................................................................. 145<br />
FCC ........................................................................................................ 145<br />
CE Declaration of Conformity ............................................................... 145<br />
Glossary .................................................................................................... 147<br />
Index .................................................................................................... 155<br />
6<br />
SofaWare S-box Getting Started Guide
Chapter 1<br />
About Your SofaWare S-box<br />
About Your SofaWare S-box<br />
Introduction<br />
The SofaWare S-box is an advanced Internet security appliance, enabling<br />
secure high-speed Internet access from the home or office. The S-box<br />
incorporates the Safe@ product family from SofaWare Technologies, an<br />
affiliate of Check Point Software Technologies, the worldwide leader in<br />
securing the Internet. The Safe@ firewall, based on Check Point’s<br />
market-leading FireWall-1 Stateful Inspection technology, inspects and filters<br />
all incoming and outgoing traffic, blocking all unauthorized traffic.<br />
Unlike PC-based firewalls, the S-box is a hardware appliance, hence making<br />
installation easier, and providing protection for your entire network - not just a<br />
single computer.<br />
The S-box also allows sharing your Internet connection among several PCs or<br />
other network devices, enabling advanced home/office networking.<br />
With the SofaWare S-box, home users can subscribe to valuable subscription<br />
security services, such as firewall security updates, parental control and others.<br />
Business users can use the S-box to securely connect to the corporate network.<br />
SofaWare S-box Software<br />
The SofaWare S-box is available with the following software configurations:<br />
SofaWare Safe@Home, SofaWare Safe@Home Pro, SofaWare Safe@Office<br />
and SofaWare Safe@Office Plus. All four provide a web-based management<br />
interface, which enables you to manage and configure the S-box operation and<br />
options.<br />
Your S-box can be upgraded to a more advanced product level, without<br />
replacing the hardware. Just contact your software provider.<br />
Chapter 1: Introduction 7
SofaWare S-box Software<br />
SofaWare Safe@Home<br />
Safe@Home protects your home network from hostile Internet activity. It is<br />
intended for home users and can be used by up to five computers.<br />
SofaWare Safe@Home Pro<br />
In addition to all the benefits of SofaWare Safe@Home, SofaWare<br />
Safe@Home Pro provides Virtual Private Networking (VPN) functionality.<br />
SofaWare Safe@Home Pro contains a VPN client, which enables employees<br />
working from home to securely connect to the corporate network.<br />
SofaWare Safe@Home Pro is intended for home users who are part of an<br />
extended enterprise network. It can be used by up to five computers.<br />
SofaWare Safe@Office<br />
SofaWare Safe@Office provides all the benefits of SofaWare Safe@Home<br />
Pro, along with expanded VPN functionality: it acts not only as a VPN client,<br />
but as a VPN server which is installed office-side to protect the company’s<br />
VPN and make it available to telecommuting employees. SofaWare<br />
Safe@Office can also be configured as a VPN gateway, which allows<br />
permanent bi-directional connections between two gateways, such as two<br />
company offices.<br />
SofaWare Safe@Office is intended both for companies with extended<br />
enterprise networks and for their employees working from home. It can be<br />
used by up to ten computers.<br />
SofaWare Safe@Office Plus<br />
SofaWare Safe@Office Plus extends SofaWare Safe@Office to support up to<br />
25 computers.<br />
8<br />
SofaWare S-box Getting Started Guide
About This Guide<br />
About This Guide<br />
To make finding information in this manual easier, some types of information<br />
are marked with special symbols or formatting.<br />
Boldface type is used for command and button names.<br />
Note – Notes are denoted by indented text and preceded by the Note<br />
icon.<br />
Warning – Warnings are denoted by indented text and preceded by the<br />
Warning icon.<br />
Tasks that require SofaWare Safe@Home are marked with the<br />
Safe@Home icon.<br />
Tasks that require SofaWare Safe@Home Pro are marked with the<br />
Safe@Home Pro icon.<br />
Tasks that require SofaWare Safe@Office or SofaWare Safe@Office<br />
Plus are marked with the Safe@Office icon.<br />
Chapter 1: Introduction 9
SofaWare S-box Features and Compatibility<br />
SofaWare S-box Features and Compatibility<br />
The S-box provides the following features:<br />
Connectivity<br />
• 4-port 10/100 Mbit/s Ethernet switch<br />
• Internet connection sharing (NAT - “Network Address Translation”)<br />
• PPPoE/PPTP support<br />
• DHCP server and client<br />
Security<br />
• Advanced Stateful Inspection Firewall security.<br />
• Protection from Denial of Service (DoS) attacks<br />
• Anti-spoofing protection<br />
• Intrusion logging<br />
• Updateable and customizable security policy<br />
Management<br />
• Local Web-based interface<br />
• Remote management by Service Center or corporate<br />
• Remote firmware updates<br />
• Remote management via HTTPS<br />
• Remote management by Service Center or corporate, using the SofaWare<br />
Security Management Platform (SMP)<br />
Security Services 1<br />
• Automatic Firewall security updates<br />
• Content filtering<br />
• E-mail anti-virus protection<br />
• Centralized logging and intrusion detection<br />
• VPN management<br />
1 Depends on availability of service in your area<br />
10<br />
SofaWare S-box Getting Started Guide
VPN<br />
SofaWare S-box Features and Compatibility<br />
• IPSEC VPN Remote Access Server<br />
(SofaWare Safe@Office only)<br />
• IPSEC VPN Site-To-Site Gateway<br />
(SofaWare Safe@Office only)<br />
• IPSEC VPN Remote Access Client<br />
(SofaWare Safe@Home Pro and SofaWare Safe@Office only)<br />
• Certificates authentication support<br />
(SofaWare Safe@Office only)<br />
Package Contents<br />
• SofaWare S-box Internet Security Appliance<br />
• CAT5 Straight-through Ethernet Cable<br />
• Power Adapter<br />
• Quick Start Guide<br />
• This Getting Started Guide<br />
Network Requirements<br />
• A broadband Internet connection via cable or DSL modem with Ethernet<br />
interface (RJ-45)<br />
• 10BaseT or 100BaseT Network Interface Card installed on each computer<br />
• TCP/IP network protocol installed on each computer<br />
• CAT5 STP (Category 5 Shielded Twisted Pair) Ethernet cable for each<br />
computer<br />
• Internet Explorer 5.0 or higher, or Netscape Navigator 4.7 and higher<br />
Note - For optimal results, it is highly recommended to use either<br />
Microsoft Internet Explorer 5.5 or higher, or Netscape Navigator 6.2 or<br />
higher.<br />
Chapter 1: Introduction 11
Getting to Know Your SofaWare S-box<br />
Getting to Know Your SofaWare S-box<br />
Rear Panel<br />
Figure 1 shows the S-box’s rear panel. All physical connections (network and<br />
power) to the S-box are made via the rear panel of your S-box.<br />
Figure 1 S-box Rear Panel Items<br />
The following lists the SofaWare S-box’s rear panel items.<br />
Label Description<br />
PWR A power jack used for supplying power to the unit.<br />
Connect the power adapter to this jack.<br />
RESET A button used for rebooting the S-box or resetting the S-box to<br />
its factory defaults. A sharp object is needed for pressing this<br />
button.<br />
Short press – reboots the S-box<br />
Long press (7 seconds) – resets the S-box to its factory<br />
defaults. This will result in loss of all security services and<br />
passwords and you will have to re-configure your S-box.<br />
DO NOT RESET THE UNIT WITHOUT CONSULTING<br />
YOUR S-BOX PROVIDER.<br />
WAN Wide Area Network: An Ethernet port (RJ-45) used for<br />
connecting your cable or xDSL modem.<br />
LAN 1-4 Local Area Network: Four Ethernet ports (RJ-45) used for<br />
connecting computers or other network devices.<br />
12<br />
SofaWare S-box Getting Started Guide
Front Panel<br />
Getting to Know Your SofaWare S-box<br />
The SofaWare S-box includes 11 status LEDs. You can monitor the S-box’s<br />
operation by viewing these LEDs during operation. Figure 2 shows the S-box<br />
status LEDs.<br />
Figure 2 S-box Front Panel<br />
LED Description<br />
PWR/SEC Off Power off<br />
LAN 1-4/<br />
WAN<br />
Flashing quickly (Green) System boot-up<br />
Flashing slowly (Green) Establishing Internet<br />
connection<br />
On (Green) Normal Operation<br />
Flashing (Red) Hacker attack blocked<br />
On (Red) Error<br />
LINK/ACT Off, 100 Off Link is down.<br />
LINK/ACT On, 100 Off 10Mbps link established<br />
for the corresponding<br />
port.<br />
LINK/ACT On, 100 On<br />
100Mbps link<br />
established for the<br />
corresponding port.<br />
LINK/ACT Flashing Data is being<br />
transmitted/received<br />
Chapter 1: Introduction 13
Contacting Technical Support<br />
Contacting Technical Support<br />
If there is a problem with your S-box, surf to<br />
http://www.sofaware.com/support and fill out a technical support request<br />
form.<br />
You can also download the latest version of this guide from the site.<br />
14<br />
SofaWare S-box Getting Started Guide
Chapter 2<br />
Before You Install the S-box<br />
Installing and Configuring the S-box<br />
This chapter describes how to properly set up, install, and configure your<br />
S-box in your networking environment. The following topics are covered:<br />
• Checking the computer’s TCP/IP Installation and Configuration<br />
• Installing the TCP/IP protocol on your computer (if not installed)<br />
• Configuring the TCP/IP settings for different platforms<br />
• Network Installation<br />
• Configuring your S-box for Internet connection<br />
Before You Install the S-box<br />
Prior to connecting and setting up your S-box for operation, you must do the<br />
following:<br />
• Check if TCP/IP Protocol is installed on your computer.<br />
• Check your computer’s TCP/IP settings to make sure it obtains its IP<br />
address automatically.<br />
Refer to the relevant section in this guide in accordance with the operating<br />
system that runs on your computer. The following sections will guide you<br />
through the TCP/IP setup and installation process.<br />
Windows 98/Millennium Operating Systems<br />
Checking the TCP/IP Installation<br />
1. Click Start > Settings > Control Panel.<br />
The Control Panel window appears.<br />
Chapter 2: Installing and Configuring the S-box 15
Before You Install the S-box<br />
2. Double-click on icon.<br />
The Network window appears.<br />
3. In the Network window, check if TCP/IP appears in the network<br />
components list and if it is already configured with the Ethernet card,<br />
installed on your computer.<br />
16<br />
SofaWare S-box Getting Started Guide
Installing TCP/IP Protocol<br />
Before You Install the S-box<br />
Note - If TCP/IP is already installed and configured on your computer<br />
skip this section and move directly to TCP/IP Settings.<br />
1. In the Network window, click Add.<br />
The Select Network Component Type window appears.<br />
2. Choose Protocol and click Add.<br />
The Select Network Protocol window appears.<br />
3. In the Manufacturers list choose Microsoft, and in the Network<br />
Protocols list choose TCP/IP.<br />
4. Click OK.<br />
If Windows asks for original Windows installation files, provide the<br />
installation CD and relevant path when required (e.g. D:\win98)<br />
5. Restart your computer if prompted.<br />
Chapter 2: Installing and Configuring the S-box 17
Before You Install the S-box<br />
TCP/IP Settings<br />
18<br />
Note - If you are connecting your S-box to an existing LAN, consult your<br />
network manager for the correct configurations.<br />
1. In the Network window, double-click the TCP/IP service for the Ethernet<br />
card, which has been installed on your computer<br />
(e.g. ).<br />
The TCP/IP Properties window opens.<br />
2. Click the Gateway tab, and remove any installed gateways.<br />
3. Click the DNS Configuration tab, and click the Disable DNS radio<br />
button.<br />
SofaWare S-box Getting Started Guide
Before You Install the S-box<br />
4. Click the IP Address tab, and click the Obtain an IP address<br />
automatically radio button.<br />
Note - Normally, it is not recommended to assign a static IP address to<br />
your PC but rather to obtain an IP address automatically. If for some<br />
reason you need to assign a static IP address, select Specify an IP<br />
address, type in an IP address in the range of 192.168.10.129-254, enter<br />
255.255.255.0 in the Subnet Mask field, and click OK to save the new<br />
settings.<br />
(Note that 192.168.10 is the default value, and it may vary if you changed<br />
it in the My Network page.)<br />
Chapter 2: Installing and Configuring the S-box 19
Before You Install the S-box<br />
5. Click Yes when prompted for “Do you want to restart your computer?”.<br />
Your computer restarts, and the new settings to take effect.<br />
Your computer is now ready to access your S-box.<br />
Windows 2000/XP Operating System<br />
20<br />
Note – While Windows XP has an "Internet Connection Firewall" option,<br />
it is recommended not to enable it if you are using an S-box, since the<br />
S-box offers better protection.<br />
Checking the TCP/IP Installation<br />
1. Click Start > Settings > Control Panel.<br />
The Control Panel window appears.<br />
2. Double-click on Network and Dial-up Connections icon.<br />
The Network and Dial-up Connections window appears.<br />
SofaWare S-box Getting Started Guide
Before You Install the S-box<br />
3. Right-click the icon and select Properties from the pop-up<br />
menu that opens.<br />
The Local Area Connection Properties window appears.<br />
4. In the above window, check if TCP/IP appears in the components list and<br />
if it is properly configured with the Ethernet card, installed on your<br />
computer. If TCP/IP does not appear in the Components list, you must<br />
install it as described in the next section.<br />
Chapter 2: Installing and Configuring the S-box 21
Before You Install the S-box<br />
Installing TCP/IP Protocol<br />
1. In the Local Area Connection Properties window click on the Install…<br />
button.<br />
The Select Network Component Type window appears.<br />
2. Choose Protocol and click Add.<br />
The Select Network Protocol window appears.<br />
3. Choose Internet Protocol (TCP/IP) and click OK.<br />
TCP/IP protocol is installed on your computer.<br />
22<br />
SofaWare S-box Getting Started Guide
TCP/IP Settings<br />
Before You Install the S-box<br />
1. In the Local Area Connection Properties window double-click the<br />
Internet Protocol (TCP/IP) component, or select it and click Properties.<br />
The Internet Protocol (TCP/IP) Properties window opens.<br />
2. Click the Obtain an IP address automatically radio button.<br />
Note - Normally, it is not recommended to assign a static IP address to<br />
your PC but rather to obtain an IP address automatically. If for some<br />
reason you need to assign a static IP address, select Specify an IP<br />
address, type in an IP address in the range of 192.168.10.129-254, enter<br />
255.255.255.0 in the Subnet Mask field, and click OK to save the new<br />
settings.<br />
(Note that 192.168.10 is the default value, and it may vary if you changed<br />
it in the My Network page.)<br />
3. Click the Obtain DNS server address automatically radio button.<br />
4. Click OK to save the new settings.<br />
Your computer is now ready to access your S-box.<br />
Chapter 2: Installing and Configuring the S-box 23
Before You Install the S-box<br />
Mac OS<br />
Use the following procedure for setting up the TCP/IP Protocol.<br />
1. Choose Apple Menus -> Control Panels -> TCP/IP.<br />
The TCP/IP window appears.<br />
2. Click the Connect via drop-down list and select Ethernet.<br />
3. Click the Configure drop-down list and select Using DHCP Server.<br />
4. Close the window and save the setup.<br />
24<br />
SofaWare S-box Getting Started Guide
Connecting Your S-box to the Network<br />
Connecting Your S-box to the Network<br />
Internet<br />
PC<br />
xDSL or Cable Modem<br />
Hub<br />
Wireless Bridge<br />
Figure 1 SofaWare S-box Typical Topologies<br />
Laptop<br />
Computer<br />
SofaWare S-box<br />
Chapter 2: Installing and Configuring the S-box 25<br />
PC<br />
Macintosh
Network Installation<br />
Network Installation<br />
1. Verify that you have the correct cable type:<br />
� For proper operation, the S-box requires STP CAT5 (Shielded Twisted<br />
Pair Category 5) Ethernet cables. Make sure that this specification is<br />
printed on your cables.<br />
1. Connect the LAN cable:<br />
� Connect one end of the Ethernet cable to one of the LAN ports at the<br />
back of the unit.<br />
� Connect the other end to PCs, hubs or other network devices.<br />
2. Connect the WAN cable:<br />
� Connect one end of the Ethernet cable to the WAN port at the back of<br />
the unit.<br />
� Connect the other end of the cable to a Cable Modem, xDSL modem or<br />
corporate network.<br />
3. Connect the power adapter to the power socket, labeled PWR, at the back<br />
of the S-box. Plug in the AC power adapter to the wall electrical outlet.<br />
26<br />
Warning - The S-box AC adapter is compatible with either 100, 120 or 230<br />
VAC input power. Please verify that the wall outlet voltage is compatible with<br />
the voltage specified on your power supply. Failure to observe this warning<br />
may result in injuries or damage to equipment.<br />
Figure 2 Typical Connection Diagram<br />
SofaWare S-box Getting Started Guide
Configuring Your S-box for Internet Connection<br />
Configuring Your S-box for Internet Connection<br />
You must configure your S-box’s Internet connection before you can access<br />
the Internet through the S-box. This is a two-step process:<br />
1. Setting up your password<br />
2. Configuring your Internet connection using either of the following setup<br />
tools:<br />
� The Setup Wizard – guides you through the configuration process step<br />
by step<br />
� Advanced Setup – offers advanced setup options<br />
Note - You have to configure your S-box’s Internet connection upon<br />
initial operation and after all ‘reset to defaults’ operations.<br />
Setting Up Your Password<br />
To set up your password<br />
1. Browse to http://my.firewall.<br />
The S-box initial login page appears.<br />
2. Type a password both in the Password and the Confirm Password text<br />
boxes.<br />
Chapter 2: Installing and Configuring the S-box 27
Configuring Your S-box for Internet Connection<br />
28<br />
Note –The password must be five to eleven characters (letters or<br />
numbers).<br />
Note – You can change your password at any time. For further<br />
information, see “Changing Your Password ,” page 123.<br />
3. Click OK.<br />
The SofaWare Setup Wizard opens, with the Welcome screen displayed.<br />
4. Configure your S-box’s Internet connection by doing one of the following:<br />
� To manually configure the connection settings, click Cancel to<br />
abort the Setup Wizard, and use Advanced Setup. For further<br />
information, see “Using Advanced Setup,” page 35.<br />
� To have the Setup Wizard take you through the configuration process<br />
step by step, see “Using the Setup Wizard”, below.<br />
SofaWare S-box Getting Started Guide
Using the Setup Wizard<br />
Configuring Your S-box for Internet Connection<br />
The Setup Wizard allows you to configure your S-box for Internet connection<br />
quickly and easily through its user-friendly interface. It lets you to choose<br />
between the following three types of broadband connection methods: Local<br />
Area Network (LAN), Cable Modem, or xDSL Modem.<br />
If you prefer to use Advanced Setup, skip to “Using Advanced Setup,” page<br />
35.<br />
To set up the Internet connection using the Setup Wizard<br />
1. Click Next.<br />
The Internet Connection Method screen appears.<br />
2. Select the Internet Connection method you wish to use for connecting to<br />
the Internet.<br />
3. Click Next.<br />
Note – If you selected DSL Modem, do not use your dial-up software to<br />
connect to the Internet.<br />
Chapter 2: Installing and Configuring the S-box 29
Configuring Your S-box for Internet Connection<br />
Local Area Network (LAN) Settings<br />
No further settings are required for LAN connection. The Confirmation<br />
screen appears.<br />
4. Click Next.<br />
The system attempts to connect to the Internet via the selected connection.<br />
The Connecting… screen appears.<br />
At the end of the connection process the Connected screen appears.<br />
Once connected, the wizard will prompt you to register your details (see<br />
“To register your S-box now,” page 132), install the product key (see “To<br />
install a Product Key,” page 129) and set up your subscription options (see<br />
“Starting Your Subscription Services,” page 79), which may vary from<br />
product to product.<br />
5. Follow the instructions until the wizard is done, and then click Finish.<br />
30<br />
SofaWare S-box Getting Started Guide
Configuring Your S-box for Internet Connection<br />
Cable Connection Settings<br />
If the Cable connection method is selected, the Host Name screen appears.<br />
4. If your ISP requires a specific hostname for authentication, enter it in the<br />
Host Name text box. The ISP will supply you with the proper hostname, if<br />
required.<br />
Most ISPs do not require a specific hostname.<br />
5. If your ISP requires the MAC address, do either of the following:<br />
� If you know the MAC address of your computer, enter it in the MAC<br />
cloning text box<br />
OR<br />
� Click This Computer to automatically "clone" the MAC of your<br />
computer to the S-box.<br />
A MAC address is a 12-digit identifier assigned to every network device. If<br />
your ISP restricts connections to specific, recognized MAC addresses,<br />
they will instruct you to enter the MAC address. Otherwise, you may leave<br />
this field blank.<br />
6. Click Next.<br />
The Confirmation screen appears.<br />
7. Click Next.<br />
The system attempts to connect to the Internet.<br />
At the end of the connection process the Connected screen appears.<br />
Chapter 2: Installing and Configuring the S-box 31
Configuring Your S-box for Internet Connection<br />
Once connected, the wizard will prompt you to register your details (see<br />
“To register your S-box now,” page 132), install the product key (see “To<br />
install a Product Key,” page 129), and set up your subscription options (see<br />
“Starting Your Subscription Services,” page 79), which may vary from<br />
product to product.<br />
8. Follow the instructions until the wizard is done, and then click Finish.<br />
DSL Connection Settings<br />
If DSL connection method is selected the following screen appears.<br />
4. Select the connection method used by your DSL provider.<br />
5. Click Next.<br />
32<br />
Note - Most xDSL providers use PPPoE. If you are uncertain regarding<br />
which connection method to use contact your xDSL provider.<br />
SofaWare S-box Getting Started Guide
Configuring Your S-box for Internet Connection<br />
Using PPPoE<br />
If PPPoE connection method is selected the following screen appears.<br />
6. In the User text box, type the user name you use to access the Internet.<br />
7. In the Password and Confirm Password text boxes, type the password<br />
you use to access the Internet.<br />
8. In the Service text box, type your service name if required by your ISP,<br />
otherwise leave this text box empty.<br />
9. Click Next.<br />
The system attempts to connect to the Internet via the DSL connection.<br />
At the end of the connection process the Connected screen appears.<br />
Once connected, the wizard will prompt you to register your details (see<br />
“To register your S-box now,” page 132), install the product key (see “To<br />
install a Product Key,” page 129) and set up your subscription options (see<br />
“Starting Your Subscription Services,” page 79), which may vary from<br />
product to product.<br />
10. Follow the instructions until the wizard is done, and then click Finish.<br />
Chapter 2: Installing and Configuring the S-box 33
Configuring Your S-box for Internet Connection<br />
Using PPTP<br />
If PPTP connection method is selected the following screen appears.<br />
6. In the User text box, type your user name.<br />
7. In the Password and Confirm Password text boxes, type your password.<br />
8. In the Service text box, type your service name.<br />
9. In the Server IP text box, type the IP address of the DSL modem.<br />
10. In the Client IP text box, type the IP address required for accessing the<br />
DSL modem.<br />
11. In the Subnet Mask text box, type the Subnet Mask of the DSL modem.<br />
12. Click Next.<br />
The system attempts to connect to the Internet via the DSL connection.<br />
At the end of the connection process the Connected screen appears.<br />
Once connected, the wizard will prompt you to register your details (see<br />
“To register your S-box now,” page 132), install the product key (see “To<br />
install a Product Key,” page 129) and set up your subscription options (see<br />
“Starting Your Subscription Services,” page 79), which may vary from<br />
product to product.<br />
13. Follow the instructions until the wizard is done, and then click Finish.<br />
34<br />
SofaWare S-box Getting Started Guide
Configuring Your S-box for Internet Connection<br />
Using Automatic DHCP<br />
If Automatic DHCP connection method is selected, no further settings are<br />
required. The Confirmation screen appears.<br />
6. Click Next.<br />
The system attempts to connect to the Internet via the selected connection.<br />
The Connecting… screen appears.<br />
At the end of the connection process the Connected screen appears.<br />
Once connected, the wizard will prompt you to register your details (see<br />
“To register your S-box now,” page 132), install the product key (see “To<br />
install a Product Key,” page 129) and set up your subscription options (see<br />
“Starting Your Subscription Services,” page 79), which may vary from<br />
product to product.<br />
7. Follow the instructions until the wizard is done, and then click Finish.<br />
Using Advanced Setup<br />
To configure the Internet connection using Advanced Setup<br />
1. Click Cancel.<br />
The Welcome page appears.<br />
2. In the Navigation Bar, click on Setup.<br />
The Internet page appears.<br />
Chapter 2: Installing and Configuring the S-box 35
Configuring Your S-box for Internet Connection<br />
3. Click on Advanced Setup.<br />
The Advanced Setup page appears.<br />
4. From the Connection Type drop-down list, select the Internet connection<br />
you are using/intend to use.<br />
The display changes according to the connection type you selected.<br />
The following steps should be performed in accordance with the connection<br />
type you have chosen.<br />
36<br />
SofaWare S-box Getting Started Guide
Configuring Your S-box for Internet Connection<br />
LAN Connection<br />
5. If your ISP requires a specific hostname for authentication, enter it in the<br />
Host Name text box. The ISP will supply you with the proper hostname, if<br />
required.<br />
Most ISPs do not require a specific hostname.<br />
6. If your ISP requires the MAC address, do either of the following:<br />
� If you know the MAC address of your computer, enter it in the MAC<br />
cloning text box<br />
OR<br />
� Click This Computer to automatically "clone" the MAC of your<br />
computer to the S-box.<br />
A MAC address is a 12-digit identifier assigned to every network device. If<br />
your ISP restricts connections to specific, recognized MAC addresses,<br />
they will instruct you to enter the MAC address. Otherwise, you may leave<br />
this field blank.<br />
7. If you do not want the S-box to obtain an IP address automatically using<br />
DHCP, do the following:<br />
a. Clear the Obtain IP address automatically (using DHCP) check box.<br />
b. In the IP Address text box, type the static IP address of your S-box.<br />
c. From the Subnet Mask drop-down list, select the Subnet mask that<br />
applies to the IP address you have entered in the previous step.<br />
d. In the Default Gateway text box, type your the IP address of the<br />
default gateway of your ISP.<br />
Chapter 2: Installing and Configuring the S-box 37
Configuring Your S-box for Internet Connection<br />
e. In the Preferred DNS Server text box, type the Primary DNS server IP<br />
address.<br />
f. In the Alternate DNS Server text box, type the Secondary DNS server<br />
IP address.<br />
8. If you want the S-box to obtain an IP address automatically using DHCP,<br />
but not to automatically configure DNS servers, do the following:<br />
a. Clear the Obtain DNS Servers automatically check box.<br />
b. In the Preferred DNS Server text box, type the Primary DNS server IP<br />
address.<br />
c. In the Alternate DNS Server text box, type the Secondary DNS server<br />
IP address.<br />
9. Click Apply.<br />
38<br />
SofaWare S-box Getting Started Guide
Cable Connection<br />
Configuring Your S-box for Internet Connection<br />
10. If your ISP requires a specific hostname for authentication, enter it in the<br />
Host Name text box. The ISP will supply you with the proper hostname, if<br />
required.<br />
Most ISPs do not require a specific hostname.<br />
11. If your ISP requires the MAC address, do either of the following:<br />
� If you know the MAC address of your computer, enter it in the MAC<br />
cloning text box<br />
OR<br />
� Click This Computer to automatically "clone" the MAC of your<br />
computer to the S-box.<br />
A MAC address is a 12-digit identifier assigned to every network device. If<br />
your ISP restricts connections to specific, recognized MAC addresses,<br />
they will instruct you to enter the MAC address. Otherwise, you may leave<br />
this field blank.<br />
12. If you are not using automatic configuration of DNS servers, do the<br />
following:<br />
a. Clear the Obtain DNS servers automatically check box.<br />
Chapter 2: Installing and Configuring the S-box 39
Configuring Your S-box for Internet Connection<br />
b. In the Preferred DNS Server text box, type the Primary DNS server IP<br />
address.<br />
c. In the Alternate DNS Server text box, type the Secondary DNS server<br />
IP address.<br />
13. Click Apply.<br />
xDSL PPPoE Connection<br />
5. In the Username text box, type your user name.<br />
6. Type your password both in the Password and in the Confirm Password<br />
text boxes.<br />
7. In the Service text box, type the service name as given by your ISP.<br />
40<br />
SofaWare S-box Getting Started Guide
Configuring Your S-box for Internet Connection<br />
Note - If your ISP has not provided you with a service name, leave this<br />
text box empty.<br />
8. The MTU text box allows you to control the maximum transmission unit<br />
size. As a general recommendation you should leave this field empty. If<br />
however you wish to modify the default MTU, it is recommended that you<br />
consult with your ISP first and use MTU values between 1300 and 1500.<br />
9. If your ISP requires the MAC address, do either of the following:<br />
� If you know the MAC address of your computer, enter it in the MAC<br />
cloning text box<br />
OR<br />
� Click This Computer to automatically "clone" the MAC of your<br />
computer to the S-box.<br />
A MAC address is a 12-digit identifier assigned to every network device. If<br />
your ISP restricts connections to specific, recognized MAC addresses,<br />
they will instruct you to enter the MAC address. Otherwise, you may leave<br />
this field blank.<br />
10. If you are not using automatic configuration of DNS servers, do the<br />
following:<br />
a. Clear the Obtain DNS servers automatically check box.<br />
b. In the Preferred DNS Server text box, type the Primary DNS server IP<br />
address.<br />
Chapter 2: Installing and Configuring the S-box 41
Configuring Your S-box for Internet Connection<br />
c. In the Alternate DNS Server text box, type the Secondary DNS server<br />
IP address.<br />
11. Click Apply.<br />
xDSL PPTP Connection<br />
5. In the Username text box, type your user name.<br />
6. Type your password both in the Password and in the Confirm Password<br />
text boxes.<br />
7. In the Service text box, type the service name as given by your ISP.<br />
8. In the Server IP text box, type the IP address of the PPTP server as given<br />
by your ISP.<br />
9. In the Client IP text box, type the IP address of the PPTP client as given by<br />
your ISP.<br />
10. From the Subnet Mask drop-down list, select the PPTP client subnet as<br />
given by your ISP.<br />
11. The MTU text box allows you to control the maximum transmission unit<br />
size. As a general recommendation you should leave this field empty. If<br />
however you wish to modify the default MTU, it is recommended that you<br />
consult with your ISP first and use MTU values between 1300 and 1500.<br />
12. If your ISP requires the MAC address, do either of the following:<br />
� If you know the MAC address of your computer, enter it in the MAC<br />
cloning text box<br />
OR<br />
42<br />
SofaWare S-box Getting Started Guide
Configuring Your S-box for Internet Connection<br />
� Click This Computer to automatically "clone" the MAC of your<br />
computer to the S-box.<br />
A MAC address is a 12-digit identifier assigned to every network device. If<br />
your ISP restricts connections to specific, recognized MAC addresses,<br />
they will instruct you to enter the MAC address. Otherwise, you may leave<br />
this field blank.<br />
13. If you are not using automatic configuration of DNS servers, do the<br />
following:<br />
a. Clear the Obtain DNS servers automatically check box.<br />
b. In the Preferred DNS Server text box, type the Primary DNS server IP<br />
address.<br />
c. In the Alternate DNS Server text box, type the Secondary DNS server<br />
IP address.<br />
14. Click Apply.<br />
Chapter 2: Installing and Configuring the S-box 43
Configuring Your S-box for Internet Connection<br />
44<br />
SofaWare S-box Getting Started Guide
Chapter 3<br />
Logging on to the SofaWare Safe@ Portal<br />
Getting Started<br />
This chapter contains all the information you need in order to get started using<br />
your S-box.<br />
Logging on to the SofaWare Safe@ Portal<br />
Login is performed differently depending on the S-box software configuration<br />
you are using.<br />
Note – In order to log on through HTTPS, you must first access the S-box<br />
through HTTPS. For further information see “Accessing the SofaWare<br />
Safe@ Portal through HTTPS,” page 48.<br />
Logging on with SofaWare Safe@Home or<br />
SofaWare Safe@Home Pro<br />
This task can only be performed using SofaWare Safe@Home or<br />
SofaWare Safe@Home Pro.<br />
To log on to the SofaWare S-box Portal<br />
1. Do one of the following:<br />
� Browse to http://my.firewall.<br />
Or<br />
� To log on through HTTPS, follow the procedure “Accessing the<br />
SofaWare Safe@ Portal through HTTPS,” page 48.<br />
The S-box login page appears.<br />
Chapter 3: Getting Started 45
Logging on to the SofaWare Safe@ Portal<br />
2. Type in your password.<br />
3. Click OK.<br />
The Welcome page appears.<br />
46<br />
SofaWare S-box Getting Started Guide
Logging on to the SofaWare Safe@ Portal<br />
Logging on with SofaWare Safe@Office<br />
This task can only be performed using SofaWare Safe@Office.<br />
To log on to the SofaWare S-box Portal<br />
1. Do one of the following:<br />
� Browse to http://my.firewall.<br />
Or<br />
� To log on through HTTPS, follow the procedure “Accessing the<br />
SofaWare Safe@ Portal through HTTPS,” page 48.<br />
The S-box login page appears.<br />
2. Type in your username and password.<br />
3. Click OK.<br />
The Welcome page appears.<br />
Chapter 3: Getting Started 47
Accessing the SofaWare Safe@ Portal through HTTPS<br />
Accessing the SofaWare Safe@ Portal through<br />
HTTPS<br />
You can access the SofaWare Safe@ Portal through HTTPS either remotely<br />
(through the Internet) or from your internal network.<br />
HTTPS is a protocol for accessing a secure Web server. It is used to transfer<br />
confidential user information, since it encrypts data and utilizes a secure port.<br />
48<br />
Note – In order to access the SofaWare Safe@ Portal through the<br />
Internet, you must first configure HTTPS using the procedure<br />
“Configuring HTTPS,” page 58.<br />
To access the SofaWare Safe@ Portal from your internal network<br />
• Browse to https://my.firewall. (Note that the URL starts with “https”, not<br />
“http”.)<br />
The SofaWare Safe@ Portal appears.<br />
To access the SofaWare Safe@ Portal through the Internet<br />
• Browse to https://:981. (Note that the URL starts<br />
with “https”, not “http”.)<br />
The following things happen in the order below:<br />
� If this is your first attempt to access the SofaWare Safe@ Portal through<br />
HTTPS, the certificate in the S-box is not yet known to the browser, so<br />
the Security Alert dialog box appears.<br />
To avoid seeing this dialog box again, install the certificate of the<br />
destination S-box. If you are using Internet Explorer 5, do the<br />
following:<br />
1) Click View Certificate.<br />
The Certificate dialog box appears, with the General tab<br />
displayed.<br />
2) Click Install Certificate.<br />
The Certificate Import Wizard opens.<br />
3) Click Next.<br />
4) Click Next.<br />
5) Click Finish.<br />
6) Click Yes.<br />
7) Click OK.<br />
The Security Alert dialog box reappears.<br />
8) Click Yes.<br />
� The SofaWare Safe@ Portal appears.<br />
SofaWare S-box Getting Started Guide
Using the SofaWare Safe@ Portal<br />
Using the SofaWare Safe@ Portal<br />
The SofaWare Safe@ Portal is a web-based management interface, which<br />
enables you to manage and configure the S-box operation and options.<br />
The SofaWare Safe@ Portal consists of three major elements:<br />
• The Navigation Bar – used for navigating between the various menus and<br />
options (e.g. Reports, Security, Setup etc.)<br />
• The Main Frame – displays the relevant information and controls related to<br />
the selected topic.<br />
• The Status Bar – shows your Internet connection and managed services<br />
status as well as your current services plan.<br />
Navigation<br />
Bar<br />
Main<br />
Frame<br />
Status<br />
Bar<br />
Figure 3 SofaWare Safe@ Portal<br />
Navigation Bar<br />
The Navigation Bar includes the following main menus:<br />
• Welcome – displays the welcome information<br />
• Reports – provides reporting capabilities in terms of event logging,<br />
established connections, and active computers<br />
• Security – provides controls and options for setting the security of any<br />
computer in the network<br />
• Services – allows you to control your subscription to SofaWare Managed<br />
Services<br />
Chapter 3: Getting Started 49
Using the SofaWare Safe@ Portal<br />
• Setup – lets you manage and configure your Internet connections<br />
• Password – lets you set your password. This main menu only appears in<br />
Safe@Home and Safe@Home Pro.<br />
• Users – lets you manage S-box users. This main menu only appears in<br />
SofaWare Safe@Office.<br />
• VPN – lets you manage, configure, and log on to VPN sites. This main<br />
menu only appears in SofaWare Safe@Home Pro and SofaWare<br />
Safe@Office.<br />
• Help – provides context-sensitive on-line help<br />
• Logout – allows you to log off of the SofaWare Safe@ Portal<br />
Main Frame<br />
The Main Frame displays the relevant data and controls pertaining to the menu<br />
and tab you select. These elements sometimes differ depending on whether<br />
you are using SofaWare Safe@Home, SofaWare Safe@Home Pro, or<br />
SofaWare Safe@Office. The differences are described throughout this guide.<br />
Status Bar<br />
The Status Bar, located at the bottom of each page, displays information<br />
regarding the following:<br />
• Internet – your Internet connection status which may be one of the<br />
following:<br />
� Connected – The S-box is connected to the Internet.<br />
� Not Connected – The Internet connection is down.<br />
� Establishing Connection – The S-box is connecting to the Internet.<br />
� Contacting Gateway – The S-box is trying to contact the Internet<br />
default gateway.<br />
• Service Center – your Service Center may offer various subscription<br />
services. These include the firewall service, and optional services such as<br />
parental control and e-mail virus scanning. The following lists the security<br />
services status:<br />
� Not Subscribed – You are not subscribed to security services.<br />
� Connection Failed – The Internet connection is down.<br />
� Connecting – The S-box is connecting to the Service Center.<br />
50<br />
SofaWare S-box Getting Started Guide
Logging off<br />
� Connected – You are connected to the Service Center, and security<br />
services are active.<br />
Logging off<br />
Logging off terminates your administration session. Any subsequent attempt<br />
to connect to the SofaWare Safe@ Portal will require re-entering of the<br />
administration password.<br />
To log off of the SofaWare Safe@ Portal<br />
• If you are connected locally, in the Navigation Bar, click Logout.<br />
The Logout screen appears.<br />
• If you are connected through HTTPS, close the browser window.<br />
Chapter 3: Getting Started 51
Logging off<br />
52<br />
SofaWare S-box Getting Started Guide
Chapter 4<br />
Viewing Network Activity Information<br />
Managing Your Network<br />
You can manage and configure your network connection and settings, and<br />
view information on the connection in terms of status, connection duration,<br />
and activity.<br />
Viewing Network Activity Information<br />
You can view information regarding your network’s setup and activity.<br />
To view network activity information<br />
• In the Navigation Bar click on Setup.<br />
The Internet page appears displaying a brief view of the network activity<br />
and status.<br />
The following information is displayed:<br />
� Connection – provides information on the connection status and the<br />
connection duration, if it is active<br />
� Activity – details the amount of data packets sent and received in the<br />
active connection<br />
� Internet – provides information on the user’s IP and MAC addresses as<br />
well the connection mode used<br />
Chapter 4: Managing Your Network 53
Configuring Network Settings<br />
Configuring Network Settings<br />
54<br />
Warning – These are advanced settings. Do not change them unless it is<br />
necessary and you are qualified to do so.<br />
Note – If you change the network settings to incorrect values and are<br />
unable to correct the error, you can reset the S-box to its default settings.<br />
See “Resetting the S-box to factory defaults,” page 141.<br />
Enabling/Disabling the DHCP Server<br />
By default, the S-box operates as a DHCP (Dynamic Host Configuration<br />
Protocol) server. This allows the S-box to automatically configure all the<br />
devices on your network with their network configuration details. If you have<br />
another DHCP server configured in your network, you must disable the S-box<br />
DHCP server. Otherwise, it is highly recommended to leave this setting<br />
enabled.<br />
To enable/disable the DHCP server<br />
1. In the Navigation Bar, click on Setup.<br />
The Internet page appears.<br />
2. In the Setup submenu, click on My Network.<br />
The My Network page appears.<br />
SofaWare S-box Getting Started Guide
Configuring Network Settings<br />
When using Safe@Office, the My Network page appears as follows:<br />
3. In the DHCP Server list, select Enabled or Disabled.<br />
4. Click Apply.<br />
� If you chose to disable the DHCP server, the DHCP server is disabled.<br />
� If you chose to enable the DHCP server, it is enabled.<br />
5. If you don’t have another DHCP server in your network, and your<br />
computers were originally configured differently, do the following:<br />
� Reconfigure all the devices on your network.<br />
� Disable the Obtain IP address automatically (using DHCP) setting<br />
in the TCP/IP settings. For information on configuring TCP/IP, see<br />
“TCP/IP Settings,” page 18.<br />
Changing IP Addresses<br />
If desired, you can change your S-box’s internal IP address. Using<br />
Safe@Office, you can also change the entire range of IP addresses in your<br />
internal network. You may want to perform these tasks if, for example, you are<br />
adding the S-box to a large existing network and don't want to change that<br />
network’s IP address range, or if you are using a DHCP server other than the<br />
S-box, that assigns addresses within a different range.<br />
Chapter 4: Managing Your Network 55
Configuring Network Settings<br />
56<br />
Warning – If you change the S-box internal IP address, you may have to<br />
manually change the network interface TCP/IP setting when using static<br />
IP, or renew the DHCP lease when using Dynamic IP.<br />
Otherwise, you may not have access to the SofaWare Safe@ Portal or to<br />
the Internet.<br />
To change IP addresses<br />
1. In the Navigation Bar, click on Setup.<br />
The Internet page appears.<br />
2. In the Setup submenu, click on My Network.<br />
The My Network page appears.<br />
3. To change the S-box’s internal IP address, enter the new IP address in the<br />
S-box LAN IP field.<br />
4. To change the internal network range, enter new a new value in the LAN<br />
Subnet Mask field.<br />
Note – The internal network range is defined both by the S-box’s internal<br />
IP address and by the subnet mask.<br />
For example, if the S-box’s internal IP address is 192.168.100.7, and you<br />
set the subnet mask to 255.255.255.0, the network’s IP address range<br />
will be 192.168.100.1 – 192.168.100.254.<br />
5. To reset the network to its default settings, click Default.<br />
The internal network range is 192.168.10.*, and DHCP and NAT are<br />
enabled.<br />
6. Click Apply.<br />
A warning message appears.<br />
7. Click OK.<br />
The S-box internal IP address and/or the internal network range are<br />
changed.<br />
8. Do one of the following:<br />
� If your computer is configured to obtain its IP address automatically<br />
(using DHCP), and the S-box DHCP server is enabled, restart your<br />
computer.<br />
Your computer obtains an IP address in the new range.<br />
� Otherwise, manually reconfigure your computer to use the new<br />
address range using the TCP/IP settings. For instructions, see “TCP/IP<br />
Settings,” page 18.<br />
SofaWare S-box Getting Started Guide
Enabling/Disabling NAT<br />
Changing the Internet Connection Configuration<br />
NAT can be disabled only in SofaWare Safe@Office.<br />
Network Address Translation (NAT) enables you to share a single IP address<br />
among several computers.<br />
Note – If NAT is disabled, you must obtain a range of IP addresses. NAT<br />
is enabled by default.<br />
To enable/disable NAT<br />
1. In the Navigation Bar, click on Setup.<br />
The Internet page appears.<br />
2. In the Setup submenu, click on My Network.<br />
The My Network page appears.<br />
3. From the NAT list, select Enabled or Disabled.<br />
4. Click Apply.<br />
� If you chose to disable NAT, it is disabled.<br />
� If you chose to enable NAT, it is enabled.<br />
Changing the Internet Connection Configuration<br />
You can reconfigure your S-box’s Internet connection at any time. For further<br />
information, see “Configuring Your S-box for Internet Connection,” page 27.<br />
Using Quick Internet Connection/Disconnection<br />
By clicking the Connect or Disconnect button (depending on the connection<br />
status) on the Internet page, you can establish a quick Internet connection<br />
using the currently selected connection type. In the same manner, you can<br />
terminate the active connection.<br />
Chapter 4: Managing Your Network 57
Configuring HTTPS<br />
Configuring HTTPS<br />
You can enable S-box users to remotely access the SofaWare Safe@ Portal<br />
through the Internet. To do so, you must first configure HTTPS.<br />
To configure HTTPS<br />
1. In the Navigation Bar, click on Setup.<br />
The Internet page appears.<br />
2. In the Setup submenu, click on HTTPS.<br />
The HTTPS Configuration page appears.<br />
3. Do one of the following:<br />
� To disable remote HTTPS capability, select Disabled.<br />
58<br />
Note – You can use HTTPS to access the SofaWare Safe@ Portal from<br />
your internal network even if Remote HTTPS is disabled, by surfing to<br />
https://my.firewall.<br />
� To allow access to the SofaWare Safe@ Portal from a particular range<br />
of IP addresses, select Allow from this IP address range only and<br />
enter the desired IP address range in the fields provided.<br />
� To allow access to the SofaWare Safe@ Portal from any IP address,<br />
select Allow from any IP address.<br />
Warning – If HTTPS is enabled, your S-box settings can be changed<br />
remotely, so make sure all S-box users’ passwords are unguessable.<br />
SofaWare S-box Getting Started Guide
Static Routes<br />
4. Click Apply.<br />
The HTTPS configuration is saved. You can now access the SofaWare<br />
Safe@ Portal through the Internet, using the procedure “Accessing the<br />
SofaWare Safe@ Portal through HTTPS,” page 48.<br />
Static Routes<br />
Static Routes are applicable only for SofaWare Safe@Office.<br />
Note - It is generally not necessary to specify static routes. Only define<br />
static routes if it is required.<br />
A static route is a setting that explicitly specifies the route for packets destined<br />
for a certain subnet. Packets with a destination that does not match any defined<br />
static route will be routed to the default gateway. All systems have a default<br />
gateway that cannot be deleted.<br />
To modify the default gateway, see “LAN Connection,” page 37.<br />
The Static Routes page lists all existing routes, including the default, and<br />
indicates whether each route is currently "Up", or reachable, or not.<br />
Adding a Static Route<br />
This task can only be performed using SofaWare Safe@Office.<br />
To add a static route<br />
1. In the Navigation Bar click on Setup.<br />
The Setup page appears.<br />
2. In the Setup submenu, click Static Routes.<br />
The Static Routes page appears, with a listing of existing static routes.<br />
Chapter 4: Managing Your Network 59
Static Routes<br />
3. Click New Route.<br />
The Edit Route page appears.<br />
4. Complete the fields using the information in Table 1, page 61.<br />
5. Click Apply.<br />
The new static route is saved.<br />
60<br />
SofaWare S-box Getting Started Guide
Table 1: Edit Route Page Fields<br />
In this field… Do this… Example<br />
Destination<br />
Network<br />
Enter the network address of the<br />
destination network.<br />
Subnet Mask Select the subnet mask from the<br />
drop-down list.<br />
Gateway IP Enter the IP address of the gateway<br />
(next hop router) to which to route the<br />
packets destined for this network.<br />
Viewing and Editing Static Routes<br />
62.91.32.0<br />
Static Routes<br />
255.255.255.0<br />
212.150.10.1<br />
This task can only be performed using SofaWare Safe@Office.<br />
To edit a static route<br />
1. In the Navigation Bar click on Setup.<br />
The Setup page appears.<br />
2. In the Setup submenu, click Static Routes.<br />
The Static Routes page appears, with a listing of existing static routes.<br />
Chapter 4: Managing Your Network 61
Static Routes<br />
3. In the desired route row, click Edit.<br />
The Edit Route page appears displaying the destination network, subnet<br />
mask, and gateway IP of the selected route.<br />
4. To edit the route details, do the following:<br />
a. Edit the fields using Table 1, page 61.<br />
b. Click Apply.<br />
The changes are saved.<br />
5. To return to the Users page without making any changes, click Cancel.<br />
Deleting a Static Route<br />
62<br />
This task can only be performed using SofaWare Safe@Office.<br />
Note – The “default” route cannot be deleted.<br />
SofaWare S-box Getting Started Guide
Static Routes<br />
To delete a static route<br />
1. In the Navigation Bar, click Setup.<br />
The Setup page appears.<br />
2. In the Setup submenu, click Static Routes.<br />
The Static Routes page appears, with a listing of existing static routes.<br />
3. In the desired route row, click the Delete icon.<br />
A confirmation message appears.<br />
4. Click OK.<br />
The route is deleted.<br />
Chapter 4: Managing Your Network 63
Static Routes<br />
64<br />
SofaWare S-box Getting Started Guide
Chapter 5<br />
Viewing the Event Log<br />
Viewing Reports<br />
The SofaWare Safe@ Portal lets you view reports on the following:<br />
• Network activity<br />
• Currently active network connections<br />
• Currently active computers<br />
Viewing the Event Log<br />
You can track network activity using the event log. The event log displays the<br />
last 100 events in three different categories as follows:<br />
• Events highlighted in blue – indicate changes in your setup that you have<br />
made yourself or as a result of a security update implemented by your<br />
Service Center.<br />
• Events highlighted in red – indicate connection attempts that were blocked<br />
by your firewall.<br />
• Events highlighted in orange – indicate attempts that were blocked by your<br />
custom security rules.<br />
The logs detail the date and the time the event occurred, and its type. If the<br />
event is a communication attempt that was rejected by the firewall, the event<br />
details will include the source and destination IP address, the destination port,<br />
and the protocol used (TCP, UDP, etc.) for the communication attempt.<br />
Chapter 5: Viewing Reports 65
Viewing the Event Log<br />
To view the event log<br />
• In the Navigation Bar click on Reports.<br />
The Event Log page appears.<br />
66<br />
You can do any of the following:<br />
� Click the Refresh button to refresh the display.<br />
� Click the Clear button to clear all events.<br />
� If an event is highlighted in red, indicating a blocked attack on your<br />
network, you can display the attacker’s details, by clicking on the IP<br />
address of the attacking machine.<br />
The S-box queries the Internet WHOIS server, and a window displays<br />
the name of the entity to whom the IP address is registered and their<br />
contact information. This information is useful in tracking down<br />
hackers.<br />
SofaWare S-box Getting Started Guide
Viewing Connections<br />
Viewing Connections<br />
This option allows you to view the currently active connections between your<br />
network and the external world. The active connections are displayed as a list,<br />
specifying source IP address, destination IP address and port, and the protocol<br />
used (TCP, UDP, etc.).<br />
To view the active connections<br />
1. In the Navigation Bar click on Reports.<br />
The Event Log page appears.<br />
2. In the Reports submenu click on Active Connections.<br />
The Active Connections page appears.<br />
You can do the following:<br />
� Click the Refresh button to refresh the display.<br />
� To view information on the destination machine, click on its IP<br />
address.<br />
The S-box queries the Internet WHOIS server, and a window displays<br />
the name of the entity to whom the IP address is registered and their<br />
contact information.<br />
Chapter 5: Viewing Reports 67
Viewing Computers<br />
Viewing Computers<br />
This option allows you to view the currently active computers on your<br />
network. The active computers are graphically displayed, each with its name,<br />
IP address, and settings (DHCP, Static, etc.).<br />
You can also view node limit information.<br />
To view the active computers<br />
1. In the Navigation Bar click on Reports.<br />
The Event Log page appears.<br />
2. In the Reports submenu click on Active Computers.<br />
The Active Computers page appears.<br />
68<br />
If you are exceeding the maximum number of computers allowed by your<br />
license, a warning message appears, and the computers over the node limit<br />
are marked in red. These computers may not be able to access the Internet<br />
through the S-box.<br />
Note – To increase the number of computer allowed by your license, you<br />
must upgrade your product. For further information, see “Upgrading Your<br />
Software Product,” page 127.<br />
If desired, you can click the Refresh button to refresh the display.<br />
SofaWare S-box Getting Started Guide
Viewing Computers<br />
3. To view node limit information, do the following:<br />
a. Click Node Limit.<br />
The Node Limit window appears with installed software product and<br />
the number of nodes used.<br />
b. Click Close to close the window.<br />
Chapter 5: Viewing Reports 69
Viewing Computers<br />
70<br />
SofaWare S-box Getting Started Guide
Chapter 6<br />
Setting the Firewall Security Level<br />
Setting Your S-box Security Policy<br />
The SofaWare Safe@ Portal lets you control all security issues including:<br />
controlling the firewall security level, controlling incoming network traffic,<br />
allowing or blocking specific ports and IP addresses or even setting up your<br />
computer or one of your network computers as a Demilitarized Zone (DMZ)<br />
station.<br />
You can also subscribe to services such as Web Filtering and E-mail virus<br />
scanning. For information on these services and the subscription process, see<br />
“Using Subscription Services,” page 79.<br />
Setting the Firewall Security Level<br />
The firewall security level can be controlled using a simple lever available on<br />
the Firewall page. This lever has three states:<br />
• Low security – enforces basic control on incoming connections, while<br />
permitting all outgoing connections<br />
• Medium security – enforces strict control on all incoming connections,<br />
while permitting safe outgoing connections<br />
• High security – enforces strict control on all incoming and outgoing<br />
connections<br />
Medium security is the default level and is recommended for most cases.<br />
Leave it unchanged unless you have a specific need for a higher/lower security<br />
level.<br />
To change the firewall security level<br />
1. In the Navigation Bar click on Security.<br />
The Firewall page appears.<br />
Chapter 6: Setting Your S-box Security Policy 71
Configuring Virtual Servers<br />
2. Drag the security lever to the desired level.<br />
The S-box security level changes accordingly.<br />
Configuring Virtual Servers<br />
72<br />
Note - If you do not intend to host any public Internet servers (Web<br />
Server, Mail Server etc.) in your network, you can skip this section.<br />
Using the SofaWare Safe@ Portal, you can selectively allow incoming<br />
network connections into your network.<br />
For example, you can set up your own Web server, Mail server or even an FTP<br />
server.<br />
To allow a service to be run on a host<br />
1. In the Navigation Bar click on Security.<br />
The Firewall page appears.<br />
2. Click on the Servers tab.<br />
The Virtual Servers page appears, displaying a list of services and a host<br />
IP address for each allowed service.<br />
SofaWare S-box Getting Started Guide
Configuring Virtual Servers<br />
When using SofaWare Safe@Office, the page contains a VPN Only<br />
column:<br />
3. In the Allow column, select the check box of the desired service or<br />
application.<br />
If you are using SofaWare Safe@Office, the appropriate check box in the<br />
VPN Only column is enabled.<br />
Chapter 6: Setting Your S-box Security Policy 73
Creating Rules<br />
4. To allow only connections made through a VPN, select the VPN Only<br />
check box.<br />
5. In the Host IP text box of the selected service or application type the IP<br />
address of the computer that will run the service (one of your network<br />
computers) or click the corresponding This Computer button to allow<br />
your computer to host the service.<br />
6. Click Apply.<br />
A success message appears, and the selected computer is allowed to run<br />
the desired service or application.<br />
To stop a certain service from running on a specific host<br />
1. In the Navigation Bar click on Security.<br />
The Firewall page appears.<br />
2. Click on the Servers tab.<br />
The Virtual Servers page appears, displaying a list of services and a host<br />
IP address for each allowed service.<br />
3. In the desired service or application’s row, click Clear.<br />
The Host IP text box of the desired service is cleared.<br />
4. Click Apply.<br />
The service or application for the specific host is not allowed.<br />
Creating Rules<br />
The SofaWare S-box checks the protocol used, the ports range and destination<br />
IP address when deciding whether to allow or block traffic. User defined rules<br />
have priority over the default rules.<br />
By default, in the "Medium" security level, the S-box blocks all connection<br />
attempts from the Internet (WAN) to the LAN, and allows all outgoing<br />
connection attempts from the LAN to the Internet (WAN).<br />
Allow and Block Rules<br />
The Allow/Block Rules provide you with greater flexibility in defining and<br />
customizing your security policy. You can allow additional inbound services<br />
not on the ‘Virtual Servers’ list, or block outbound communications, for<br />
specific port ranges and protocols.<br />
If you wish to permit incoming access from the Internet to your internal<br />
network, for specific port ranges and protocols, you must create a new ‘Allow’<br />
rule. If you wish to block outgoing access from your internal network to the<br />
74<br />
SofaWare S-box Getting Started Guide
Creating Rules<br />
Internet, for specific port ranges and protocols, you must create a new ‘Block’<br />
rule.<br />
To create a new rule<br />
1. In the Navigation Bar click on Security.<br />
The Firewall page appears.<br />
2. Click the Allow tab to create a new Allow rule or click the Block tab to<br />
create a new Block rule.<br />
Depending on the tab you chose, either the Allow Rules page appears...<br />
...or the Block Rules page appears…<br />
Chapter 6: Setting Your S-box Security Policy 75
Creating Rules<br />
76<br />
Note – When using SofaWare Safe@Home or SofaWare Safe@Home<br />
Pro, the Allow Rules page does not contain a VPN Only column, and the<br />
Block Rules page does not contain an Also VPN column.<br />
3. To specify the port range to which the rule applies, in the Ports column,<br />
type the start port number in the left text box, and the end port number in<br />
the right text box.<br />
Note – If you do not enter a port range, the rule will apply to all ports. If<br />
you enter only one port number, the range will be open-ended.<br />
4. From the Protocol drop-down list, select the protocol (TCP, UDP, or<br />
ANY) for which you wish to create a rule.<br />
5. In the Internet IP text box, do one of the following:<br />
� If you are creating an ‘Allow’ rule, type the Internet IP address that<br />
should be allowed to access the defined ports of a specific computer<br />
inside your network.<br />
� If you are creating a ‘Block’ rule, type the Internet IP address whose<br />
defined ports should not be accessible from a specific computer inside<br />
your network.<br />
Note – When in No-NAT mode, you can leave the Internet IP field<br />
empty. The rule will then apply to the entire Internet.<br />
When creating Allow rules in NAT mode, you must provide an IP address.<br />
This way the S-box knows to which computer to forward incoming<br />
connections. On the other hand, when defining Block rules in NAT mode,<br />
you can leave the Internet IP field empty, which will result in S-box<br />
blocking outgoing Internet connections of all computers in the local<br />
network on the specified ports.<br />
6. In the Home IP text box, do one of the following:<br />
� If you are creating an ‘Allow’ rule, type the IP address of the computer<br />
inside your network, to which the specified Internet IP address should<br />
be allowed access.<br />
� If you are creating a ‘Block’ rule, type the IP address of the computer<br />
inside your network, for which access to the specified Internet IP<br />
address should be blocked.<br />
Alternatively, you can specify your computer, by clicking This<br />
Computer.<br />
7. In the Allow Rules page, select the VPN Only check box to allow only<br />
connections made through a VPN.<br />
SofaWare S-box Getting Started Guide
Creating Rules<br />
8. In the Block Rules page, select the Also VPN check box if you want the<br />
rule to apply not only to the Internet but to the VPN as well.<br />
9. Click Add.<br />
The new rule is added to the list of rules.<br />
To delete an existing rule<br />
1. In the Navigation Bar click on Security.<br />
The Firewall page appears.<br />
2. Click the Allow tab to delete an Allow rule or click the Block tab to delete<br />
a Block rule.<br />
The Allow/Block Rules page appears.<br />
3. Click the icon of the rule you wish to delete.<br />
A confirmation message appears.<br />
4. Click OK.<br />
The rule is deleted.<br />
Demilitarized Zone (DMZ)<br />
The SofaWare S-box allows you to define a DMZ, i.e. define a computer that is<br />
not protected by the firewall. This is useful for setting up a public server. It will<br />
allow unlimited incoming and outgoing connections between the Internet and<br />
that computer.<br />
Warning - Entering an IP address may make the designated computer<br />
vulnerable to hacker attacks. Defining a DMZ is not recommended unless<br />
you are fully aware of the security risks.<br />
To define a computer as DMZ<br />
1. In the Navigation Bar click on Security.<br />
The Firewall page appears.<br />
2. Click the DMZ tab.<br />
The DMZ IP Address page appears.<br />
Chapter 6: Setting Your S-box Security Policy 77
Creating Rules<br />
3. In the DMZ IP Address text box, type the IP address of the computer you<br />
wish to define as DMZ. Alternatively, you can click This Computer to<br />
define your computer as DMZ.<br />
4. Click Apply.<br />
The selected computer is now defined as DMZ.<br />
78<br />
SofaWare S-box Getting Started Guide
Chapter 7<br />
Starting Your Subscription Services<br />
Using Subscription Services<br />
Subscription services offer valuable features, such as automatic software and<br />
security policy updates, content filtering, e-mail virus scanning, and remote<br />
logging.<br />
Check with your S-box provider regarding availability of these services, or<br />
surf to www.sofaware.com/subscriptions to locate your nearest Service<br />
Center.<br />
Starting Your Subscription Services<br />
This option allows you to configure and start your services subscription, which<br />
can include policy and firmware updates, E-mail Anti Virus scanning, and<br />
Web Filtering.<br />
To start your subscription<br />
1. In the Navigation Bar, click Services.<br />
The Account page appears.<br />
2. In the Service Account area, click Connect.<br />
Chapter 7: Using Subscription Services 79
Starting Your Subscription Services<br />
80<br />
The Setup Wizard opens, with the first Subscription Services dialog box<br />
displayed.<br />
3. Make sure the I wish to connect to a Service Center check box is<br />
selected.<br />
4. Do either of the following:<br />
� To connect to the SofaWare Service Center, select<br />
usercenter.sofaware.com.<br />
� To specify a Service Center, do the following:<br />
1) Select Specified.<br />
2) In the Specified text box, enter the desired Service Center’s IP<br />
address, as given to you by the Service Center.<br />
5. Click Next.<br />
The Connecting… screen appears.<br />
The second Subscription Services dialog box appears.<br />
SofaWare S-box Getting Started Guide
Starting Your Subscription Services<br />
6. Enter your gateway ID and registration key in the appropriate fields, as<br />
given to you by your service provider.<br />
7. Click Next.<br />
The Connecting… screen appears.<br />
The third Subscription Services dialog box appears with a list of services<br />
to which you are subscribed.<br />
Chapter 7: Using Subscription Services 81
Starting Your Subscription Services<br />
8. Click Next.<br />
The final Subscription Services dialog box appears with a success<br />
message.<br />
9. Click Finish.<br />
The following things happen:<br />
� If a new firmware was installed, the S-box is restarted.<br />
� The services to which you are subscribed are now available on your<br />
S-box and listed as such on the Account page. See “Viewing Services<br />
Information,” page 83 for further information.<br />
82<br />
� The Services submenu includes the services to which you are<br />
subscribed.<br />
SofaWare S-box Getting Started Guide
Viewing Services Information<br />
Viewing Services Information<br />
The Account page Service Status area lists the services available in your<br />
service plan.<br />
The following information is displayed for each service:<br />
• Name – the service’s name<br />
• Subscription – the status of your subscription to the service (Subscribed or<br />
Not Subscribed)<br />
• Status – the status of the service:<br />
� Connected – You are connected to the service through the Service<br />
Center.<br />
� N/A – The service is not available.<br />
� Mode – the mode to which the service is set.<br />
The service mode is influenced by the S-box management (local or<br />
remote). For further information, see “Web Filtering,” page 84,<br />
“Virus Scanning,” page 87, and “Automatic and Manual Updates,”<br />
page 91.<br />
Canceling Subscription Services<br />
If desired, you can cancel your subscription to the services provided by your<br />
Service Center.<br />
To cancel your subscription<br />
1. In the Navigation Bar, click Services.<br />
The Account page appears.<br />
2. In the Service Account area, click Connect.<br />
The Setup Wizard opens, with the first Subscription Services dialog box<br />
displayed.<br />
3. Clear the I wish to connect to a Service Center check box.<br />
4. Click Next.<br />
The final Subscription Services dialog box appears with a success<br />
message.<br />
5. Click Finish.<br />
The following things happen:<br />
� You are disconnected from the Service Center.<br />
� The services to which you were subscribed are no longer available on<br />
your S-box.<br />
Chapter 7: Using Subscription Services 83
Web Filtering<br />
Web Filtering<br />
When enabled, access to Web content is restricted according to the categories<br />
specified under ‘Allow Categories’. Adult users will be able to view Web<br />
pages with no restrictions, only after they have provided the administrator<br />
password via the Web Filtering pop-up window.<br />
Enabling/Disabling Web Filtering When Locally<br />
Managed<br />
To enable/disable Web Filtering when locally managed<br />
1. In the Navigation Bar click on Services.<br />
The Account page appears.<br />
2. In the Services submenu, click Web Filtering.<br />
The Web Filtering page appears.<br />
3. Drag the On/Off lever upwards or downwards.<br />
Web Filtering is enabled/disabled for all internal network computers.<br />
84<br />
SofaWare S-box Getting Started Guide
Selecting Categories for Blocking<br />
Web Filtering<br />
You can define which types of web sites should be considered appropriate for<br />
your family or office members, by selecting the categories. Categories marked<br />
with will remain visible, while categories marked with will be blocked<br />
and will require the administrator password for viewing.<br />
Note – If you are remotely managed, contact your Service Center to<br />
change these settings.<br />
To allow/block a category<br />
1. In the Allow Categories area, click<br />
2. Click Apply.<br />
or next to the desired category.<br />
Temporary Disable for Web Filtering When<br />
Remotely Managed<br />
If the S-box is remotely managed, this service can be remotely controlled by<br />
your Service Center.<br />
If desired, you can temporarily disable the Web Filtering service, temporarily<br />
disabling it.<br />
To temporarily disable Web Filtering when remotely managed<br />
1. In the Navigation Bar click on Services.<br />
The Account page appears.<br />
2. In the Services submenu, click Web Filtering.<br />
The Web Filtering page appears.<br />
Note – The On/Off lever and Allow Categories area on this page are<br />
read-only. Contact your Service Center to change these settings.<br />
If the service is enabled, the On/Off lever is set to On.<br />
Chapter 7: Using Subscription Services 85
Web Filtering<br />
4. Click Snooze.<br />
� Web Filtering is temporarily disabled for all internal network<br />
computers.<br />
� The Snooze button changes to Resume.<br />
86<br />
� The Web Filtering Off popup window opens.<br />
SofaWare S-box Getting Started Guide
Virus Scanning<br />
3. To re-enable the service, click Resume, either in the popup window, or on<br />
the Web Filtering page.<br />
� The service is re-enabled for all internal network computers.<br />
� The Resume button changes to Snooze.<br />
� If the Web Filtering Off popup window was open, it closes.<br />
Virus Scanning<br />
Enabling this option will result in automatic scanning of your e-mail for the<br />
detection and elimination of all known viruses and vandals.<br />
Enabling/Disabling E-mail Anti Virus When Locally<br />
Managed<br />
To enable/disable E-mail Anti Virus when locally managed<br />
1. In the Navigation Bar click on Services.<br />
The Account page appears.<br />
2. In the Services submenu, click E-mail Anti Virus.<br />
The E-mail Anti Virus page appears.<br />
Chapter 7: Using Subscription Services 87
Virus Scanning<br />
3. Drag the On/Off lever upwards or downwards.<br />
E-mail Anti Virus is enabled/disabled for all internal network computers.<br />
Selecting Protocols for Scanning<br />
If you are locally managed, you can define which protocols should be scanned<br />
for viruses:<br />
• E-mail retrieving (POP3) – if enabled, all incoming e-mail in the POP3<br />
protocol will be scanned<br />
• E-mail sending (SMTP) – if enabled, all outgoing e-mail will be scanned<br />
Protocols marked with will be scanned, while those marked with will<br />
not.<br />
88<br />
Note – If you are remotely managed, contact your Service Center to<br />
change these settings.<br />
To enable virus scanning for a protocol<br />
1. In the Protocols area, click<br />
2. Click Apply.<br />
or next to the desired protocol.<br />
SofaWare S-box Getting Started Guide
Temporary Disable for E-mail Anti Virus When<br />
Remotely Managed<br />
Virus Scanning<br />
If the S-box is remotely managed, this service can be remotely controlled by<br />
your Service Center.<br />
If you are having problems sending or receiving e-mail you can temporarily<br />
disable the E-mail Anti Virus service.<br />
To temporarily disable E-mail Anti Virus when remotely managed<br />
1. In the Navigation Bar click on Services.<br />
The Account page appears.<br />
2. In the Services submenu, click E-mail Anti Virus.<br />
The E-mail Anti Virus page appears.<br />
Note – The On/Off lever and Protocols area on this page are read-only.<br />
Contact your Service Center to change these settings.<br />
If the service is enabled, the On/Off lever is set to On.<br />
3. Click Snooze.<br />
� E-mail Anti Virus is temporarily disabled for all internal network<br />
computers.<br />
� The Snooze button changes to Resume.<br />
Chapter 7: Using Subscription Services 89
Virus Scanning<br />
90<br />
� The E-mail Anti Virus Off popup window opens.<br />
4. To re-enable the service, click Resume, either in the popup window, or on<br />
the E-mail Anti Virus page.<br />
� The service is re-enabled for all internal network computers.<br />
� The Resume button changes to Snooze.<br />
� If the E-mail Anti Virus Off popup window was open, it closes.<br />
SofaWare S-box Getting Started Guide
Automatic and Manual Updates<br />
Automatic and Manual Updates<br />
If you are subscribed to Software Updates, you can check for new security and<br />
software updates.<br />
Checking for Software Updates When Locally<br />
Managed<br />
If your S-box is locally managed, you can set it to automatically check for<br />
software updates, or you can set it so that software updates must be checked for<br />
manually.<br />
To configure software updates when locally managed<br />
1. In the Navigation Bar, click Services.<br />
The Account page appears.<br />
2. Click on the Software Updates tab.<br />
The Software Updates page appears.<br />
3. To set the S-box to automatically check for and install new software<br />
updates, drag the Automatic/Manual lever upwards.<br />
The S-box checks for new updates and installs them according to its<br />
schedule.<br />
Note – When the Software Updates service is set to Automatic, you can<br />
still manually check for updates. See step 5.<br />
Chapter 7: Using Subscription Services 91
Automatic and Manual Updates<br />
4. To set the S-box so that software updates must be checked for manually,<br />
drag the Automatic/Manual lever downwards.<br />
The S-box does not check for software updates automatically.<br />
5. To manually check for software updates, click Update Now.<br />
The system checks for new updates and installs them.<br />
Checking for Software Updates When Remotely<br />
Managed<br />
If your S-box is remotely managed, it automatically checks for software<br />
updates and installs them without user intervention. However, you can still<br />
check for updates manually, if needed.<br />
To manually check for security and software updates<br />
1. In the Navigation Bar, click Services.<br />
The Account page appears.<br />
2. Click on the Software Updates tab.<br />
The Software Updates page appears.<br />
3. Click Update Now.<br />
The system checks for new updates and installs them.<br />
92<br />
SofaWare S-box Getting Started Guide
Refreshing Your Service Center Connection<br />
Refreshing Your Service Center Connection<br />
This option reconnects you to your Service Center and refreshes your S-box<br />
services’ settings.<br />
To refresh your Service Center connection<br />
1. In the Navigation Bar, click Services.<br />
The Account page appears.<br />
2. In the Service Account area, click Refresh.<br />
The S-box reconnects to the Service Center.<br />
Your service settings are refreshed.<br />
Configuring Your Account<br />
This option allows you to access your Service Center web site, which offers<br />
additional configuration options for your account.<br />
To configure your account<br />
1. In the Navigation Bar, click Services.<br />
The Account page appears.<br />
2. In the Service Account area, click Configure.<br />
Note – If no additional settings are available from your Service Center,<br />
this button will not appear.<br />
Your Service Center web site opens.<br />
3. Follow the on-screen instructions.<br />
Chapter 7: Using Subscription Services 93
Configuring Your Account<br />
94<br />
SofaWare S-box Getting Started Guide
Chapter 8<br />
Adding and Editing VPN Sites using SofaWare Safe@Home Pro<br />
Working With VPNs<br />
A virtual private network (VPN) consists of at least one VPN server or<br />
gateway, and several VPN clients. A VPN server makes the corporate network<br />
remotely available to authorized users, such as employees working from home,<br />
who connect to the VPN server using VPN clients. A VPN gateway can be<br />
connected to another VPN gateway in a permanent, bi-directional relationship.<br />
The two connected networks function as a single network.<br />
A connection between two VPN sites is called a VPN tunnel. VPN tunnels<br />
encrypt and authenticate all traffic passing through them. Through these<br />
tunnels, employees can safely use their company’s network resources when<br />
working at home. For example, they can securely read email, use the<br />
company’s intranet, or access the company’s database from home.<br />
Figure 5 Typical Corporate VPN<br />
Chapter 8: Working With VPNs 95
Adding and Editing VPN Sites using SofaWare Safe@Home Pro<br />
SofaWare Safe@Home Pro and SofaWare Safe@Office provide VPN<br />
functionality. SofaWare Safe@Home Pro contains a VPN client. SofaWare<br />
Safe@Office can act as a VPN client, a VPN server, or a VPN gateway.<br />
If you currently have SofaWare Safe@Home and need VPN functionality, you<br />
can upgrade your software to SofaWare Safe@Home Pro, SofaWare<br />
Safe@Office, or SofaWare Safe@Office Plus.<br />
Adding and Editing VPN Sites using SofaWare<br />
Safe@Home Pro<br />
96<br />
Using SofaWare Safe@Home Pro, you can define only Remote Access<br />
VPN sites.<br />
To define Site to Site VPN gateways, you must have SofaWare Safe@Office.<br />
For further information, see “Adding and Editing VPN Sites using SofaWare<br />
Safe@Office,” page 102.<br />
To add or edit VPN sites using SofaWare Safe@Home Pro<br />
1. In the Navigation Bar, click on VPN.<br />
The VPN Sites page appears, with a list of VPN sites.<br />
2. Do either of the following:<br />
� To add a VPN site, click New Site.<br />
SofaWare S-box Getting Started Guide
Adding and Editing VPN Sites using SofaWare Safe@Home Pro<br />
� To edit a VPN site, click Edit in the desired VPN site’s row.<br />
The SofaWare VPN Site Wizard opens, with the Welcome to the VPN<br />
Site Wizard screen displayed.<br />
3. Click Next.<br />
The VPN Gateway Address dialog box appears.<br />
Chapter 8: Working With VPNs 97
Adding and Editing VPN Sites using SofaWare Safe@Home Pro<br />
4. Enter the IP address of the VPN gateway to which you want to connect, as<br />
given to you by the network administrator.<br />
5. Click Next.<br />
The Resolving… screen appears.<br />
The VPN Network Configuration dialog box appears.<br />
6. Do one of the following:<br />
� To obtain the network configuration by downloading it from the VPN<br />
site, select Download Configuration. This option will automatically<br />
configure your VPN settings, by downloading the network topology<br />
definition from the VPN server.<br />
98<br />
Note – Downloading the network configuration is only possible if you are<br />
connecting to a Check Point VPN-1 or SofaWare Safe@Office VPN<br />
gateway.<br />
� To provide the network configuration manually, select Specify<br />
Configuration.<br />
7. Click Next.<br />
� If you chose Specify Configuration, a second VPN Network<br />
Configuration dialog box appears.<br />
SofaWare S-box Getting Started Guide
Adding and Editing VPN Sites using SofaWare Safe@Home Pro<br />
Do the following:<br />
1) In the Destination network column, enter up to three destination<br />
network addresses at the VPN site to which you want to connect.<br />
2) In the Subnet mask column, select the subnet masks for the<br />
destination network addresses.<br />
Note – Obtain the destination networks and subnet masks from the<br />
VPN gateway’s system administrator.<br />
3) Click Next.<br />
� The VPN Login dialog box appears.<br />
Chapter 8: Working With VPNs 99
Adding and Editing VPN Sites using SofaWare Safe@Home Pro<br />
8. Click Next.<br />
The following things happen in the order below:<br />
� If you chose to Download Configuration, the Connecting… screen<br />
appears, and then the Contacting VPN Site screen appears.<br />
100<br />
Click Next.<br />
� The Site Name dialog box appears.<br />
SofaWare S-box Getting Started Guide
Adding and Editing VPN Sites using SofaWare Safe@Home Pro<br />
9. Enter a name for the VPN site. You may choose any name.<br />
10. Click Next.<br />
The VPN Site Created screen appears.<br />
11. Click Finish.<br />
The VPN Sites page reappears. If you added a VPN site, the new site<br />
appears in the VPN Sites list. If you edited a VPN site, the modifications<br />
are reflected in the VPN Sites list.<br />
Chapter 8: Working With VPNs 101
Adding and Editing VPN Sites using SofaWare Safe@Office<br />
Adding and Editing VPN Sites using SofaWare<br />
Safe@Office<br />
102<br />
Using SofaWare Safe@Office, you can define both Remote Access and<br />
Site to Site VPN gateways.<br />
You define each VPN site according to the function you want SofaWare<br />
Safe@Office to perform when connecting to it:<br />
• VPN client – Define the VPN site as a Remote Access VPN site using the<br />
procedure below.<br />
• VPN gateway – Do the following:<br />
� On the first VPN site’s S-box, define the second VPN site as a Site to<br />
Site VPN gateway using the procedure below, and enable the VPN<br />
server using the procedure “Setting Up Your S-box as a VPN Server,”<br />
page 109.<br />
� On the second VPN site’s S-box, define the first VPN site as a Site to<br />
Site VPN gateway, and enable the VPN server using the procedure<br />
“Setting Up Your S-box as a VPN Server,” page 109.<br />
To add or edit VPN sites using SofaWare Safe@Office<br />
1. In the Navigation Bar, click on VPN.<br />
The VPN Server page appears.<br />
2. In the VPN submenu, click VPN Sites.<br />
The VPN Sites page appears with a list of VPN sites.<br />
3. Do either of the following:<br />
� To add a VPN site, click New Site.<br />
� To edit a VPN site, click Edit in the desired VPN site’s row.<br />
The SofaWare VPN Site Wizard opens, with the Welcome to the VPN<br />
Site Wizard dialog box displayed.<br />
SofaWare S-box Getting Started Guide
Adding and Editing VPN Sites using SofaWare Safe@Office<br />
4. Do one of the following:<br />
� Select Remote Access VPN to establish remote access from your VPN<br />
client to a VPN server or gateway.<br />
� Select Site to Site VPN to create a permanent bi-directional connection<br />
to another gateway.<br />
5. Click Next.<br />
Chapter 8: Working With VPNs 103
Adding and Editing VPN Sites using SofaWare Safe@Office<br />
Configuring a Remote Access VPN Site<br />
If you selected Remote Access VPN, the VPN Gateway Address dialog box<br />
appears.<br />
6. Enter the IP address of the VPN gateway to which you want to connect, as<br />
given to you by the network administrator.<br />
7. Click Next.<br />
The Resolving… screen appears.<br />
The VPN Network Configuration dialog box appears.<br />
8. Do one of the following:<br />
� To obtain the network configuration by downloading it from the VPN<br />
site, select Download Configuration. This option will automatically<br />
configure your VPN settings, by downloading the network topology<br />
definition from the VPN server.<br />
104<br />
Note – Downloading the network configuration is only possible if you are<br />
connecting to a Check Point VPN-1 or SofaWare Safe@Office VPN<br />
gateway.<br />
� To provide the network configuration manually, select Specify<br />
Configuration.<br />
9. Click Next.<br />
The following things happen in the order below:<br />
� If you chose Specify Configuration, a second VPN Network<br />
Configuration dialog box appears. Do the following:<br />
1) In the Destination network column, enter up to three destination<br />
network addresses at the VPN site to which you want to connect.<br />
2) In the Subnet mask column, select the subnet masks for the<br />
destination network addresses.<br />
Note – Obtain the destination networks and subnet masks from the VPN<br />
gateway’s system administrator.<br />
3) Click Next.<br />
� The VPN Login dialog box appears.<br />
SofaWare S-box Getting Started Guide
Adding and Editing VPN Sites using SofaWare Safe@Office<br />
10. Do one of the following:<br />
� To configure the site for manual login, select Manual Login.<br />
� To enable the S-box to log on to the VPN site automatically, do the<br />
following:<br />
1) Select Automatic Login.<br />
2) Enter a user name and password to be used for logging on to the<br />
VPN site.<br />
Note – While Automatic Login provides all the computers on your internal<br />
network with constant access to the VPN site, Manual Login connects<br />
only the computer you are currently logged onto to the VPN site, and only<br />
when the appropriate user name and password have been entered.<br />
For further information on Automatic and Manual Login, see, “Logging on<br />
to a VPN Site,” page 114.<br />
11. Click Next.<br />
If you chose to Download Configuration, the Connecting… screen<br />
appears, and then the Contacting VPN Site screen appears. Click Next.<br />
Continue at “Completing Site Creation,” page 108.<br />
Chapter 8: Working With VPNs 105
Adding and Editing VPN Sites using SofaWare Safe@Office<br />
Configuring a Site to Site VPN Gateway<br />
If you selected Site to Site VPN, the VPN Gateway Address dialog box<br />
appears.<br />
6. In the VPN Gateway field, enter the IP address of the VPN gateway to<br />
which you want to connect, as given to you by the network administrator.<br />
7. Do one of the following:<br />
� Select Restricted Access to allow the VPN site access to your network,<br />
according to the security rules defined on your S-box.<br />
� Select Unrestricted Access to allow the VPN site to access to your<br />
network without restriction and bypass NAT.<br />
8. Click Next.<br />
The Resolving… screen appears.<br />
The VPN Network Configuration dialog box appears.<br />
9. Do one of the following:<br />
� To obtain the network configuration by downloading it from the VPN<br />
site, select Download Configuration. This option will automatically<br />
configure your VPN settings, by downloading the network topology<br />
definition from the VPN server.<br />
106<br />
Note – Downloading the network configuration is only possible if you are<br />
connecting to a Check Point VPN-1 or SofaWare Safe@Office VPN<br />
gateway.<br />
SofaWare S-box Getting Started Guide
Adding and Editing VPN Sites using SofaWare Safe@Office<br />
� To provide the network configuration manually, select Specify<br />
Configuration.<br />
10. Click Next.<br />
� If you chose Download Configuration, the Shared Secret dialog box<br />
appears.<br />
Do the following:<br />
1) In the Topology User field, enter the topology user’s user name.<br />
2) In the Topology Password field, enter the topology user’s<br />
password.<br />
3) Select either Use Shared Secret or Use Certificate.<br />
If you select Use Shared Secret, in the Shared Secret field, enter<br />
the shared secret to use for secure communications with the VPN<br />
site. This shared secret is a string used to identify the VPN sites to<br />
each other. The secret can contain spaces and special characters.<br />
If you select Use Certificate, a certificate must have been installed.<br />
(Refer to “Installing a Certificate,” page 111 for more information<br />
about certificates and instructions on how to install a certificate.)<br />
4) Click Next.<br />
The Connecting… screen appears.<br />
The Contacting VPN Site screen appears.<br />
Chapter 8: Working With VPNs 107
Adding and Editing VPN Sites using SofaWare Safe@Office<br />
108<br />
� If you chose Specify Configuration, a second VPN Network<br />
Configuration dialog box appears. Do the following:<br />
1) In the Destination network column, enter up to three destination<br />
network addresses at the VPN site to which you want to connect.<br />
2) In the Subnet mask column, select the subnet masks for the<br />
destination network addresses.<br />
Note – Obtain the destination networks and subnet masks from the VPN<br />
gateway’s system administrator.<br />
3) Click Next.<br />
The Shared Secret dialog box appears.<br />
4) In the Shared Secret field, enter the shared secret to use for secure<br />
communications with the VPN site. This shared secret is a string<br />
used to identify the VPN sites to each other. The secret can contain<br />
spaces and special characters.<br />
11. Click Next.<br />
Continue at “Completing Site Creation,” page 108.<br />
Completing Site Creation<br />
Once you have configured your VPN site, The Site Name dialog box appears.<br />
12. Enter a name for the VPN site. You may choose any name.<br />
13. Click Next.<br />
The VPN Site Created screen appears.<br />
14. Click Finish.<br />
The VPN Sites page reappears. If you added a VPN site, the new site<br />
appears in the VPN Sites list. If you edited a VPN site, the modifications<br />
are reflected in the VPN Sites list.<br />
SofaWare S-box Getting Started Guide
Setting Up Your S-box as a VPN Server<br />
Setting Up Your S-box as a VPN Server<br />
Using SofaWare Safe@Office, you can make your network remotely<br />
available to authorized users by setting up your S-box as a VPN server.<br />
Remote access users can connect to the VPN server via Check Point<br />
SecuRemote or SofaWare Safe@Home Pro in Remote Access VPN<br />
mode.<br />
To set up your S-box as a VPN server<br />
1. In the Navigation Bar, click on VPN.<br />
The VPN Server page appears.<br />
2. Drag the Enabled/Disabled lever to Enabled.<br />
The VPN server is enabled.<br />
The Unrestricted Access/Restricted Access lever is enabled.<br />
3. Do one of the following:<br />
� Drag the Unrestricted Access/Restricted Access lever to Restricted<br />
Access to allow the authenticated users access to your network,<br />
according to the security rules defined on your S-box.<br />
� Drag the Unrestricted Access/Restricted Access lever to Unrestricted<br />
Access to allow authenticated users to access to your network without<br />
restriction and bypass NAT.<br />
4. Follow the procedure “Setting Up Remote VPN Access for Users,”<br />
page 126.<br />
Note – Disabling the VPN server will cause all existing VPN tunnels to<br />
disconnect.<br />
Chapter 8: Working With VPNs 109
Deleting a VPN Site<br />
Deleting a VPN Site<br />
110<br />
This task can be performed using both SofaWare Safe@Office and<br />
SofaWare Safe@Home Pro.<br />
To delete a VPN site<br />
1. In the Navigation Bar, click on VPN.<br />
� If the VPN Server page appears, click on VPN Sites in the VPN<br />
submenu.<br />
� The VPN Sites page appears, with a list of VPN sites.<br />
2. In the desired VPN site’s row, click on the Delete icon.<br />
A confirmation message appears.<br />
3. Click OK.<br />
The VPN site is deleted.<br />
Enabling/Disabling a VPN Site<br />
This task can be performed using both SofaWare Safe@Office and<br />
SofaWare Safe@Home Pro.<br />
You can only connect to VPN sites that are enabled.<br />
To enable/disable a VPN site<br />
1. In the Navigation Bar, click on VPN.<br />
� If the VPN Server page appears, click on VPN Sites in the VPN<br />
submenu.<br />
� The VPN Sites page appears, with a list of VPN sites.<br />
2. To enable a VPN site, do the following:<br />
SofaWare S-box Getting Started Guide
a. Click on the icon in the desired VPN site’s row.<br />
A confirmation message appears.<br />
b. Click OK.<br />
The icon changes to , and the VPN site is enabled.<br />
3. To disable a VPN site, do the following:<br />
Installing a Certificate<br />
Note – Disabling a VPN site eliminates the tunnel and erases the network<br />
topology.<br />
a. Click on the icon in the desired VPN site’s row.<br />
A confirmation message appears.<br />
b. Click OK.<br />
The icon changes to , and the VPN site is disabled.<br />
Installing a Certificate<br />
SofaWare Safe@Office supports the use of digital certificates.<br />
A digital certificate is a secure means of authenticating the S-box to other VPN<br />
gateways. The certificate is issued by the Certificate Authority (CA) to entities<br />
such as gateways, users, or computers. The entity then uses the certificate to<br />
identify itself and provide verifiable information.<br />
For instance, the certificate includes the Distinguishing Name (DN)<br />
(identifying information) of the entity, as well as the public key (information<br />
about itself). After two entities exchange and validate each other's certifcates,<br />
they can begin encrypting information between themselves using the public<br />
keys in the certificates.<br />
The S-box supports certificates encoded in the PKCS#12 (Personal<br />
Information Exchange Syntax Standard) format. The PKCS#12 file must have<br />
a ".p12" file extension<br />
Note – To use certificates authentication, each S-box should have a<br />
unique certificate. Do not use the same certificate for more than one<br />
gateway.<br />
If you do not have a PKCS#12, obtain it from your network security<br />
administrator.<br />
Chapter 8: Working With VPNs 111
Installing a Certificate<br />
To install a certificate<br />
1. In the Navigation Bar, click on VPN.<br />
The VPN Sites page appears, with a list of VPN sites.<br />
2. Click on Certificate.<br />
The VPN Certificate page appears, with instructions on how to install the<br />
certificate.<br />
3. Click Browse to open a file browser from which to locate and select the<br />
file.<br />
The filename that you selected is displayed.<br />
4. Click Update.<br />
You are requested to enter the pass-phrase. This pass-phrase is used only<br />
one time, to decrypt the certificate.<br />
112<br />
SofaWare S-box Getting Started Guide
Installing a Certificate<br />
5. Type in the pass-phrase received from the network security administrator<br />
6. Click OK.<br />
The certificate is installed.<br />
The name of the CA that issued the certificate and the name of the gateway<br />
to which this certificate was issued appear.<br />
Uninstalling a certificate<br />
You cannot uninstall the certificate if there is a VPN site currently defined to<br />
use certificate authentication.<br />
When a certificate is currently installed, the VPN Certificate page presents<br />
two options:<br />
• Install: Pressing Install will allow you to install a new certificate. The<br />
current certificate will be replaced.<br />
• Uninstall: Pressing Uninstall will uninstall the current certificate only.<br />
Therefore, no certificate exists on the S-box, and you will not be able to<br />
connect to the VPN if a certificate is still required.<br />
To uninstall a certificate<br />
1. In the Navigation Bar, click on VPN.<br />
The VPN Sites page appears, with a list of VPN sites.<br />
2. Click Certificate.<br />
The VPN Certificate page appears, displaying the name of the currently<br />
installed certificate.<br />
Chapter 8: Working With VPNs 113
Logging on to a VPN Site<br />
3. Click Uninstall<br />
The certificate is uninstalled<br />
Logging on to a VPN Site<br />
114<br />
You can log on to VPN sites using both SofaWare Safe@Office and<br />
SofaWare Safe@Home Pro.<br />
You need to manually log on to Remote Access VPN sites configured for<br />
Manual Login. You do not need to manually log on to a Remote Access VPN<br />
site configured for Automatic Login or a Site to Site VPN gateway: all the<br />
computers on your network have constant access to it.<br />
Manual Login can be done through either the SofaWare Safe@ Portal or the<br />
my.vpn page. When you log on, a VPN tunnel is established. Only the<br />
computer from which you logged on can use the tunnel. To share the tunnel<br />
with other computers in your home network, you must log on to the VPN site<br />
from those computers, using the same user name and password.<br />
Note – You must use a single user name and password for each VPN<br />
destination gateway.<br />
SofaWare S-box Getting Started Guide
Logging on to a VPN Site<br />
Logging on through the SofaWare Safe@ Portal<br />
This task can be performed using both SofaWare Safe@Office and<br />
SofaWare Safe@Home Pro.<br />
Note – You can only perform manual login to sites that are configured for<br />
Manual Login.<br />
To manually log on to a VPN site through the Safe@ Portal<br />
1. In the Navigation Bar, click on VPN.<br />
The VPN Sites or VPN Server page appears.<br />
2. In the VPN submenu, click on VPN Login.<br />
The VPN Login page appears.<br />
3. From the Site Name list, select the site to which you want to log on.<br />
Note – Disabled VPN sites will not appear in the Site list.<br />
4. Enter your user name and password in the appropriate fields.<br />
5. Click Connect.<br />
Chapter 8: Working With VPNs 115
Logging on to a VPN Site<br />
116<br />
� If the S-box is configured to automatically download the network<br />
configuration, the S-box downloads the network configuration.<br />
� If when adding the VPN site you specified a network configuration, the<br />
S-box attempts to create a tunnel to the VPN site.<br />
� The VPN Login Status box appears. The Status field tracks the<br />
connection’s progress.<br />
� Once the S-box has finished connecting, the Status field changes to<br />
“Connected”.<br />
� The VPN Login Status box remains open until you manually log off the<br />
VPN site.<br />
SofaWare S-box Getting Started Guide
Logging on through the my.vpn page<br />
Logging on to a VPN Site<br />
This task can be performed using both SofaWare Safe@Office and<br />
SofaWare Safe@Home Pro.<br />
Note – You don’t need to know the my.firewall page administrator’s<br />
password in order to use the my.vpn page.<br />
To manually log on to a VPN site through the my.vpn page<br />
1. Direct your web browser to http://my.vpn<br />
The VPN Login screen appears.<br />
2. In the Site list, select the site to which you want to log on.<br />
3. Enter your user name and password in the appropriate fields.<br />
4. Click Connect.<br />
� If the S-box is configured to automatically download the network<br />
configuration, the S-box downloads the network configuration.<br />
� If when adding the VPN site you specified a network configuration, the<br />
S-box attempts to create a tunnel to the VPN site.<br />
� The VPN Login Status box appears. The Status field tracks the<br />
connection’s progress.<br />
� Once the S-box has finished connecting, the Status field changes to<br />
“Connected”.<br />
� The VPN Login Status box remains open until you manually log off of<br />
the VPN site.<br />
Chapter 8: Working With VPNs 117
Logging off a VPN Site<br />
Logging off a VPN Site<br />
118<br />
This task can be performed using both SofaWare Safe@Office and<br />
SofaWare Safe@Home Pro.<br />
You need to manually log off a VPN site in the following cases:<br />
• You are using SofaWare Safe@Home Pro.<br />
• The VPN site is a Remote Access VPN site configured for Manual Login.<br />
To log off a VPN site<br />
• In the VPN Login Status box, click Close.<br />
All open tunnels from the S-box to the VPN site are closed, and the VPN<br />
Login Status box closes.<br />
Note – Closing the browser or dismissing the VPN Login Status box will<br />
also terminate the VPN session within a short time.<br />
Viewing VPN Tunnels<br />
You can view a list of currently established VPN tunnels using both<br />
SofaWare Safe@Office and SofaWare Safe@Home Pro.<br />
VPN tunnels are created and closed as follows:<br />
• Remote Access VPN sites configured for Automatic Login and Site to<br />
Site VPN gateways: A tunnel is created whenever your computer attempts<br />
any kind of communication with a computer at the VPN site. The tunnel is<br />
closed when not in use for a period of time.<br />
Note – Although the VPN tunnel is automatically closed, the site remains<br />
open, and if you attempt to communicate with the site, the tunnel will be<br />
reestablished.<br />
SofaWare S-box Getting Started Guide
Viewing VPN Tunnels<br />
• Remote Access VPN sites configured for Manual Login: A tunnel is<br />
created whenever your computer attempts any kind of communication with<br />
a computer at the VPN site, after you have manually logged on to the site.<br />
All open tunnels connecting to the site are closed when you manually log<br />
off.<br />
To view VPN tunnels<br />
1. In the Navigation Bar, click on Reports.<br />
The Event Log page appears.<br />
2. In the Reports submenu, click on VPN Tunnels.<br />
The VPN Tunnels page appears with a table of open tunnels to VPN sites.<br />
Chapter 8: Working With VPNs 119
Viewing VPN Tunnels<br />
The VPN Tunnels table includes the following columns:<br />
This column… Contains this information…<br />
Site Name The VPN site’s name<br />
Username The user logged on to the VPN site<br />
Encryption Type The type of encryption used to secure the<br />
120<br />
connection, followed by the type of Message<br />
Authentication Code (MAC) used to verify the<br />
integrity of the message.<br />
This information is presented in the following format:<br />
Encryption type/Authentication type<br />
Note: All VPN settings are automatically negotiated<br />
between the two sites. The encryption and<br />
authentication schemes used for the connection are<br />
the strongest of those used at the two sites.<br />
Your S-box supports AES 3DES and DES encryption<br />
schemes, and MD5 and SHA authentication<br />
schemes.<br />
Established Time The time at which the tunnel was established.<br />
This information is presented in the following format:<br />
Hour:Minute:Second<br />
VPN Gateway The IP address of the VPN gateway to which the<br />
tunnel is connected<br />
You can refresh the table by clicking Refresh.<br />
SofaWare S-box Getting Started Guide
Chapter 9<br />
Changing Your Password<br />
Managing Users<br />
In SofaWare Safe@Home and SofaWare Safe@Home Pro, there is a single<br />
user called "admin". You can change this user’s password using the procedure<br />
“Changing Your Password ,” page 121.<br />
In SofaWare Safe@Office you can define multiple users and perform the<br />
following tasks:<br />
• “Changing Your Password ,” page 121<br />
• “Adding Users,” page 124<br />
• “Viewing and Editing Users,” page 124<br />
• “Deleting Users,” page 126<br />
• “Setting Up Remote VPN Access for Users,” page 126<br />
Changing Your Password<br />
You can change your password at any time. How this task is performed<br />
depends on the S-box software configuration you are using.<br />
Using SofaWare Safe@Home and SofaWare<br />
Safe@Home Pro<br />
This task can only be performed using SofaWare Safe@Home or<br />
SofaWare Safe@Home Pro.<br />
To change your password<br />
1. In the Navigation Bar click on Password.<br />
The Password page appears.<br />
Chapter 9: Managing Users<br />
121
Changing Your Password<br />
2. Edit the Password and Confirm password fields.<br />
122<br />
Note - Use 5 to 25 characters (letters or numbers) for the new password.<br />
3. Click Apply.<br />
Your changes are saved.<br />
Using SofaWare Safe@Office<br />
This task can only be performed using SofaWare Safe@Office.<br />
To change your password using SofaWare Safe@Office<br />
1. In the Navigation Bar click on Users.<br />
The Users page appears.<br />
SofaWare S-box Getting Started Guide
2. In the row of your username, click Edit.<br />
The Edit User page appears.<br />
3. Edit the Password and Confirm password fields.<br />
Changing Your Password<br />
Note - Use 5 to 25 characters (letters or numbers) for the new password.<br />
4. Click Apply.<br />
Your changes are saved.<br />
Chapter 9: Managing Users<br />
123
Adding Users<br />
Adding Users<br />
124<br />
This task can only be performed using SofaWare Safe@Office.<br />
The number of S-box users you can add is limited according to your software.<br />
For further information, see “SofaWare S-box Software,” page 7.<br />
To add a user<br />
1. In the Navigation Bar click on Users.<br />
The Users page appears.<br />
2. Click New User.<br />
The Edit User page appears. The options that appear on the page are<br />
dependant on the software and services you are using.<br />
3. Complete the fields using the information in Table 1, page 125.<br />
4. Click Apply.<br />
The new user is saved.<br />
The Edit User page appears.<br />
Viewing and Editing Users<br />
This task can only be performed using SofaWare Safe@Office.<br />
To view or edit users<br />
1. In the Navigation Bar click on Users.<br />
The Users page appears.<br />
2. In the desired user’s row, click Edit.<br />
The Edit User page appears with the user’s details. The options that<br />
appear on the page are dependant on the software and services you are<br />
using.<br />
3. To edit the user’s details, do the following:<br />
a. Edit the fields using Table 1, page 125.<br />
b. Click Apply.<br />
The changes are saved.<br />
SofaWare S-box Getting Started Guide
Viewing and Editing Users<br />
4. To return to the Users page without making any changes, click Cancel.<br />
Table 1: User Page Fields<br />
In this field… Do this…<br />
Username Enter a username for the user.<br />
You cannot change the admin user’s username.<br />
Password Enter a password for the user. Use five to 25<br />
characters (letters or numbers) for the new<br />
password.<br />
Confirm Password Re-enter the user’s password.<br />
Administrator Select this option to allow the user to log on to<br />
my.firewall.<br />
This option cannot be disabled for the admin user.<br />
VPN Remote Access Select this option to allow the user to connect to<br />
Web Filtering<br />
Override<br />
this S-box using their VPN client. For further<br />
information on setting up VPN remote access, see<br />
“Setting Up Remote VPN Access for Users,”<br />
page 126.<br />
This option only appears in SofaWare<br />
Safe@Office.<br />
Select this option to allow the user to override Web<br />
Filtering.<br />
This option only appears if the Web Filtering<br />
service is defined.<br />
Chapter 9: Managing Users<br />
125
Deleting Users<br />
Deleting Users<br />
126<br />
This task can only be performed using SofaWare Safe@Office.<br />
Note – The “admin” user cannot be deleted.<br />
To delete a user<br />
1. In the Navigation Bar click on Users.<br />
The Users page appears.<br />
2. In the desired user’s row, click the Delete icon.<br />
A confirmation message appears.<br />
3. Click OK.<br />
The user is deleted.<br />
Setting Up Remote VPN Access for Users<br />
This task can only be performed using SofaWare Safe@Office.<br />
If you are using your S-box as a VPN server, you can allow users to access it<br />
remotely through their VPN clients (a Check Point SecureClient, Check Point<br />
SecuRemote, SofaWare Safe@Home Pro or SofaWare Safe@Office).<br />
To set up remote VPN access for a user<br />
1. Enable your VPN server, using the procedure “Setting Up Your S-box as a<br />
VPN Server,” page 109.<br />
2. Add the user to the system, using the procedure “Adding Users,” page 124.<br />
You must select the VPN Remote Access option.<br />
SofaWare S-box Getting Started Guide
Chapter 10<br />
Upgrading Your Software Product<br />
Upgrading and Updating<br />
You can upgrade the S-box software and/or update the S-box firmware.<br />
Upgrading Your Software Product<br />
Upgrading your S-box is a very simple process. After purchasing an upgrade,<br />
you will receive a new Product Key that will enable you to use the upgraded<br />
product on the same S-box unit you have today. For example, if you are using<br />
Safe@Home, you can purchase an upgrade to Safe@Office and enjoy the VPN<br />
features on your existing S-box unit.<br />
Note - To purchase an upgrade, contact your S-box provider or surf to<br />
www.sofaware.com/upgrades.<br />
To upgrade your product, you must install the new Product Key.<br />
To install a Product Key<br />
1. In the Navigation Bar click on Setup.<br />
The Internet page appears.<br />
2. Click the Firmware tab.<br />
The Firmware page appears.<br />
Chapter 10: Upgrading and Updating 127
Upgrading Your Software Product<br />
3. In the Advanced area, click Upgrade.<br />
The SofaWare Setup Wizard opens, with the Install Product Key dialog<br />
box displayed.<br />
4. Select Product Key.<br />
5. In the Product Key field, enter the new Product Key.<br />
6. Click Next.<br />
The Installed New Product Key dialog box appears.<br />
128<br />
SofaWare S-box Getting Started Guide
7. Click Next.<br />
The first Registration dialog box appears.<br />
Upgrading Your Software Product<br />
8. Do one of the following:<br />
� To register your S-box later on, do the following:<br />
1) Clear the I want to register my product check box.<br />
2) Click Next.<br />
Chapter 10: Upgrading and Updating 129
Upgrading Your Software Product<br />
130<br />
� To register your S-box now, click Next.<br />
A second Registration dialog box appears.<br />
3) Enter your contact information in the appropriate fields.<br />
4) To receive email notifications regarding new firmware versions and<br />
services, select the check box.<br />
5) Click Next.<br />
The Registration… screen appears.<br />
The third Registration dialog box appears.<br />
9. Click Finish.<br />
Your S-box is restarted and the Welcome page appears.<br />
SofaWare S-box Getting Started Guide
Registering Your S-box<br />
Registering Your S-box<br />
If you want to activate your warranty and optionally receive notifications of<br />
new firmware versions and services, you must register your S-box.<br />
Privacy Statement: SofaWare is committed to protecting your<br />
privacy. We use the information we collect about you to process<br />
orders and to improve our ability to serve your needs. We will under<br />
no circumstances sell, lease, or otherwise disclose any of your<br />
personal or contact details without your explicit permission.<br />
To register your S-box<br />
1. In the Navigation Bar click on Setup.<br />
The Internet page appears.<br />
2. Click the Firmware tab.<br />
The Firmware page appears.<br />
3. In the Advanced area, click Upgrade.<br />
The SofaWare Setup Wizard opens, with the Install Product Key dialog<br />
box displayed.<br />
4. Select Keep these settings.<br />
5. Click Next.<br />
The Product Key Not Modified screen appears.<br />
Chapter 10: Upgrading and Updating 131
Updating the Firmware Manually<br />
6. Click Next.<br />
The first Registration dialog box appears.<br />
7. Verify that the I want to register my product check box is selected.<br />
8. Click Next.<br />
A second Registration dialog box appears.<br />
9. Enter your contact information in the appropriate fields.<br />
10. To receive email notifications regarding new firmware versions and<br />
services, select the check box.<br />
11. Click Next.<br />
The Registration… screen appears.<br />
The third Registration dialog box appears.<br />
12. Click Finish.<br />
Your S-box is restarted and the Welcome page appears.<br />
Updating the Firmware Manually<br />
If you are subscribed to Software Updates, firmware updates are performed<br />
automatically. These updates include new product features and protection<br />
against new security threats. Check with your S-box provider for the<br />
availability of Software Updates and other services, or surf to<br />
www.sofaware.com/subscriptions to locate your nearest Service Center.<br />
If you are not subscribed to the Software Updates service, you must update<br />
your firmware manually.<br />
To update your S-box firmware manually<br />
1. In the Navigation Bar click on Setup.<br />
The Internet page appears.<br />
2. Click the Firmware tab.<br />
The Firmware page appears.<br />
3. Click Firmware Update.<br />
The Firmware Update page appears.<br />
132<br />
SofaWare S-box Getting Started Guide
4. Click Browse.<br />
A browse window appears.<br />
Updating the Firmware Manually<br />
5. Select the image file that you have downloaded from SofaWare web site<br />
and click Open.<br />
The Firmware Update page reappears. The path to the firmware update<br />
image file appears in the Browse text box.<br />
6. Click Upload.<br />
Your S-box firmware is updated – this may take one minute. At the end of<br />
the process the S-box restarts automatically.<br />
Chapter 10: Upgrading and Updating 133
Updating the Firmware Manually<br />
134<br />
SofaWare S-box Getting Started Guide
Chapter 11<br />
Troubleshooting<br />
Troubleshooting<br />
If your S-box is not functioning normally, follow the guidelines in the<br />
“Frequently Asked Questions,” page 135, and perform the following tasks as<br />
needed:<br />
• “Viewing Firmware Status,” page 140<br />
• “Resetting the S-box to factory defaults,” page 141<br />
• “Rebooting the SofaWare S-box,” page 142<br />
• “Running Diagnostics,” page 143<br />
Frequently Asked Questions<br />
I cannot access the Internet. What should I do?<br />
• Check if the PWR/SEC LED is active. If not, check the power connection<br />
to the S-box.<br />
• Check if the WAN LINK/ACT LED is on. If not check the network cable<br />
to the modem and make sure the modem is turned on.<br />
• Check if the LAN LINK/ACT LED for the port used by your computer is<br />
on. If not, check if the network cable linking your computer to the S-box is<br />
connected properly.<br />
• Using your web browser go to http://my.firewall and see whether<br />
"connected" appears on the status bar. Make sure that your S-box network<br />
settings are configured as per your Service Center directions.<br />
• Check your TCP/IP configuration according to Chapter 2.<br />
• If the firewall level is set to “High”, try setting it to “Medium” or “Low”.<br />
• If Parental control or E-mail anti-virus scanning are on, try turning them<br />
off.<br />
• Erase all your block rules through the security menu.<br />
• Check with your ISP for possible service outage.<br />
• Check whether you are exceeding the maximum number of computers<br />
allowed by your license by following the procedure “Viewing Computers,”<br />
page 68.<br />
Chapter 11: Troubleshooting 135
Troubleshooting<br />
I cannot access http://my.firewall or http://my.vpn. What should I<br />
do?<br />
• Verify that the S-box is operating (PWR/SEC LED is active)<br />
• Check if the LAN LINK/ACT LED for the port used by your computer is<br />
on. If not, check if the network cable linking your computer to the S-box is<br />
connected properly.<br />
• Try surfing to 192.168.10.1 instead of to my.firewall.<br />
136<br />
Note – 192.168.10 is the default value, and it may vary if you changed it<br />
in the My Network page.<br />
• Check your TCP/IP configuration according to Chapter 2.<br />
• Restart your S-box and your broadband modem by disconnecting the<br />
power and reconnecting after 5 seconds.<br />
• If your web browser is configured to use an HTTP proxy to access the<br />
Internet, add "my.firewall" or "my.vpn" to your proxy exceptions list.<br />
Every time I start Internet Explorer, the application searches for<br />
an Internet connection. This is unnecessary, since I am connected<br />
through the S-box. What should I do?<br />
For Internet Explorer, versions 5 and 6, do the following:<br />
1. Open the browser.<br />
2. On the Tools menu, click Internet Options…, then click the Connections<br />
tab.<br />
3. For each item in the Dial-up Settings list, do the following:<br />
a. Select the item.<br />
b. Select Never dial a connection.<br />
4. Click Apply.<br />
5. Click OK.<br />
6. Close all active browsers and try again.<br />
SofaWare S-box Getting Started Guide
Troubleshooting<br />
Every time I start Outlook Express, the application searches for an<br />
Internet connection. This is unnecessary, since I am connected<br />
through the S-box. What should I do?<br />
For Outlook Express, versions 5 and 6, do the following:<br />
1. Open Outlook Express.<br />
2. On the Tools menu, click Accounts, then click the Mail tab.<br />
3. For each of the accounts configured in the mail window, do the following:<br />
a. Click Properties, then click the Connection tab.<br />
b. Clear the Always connect to this account using check box.<br />
c. Click OK.<br />
4. Click Close.<br />
5. Close all active browsers and try again.<br />
I run a public Web server at home but it cannot be accessed<br />
externally, although it is accessible to the computers on my<br />
network. What should I do?<br />
Surf to the security page and use the Servers submenu to allow access to your<br />
server.<br />
My network seems extremely slow. What should I do?<br />
• The Ethernet cables may be faulty. For proper operation, the S-box requires<br />
STP CAT5 (Shielded Twisted Pair Category 5) Ethernet cables. Make sure<br />
that this specification is printed on your cables.<br />
• Your Ethernet card may be faulty or misconfigured. Try replacing your<br />
Ethernet card.<br />
I cannot play a certain network game. What should I do?<br />
• Turn the S-box security to Low and try again.<br />
• If the game still does not work, set the computer you wish to play from to<br />
be the DMZ server.<br />
• When you have finished playing the game make sure to clear the DMZ<br />
setting otherwise your security might be compromised.<br />
Chapter 11: Troubleshooting 137
Troubleshooting<br />
I have forgotten my password. What should I do?<br />
Reset your S-box to factory defaults using the Reset button as detailed in<br />
“Resetting the S-box to factory defaults,” page 141. Note that this will erase all<br />
your settings.<br />
I purchased SofaWare Safe@Home Pro or SofaWare Safe@Office,<br />
but I only seem to have SofaWare Safe@Home functionality. What<br />
should I do?<br />
Your have not installed your product key. For further information, see<br />
“Upgrading Your Software Product,” page 127.<br />
I cannot connect to a VPN site using SofaWare Safe@Home Pro or<br />
SofaWare Safe@Office. What should I do?<br />
Check whether there is a problem with your VPN client:<br />
1. Do one of the following:<br />
� If you are using SofaWare Safe@Home Pro, add the demo Check Point<br />
VPN site, using the procedure “Adding and Editing VPN Sites using<br />
SofaWare Safe@Home Pro,” page 96, as follows:<br />
1) In the VPN Gateway Address dialog box, enter 207.40.230.20 in<br />
the VPN Gateway field.<br />
2) In the VPN Network Configuration dialog box, select Download<br />
Configuration.<br />
� If you are using SofaWare Safe@Office, add the demo Check Point<br />
VPN site, using the procedure “Adding and Editing VPN Sites using<br />
SofaWare Safe@Home Pro,” page 96, as follows:<br />
1) In the Welcome to the VPN Site Wizard dialog box, select<br />
Remote Access VPN.<br />
2) In the VPN Gateway Address dialog box, enter 207.40.230.20 in<br />
the VPN Gateway field.<br />
3) In the VPN Network Configuration dialog box, select Download<br />
Configuration.<br />
2. Log on to the demo site, using “vpndemo” as your username and password.<br />
3. Surf to http://207.40.230.22<br />
The Check Point VPN-1 SecuRemote Demo Site should open and inform<br />
you that you successfully created a VPN tunnel.<br />
138<br />
SofaWare S-box Getting Started Guide
Troubleshooting<br />
I changed the network settings to incorrect values and am unable<br />
to correct my error. What should I do?<br />
Reset the network to its default settings using the button on the back<br />
of the S-box unit. See “Resetting the S-box to factory defaults,” page 141.<br />
I am using the S-box with another DSL/Cable router, and I am<br />
having problems with some applications.<br />
The S-box performs Network Address Translation (NAT). It is possible to use<br />
the S-box behind another device that performs NAT, such as a DSL router<br />
or Wireless router, but the device will block all incoming connections<br />
from reaching your S-box.<br />
To fix this problem, do ONE of the following. (The solutions are listed in order<br />
of preference.)<br />
• Consider whether you really need the router. The S-box can be used as a<br />
replacement for your router, unless you need it for some additional<br />
functionality that it provides, such as Wireless access.<br />
• If possible, disable NAT in the router. Refer to the router’s documentation<br />
for instructions on how to do this.<br />
The following suggestions will work only if the router is connected to the<br />
WAN port of the S-box:<br />
• If the router has a "DMZ Computer" option, set it to the S-box’s external IP<br />
address.<br />
• Set the router to direct all incoming connections to the S-box’s external IP<br />
address.<br />
Chapter 11: Troubleshooting 139
Troubleshooting<br />
Keep in mind that if you use the S-box behind another NAT device, you may<br />
lose some of the advantages of the S-box, such as broad application<br />
support and high performance.<br />
For additional information: consult our online Frequently Asked Questions<br />
(FAQ) at http://www.sofaware.com/support.<br />
Viewing Firmware Status<br />
The firmware is the software program embedded in the S-box hardware.<br />
You can view your current firmware version and additional details.<br />
To view the firmware status<br />
1. In the Navigation Bar click on Setup.<br />
The Internet page appears.<br />
2. Click the Firmware tab.<br />
The Firmware page appears.<br />
140<br />
The Firmware page displays a table with the following information:<br />
� Firmware Version – the current version of the firmware<br />
� Hardware Type – the type of the current S-box hardware<br />
� Hardware Version – the current hardware version of the S-box<br />
� Installed Product –the licensed software and the number allowed nodes<br />
� Uptime – the time that elapsed from the moment the unit was turned on<br />
SofaWare S-box Getting Started Guide
Resetting the S-box to factory defaults<br />
Troubleshooting<br />
The SofaWare S-box allows you to reset its settings to factory defaults. When<br />
you reset your S-box, it reverts to the state it was originally in when you<br />
purchased it, and your firmware reverts to the version that shipped with the<br />
S-box.<br />
You can perform this action via the Web management interface (software) or<br />
by manually pressing the Reset button (hardware) located at the back of the<br />
S-box.<br />
Warning - This operation erases all your settings and password information.<br />
You will have to set a new password and reconfigure your S-box for Internet<br />
connection. For information on performing these tasks, see “Configuring<br />
Your S-box for Internet Connection,” page 27.<br />
To reset the S-box to factory defaults via the Web interface<br />
1. In the Navigation Bar click on Setup.<br />
The Internet page appears.<br />
2. Click the Firmware tab.<br />
The Firmware page appears.<br />
3. Click on Factory Settings.<br />
A confirmation message appears.<br />
4. Click OK.<br />
The S-box returns to its factory defaults – this process might take up 30-60<br />
seconds to finish.<br />
At the end of the process the gateway restarts automatically and the<br />
Gateway restart confirmation page appears.<br />
5. Click OK.<br />
The gateway is restarted and within one minute the S-box Welcome page<br />
appears.<br />
Chapter 11: Troubleshooting 141
Troubleshooting<br />
To reset the S-box to factory defaults using the Reset button<br />
1. Make sure the S-box is powered on.<br />
2. Using a sharp object, press the RESET button on the back of the S-box<br />
steadily for seven seconds and then release it.<br />
3. Allow the S-box to boot-up until the system is ready (PWR/SEC LED<br />
flashes slowly or illuminates steadily in green light).<br />
142<br />
Warning – If you choose to reset the S-box by disconnecting the power<br />
cable and then reconnecting it, be sure to leave the S-box disconnected for<br />
at least three seconds, or the S-box might not function properly until you<br />
reboot it as described below.<br />
Rebooting the SofaWare S-box<br />
If your S-box is not functioning properly, rebooting it will often solve the<br />
problem.<br />
To reboot the S-box<br />
1. In the Navigation Bar click on Setup.<br />
The Internet page appears.<br />
2. Click the Firmware tab.<br />
The Firmware page appears.<br />
3. Click on Restart.<br />
A confirmation message appears.<br />
4. Click OK.<br />
The S-box is restarted (the PWR/SEC LED flashes quickly) and the<br />
following message appears.<br />
SofaWare S-box Getting Started Guide
After one minute the Login page appears.<br />
Running Diagnostics<br />
Troubleshooting<br />
You can view technical information about your S-box’s hardware, firmware,<br />
license, network status, and subscription services.<br />
This information is useful for troubleshooting. You can copy and paste it into<br />
the body an email and send it to technical support.<br />
To run diagnostics<br />
1. In the Navigation Bar click on Setup.<br />
The Internet page appears.<br />
2. Click the Firmware tab.<br />
The Firmware page appears.<br />
3. Click on Diagnostics.<br />
Technical information about your S-box appears in a new window.<br />
4. To refresh the contents of the window, click Refresh.<br />
The contents are refreshed.<br />
5. To close the window, click Close.<br />
Chapter 11: Troubleshooting 143
Troubleshooting<br />
144<br />
SofaWare S-box Getting Started Guide
Appendix<br />
Technical Specifications<br />
FCC<br />
Technical Specifications<br />
Specifications<br />
Height - 1.2 inches Input AC Power - 9VAC<br />
Width - 8.0 inches Power consumption - 13.5W<br />
Length - 4.8 inches<br />
Power supply – 100 VAC,<br />
Weight - 1.8 lbs<br />
120 VAC or 230 VAC<br />
This device complies with Part 15 of the FCC Rules. Operation is subject to the<br />
following two conditions:<br />
1. This device may not cause harmful interference.<br />
2. This device must accept any interference received, including interference<br />
that may cause undesired operation.<br />
This Class B Digital apparatus complies with Canadian Standard ICES-003.<br />
CE Declaration of Conformity<br />
SofaWare Technologies Ltd., 3 Hilazon St., Ramat-Gan Israel, declares that<br />
the SofaWare S-box is in conformity with the following standards:<br />
Safety: EN 60950: 1992<br />
IEC 90950: 1999<br />
CS 22.2 950: 2000<br />
EMC: EN 55022: 1998<br />
EN 55024: 1998<br />
SofaWare declares that this device is in conformity with the essential<br />
requirements specified in ANNEX I of Directive EMC 89/336/EEC and with<br />
Article 3.1 (a) and 3.1 (b) of Directive 99/05/EC (Radio Equipment and<br />
Telecommunications Terminal Equipment Directive).<br />
Appendix: Specifications 145
Technical Specifications<br />
146<br />
SofaWare S-box Getting Started Guide
Glossary<br />
Glossary<br />
ADSL Modem (Asymmetric Digital Subscriber Line)<br />
A device connecting a computer to the Internet via an existing phone line.<br />
ADSL modems offer a high-speed 'always-on' connection.<br />
Cable Modem<br />
A device connecting a computer to the Internet via the cable television<br />
network. Cable modems offer a high-speed 'always-on' connection.<br />
Certificate Authority (CA)<br />
The Certificate Authority (CA) issues certificates to entities such as gateways,<br />
users, or computers. The entity later uses the certificate to identify itself and<br />
provide verifiable information. For instance, the certificate includes the<br />
Distinguishing Name (DN) (identifying information) of the entity, as well as<br />
the public key (information about itself), and possibly the IP address.<br />
After two entities exchange and validate each other's certifcates, they can<br />
begin encrypting information between themselves using the public keys in the<br />
certificates.<br />
DHCP<br />
Any machine requires a unique IP address to connect to the Internet using<br />
Internet Protocol. Dynamic Host Configuration Protocol (DHCP) is a<br />
communications protocol that assigns Internet Protocol (IP) addresses to<br />
computers on the network.<br />
DHCP uses the concept of a "lease" or amount of time that a given IP address<br />
will be valid for a computer.<br />
DMZ<br />
A DMZ (demilitarized zone) allows one computer to be exposed to the<br />
Internet. An example of using a DMZ would be exposing a public server, while<br />
preventing outside users from getting direct access form this server back to the<br />
private network.<br />
Glossary 147
Glossary<br />
Domain Name System (DNS)<br />
The Domain Name System (DNS) refers to the Internet domain names, or<br />
easy-to-remember "handles", that are translated into IP addresses.<br />
An example of a Domain Name is 'www.sofaware.com'.<br />
Firewall<br />
A program or a set of related programs, located on a network gateway server<br />
(in SofaWare Safe@Home's case it is the SofaWare S-box) protecting your<br />
private network resources from users (and abusers) on the Internet. A firewall<br />
inspects each packet to determine whether it complies with the security policy<br />
and blocks illegal traffic.<br />
SofaWare Safe@Home's inspection module examines every packet passing<br />
through the residential gateway, promptly blocking all unwanted<br />
communication attempts. Packets do not enter the home network unless they<br />
comply with the security policy.<br />
Firmware<br />
Software embedded in a device.<br />
Gateway<br />
A gateway is a network point that acts as an entrance to another network.<br />
Hacking (or cracking)<br />
An activity in which someone breaks into someone else's computer system,<br />
bypasses passwords or licenses in computer programs; or in other ways<br />
intentionally breaches computer security. The end result is that whatever<br />
resides on the computer can be viewed and sensitive data can be stolen without<br />
anyone knowing about it. Sometimes, tiny programs are 'planted' on the<br />
computer that are designed to watch out for, seize and then transmit to another<br />
computer, specific types of data.<br />
HTTPS (Hypertext Transfer Protocol over Secure Socket Layer, or<br />
HTTP over SSL)<br />
A protocol for accessing a secure Web server. It uses SSL as a sublayer under<br />
the regular HTTP application. This directs messages to a secure port number<br />
rather than the default Web port number, and uses a public key to encrypt data<br />
HTTPS is used to transfer confidential user information.<br />
148<br />
SofaWare S-box Getting Started Guide
Glossary<br />
Hub<br />
A device with multiple ports, connecting several PCs or network devices on a<br />
network.<br />
IP Address<br />
An IP address is a 32-bit number that identifies each computer sending or<br />
receiving data packets across the Internet. When you request an HTML page or<br />
send e-mail, the Internet Protocol part of TCP/IP includes your IP address in<br />
the message and sends it to the IP address that is obtained by looking up the<br />
domain name in the Uniform Resource Locator you requested or in the e-mail<br />
address you're sending a note to. At the other end, the recipient can see the IP<br />
address of the Web page requestor or the e-mail sender and can respond by<br />
sending another message using the IP address it received.<br />
IPSEC<br />
IPSEC is the leading Virtual Private Networking (VPN) standard. IPSEC<br />
enables individuals or offices to establish secure communication channels<br />
('tunnels') over the Internet.<br />
IP Spoofing<br />
A technique where an attacker attempts to gain unauthorized access through a<br />
false source address to make it appear as though communications have<br />
originated in a part of the network with higher access privileges. For example,<br />
a packet originating on the Internet may be masquerading as a local packet<br />
with the source IP address of an internal host. The firewall can protect against<br />
IP spoofing attacks by limiting network access based on the gateway interface<br />
from which data is being received.<br />
ISP<br />
An ISP (Internet service provider) is a company that provides access to the<br />
Internet and other related services.<br />
LAN<br />
A local area network (LAN) is a group of computers and associated devices<br />
that share a common communications line and typically share the resources of<br />
a single server within a small geographic area.<br />
Glossary 149
Glossary<br />
MAC Address<br />
The MAC (Media Access Control) address is a computer's unique hardware<br />
number. When connected to the Internet from your computer, a mapping<br />
relates your IP address to your computer's physical (MAC) address on the<br />
LAN.<br />
Mbps<br />
Megabits per second. Measurement unit for the rate of data transmission.<br />
MTU<br />
The Maximum Transmission Unit (MTU) is a parameter that determines the<br />
largest datagram than can be transmitted by an IP interface (without it needing<br />
to be broken down into smaller units). The MTU should be larger than the<br />
largest datagram you wish to transmit un-fragmented. Note: This only prevents<br />
fragmentation locally. Some other link in the path may have a smaller MTU -<br />
the datagram will be fragmented at that point. Typical values are 1500 bytes<br />
for an Ethernet interface or 1452 for a PPP interface.<br />
NAT<br />
Network Address Translation (NAT) is the translation or mapping of an IP<br />
address to a different IP address. NAT can be used to map several internal IP<br />
addresses to a single IP address, thereby sharing a single IP address assigned<br />
by the ISP among several PCs.<br />
Check Point FireWall-1's Stateful Inspection Network Address Translation<br />
(NAT) implementation supports hundreds of pre-defined applications,<br />
services, and protocols, more than any other firewall vendor.<br />
NetBIOS<br />
NetBIOS is the networking protocol used by DOS and Windows machines.<br />
Packet<br />
A packet is the basic unit of data that flows from one source on the Internet to<br />
another destination on the Internet. When any file (e-mail message, HTML<br />
file, GIF file etc.) is sent from one place to another on the Internet, the file is<br />
divided into "chunks" of an efficient size for routing. Each of these packets is<br />
separately numbered and includes the Internet address of the destination. The<br />
individual packets for a given file may travel different routes through the<br />
150<br />
SofaWare S-box Getting Started Guide
Glossary<br />
Internet. When they have all arrived, they are reassembled into the original file<br />
at the receiving end.<br />
PPPoE<br />
PPPoE (Point-to-Point Protocol over Ethernet) enables connecting multiple<br />
computer users on an Ethernet local area network to a remote site or ISP,<br />
through common customer premises equipment (e.g. modem).<br />
PPTP<br />
The Point-to-Point Tunneling Protocol (PPTP) allows extending a local<br />
network by establishing private “tunnels” over the Internet. This protocol it is<br />
also used by some DSL providers as an alternative for PPPoE.<br />
RJ-45<br />
The RJ-45 is a connector for digital transmission over ordinary phone wire.<br />
Router<br />
A router is a device that determines the next network point to which a packet<br />
should be forwarded toward its destination. The router is connected to at least<br />
two networks.<br />
Server<br />
A server is a program (or host) that awaits and requests from client programs<br />
across the network. For example, a Web server is the computer program,<br />
running on a specific host, that serves requested HTML pages or files. Your<br />
browser is the client program, in this case.<br />
Stateful Inspection<br />
Stateful Inspection was invented by Check Point to provide the highest level of<br />
security by examining every layer within a packet, unlike other systems of<br />
inspection. Stateful Inspection extracts information required for security<br />
decisions from all application layers and retains this information in dynamic<br />
state tables for evaluating subsequent connection attempts. In other words, it<br />
learns!<br />
Glossary 151
Glossary<br />
Subnet Mask<br />
A 32-bit identifier indicating how the network is split into subnets. The subnet<br />
mask indicates which part of the IP address is the host ID and which indicates<br />
the subnet.<br />
TCP<br />
TCP (Transmission Control Protocol) is a set of rules (protocol) used along<br />
with the Internet Protocol (IP) to send data in the form of message units<br />
between computers over the Internet. While IP takes care of handling the<br />
actual delivery of the data, TCP takes care of keeping track of the individual<br />
units of data (called packets) that a message is divided into for efficient routing<br />
through the Internet.<br />
For example, when an HTML file is sent to you from a Web server, the<br />
Transmission Control Protocol (TCP) program layer in that server divides the<br />
file into one or more packets, numbers the packets, and then forwards them<br />
individually to the IP program layer. Although each packet has the same<br />
destination IP address, it may get routed differently through the network.<br />
At the other end (the client program in your computer), TCP reassembles the<br />
individual packets and waits until they have arrived to forward them to you as<br />
a single file.<br />
TCP/IP<br />
TCP/IP (Transmission Control Protocol/Internet Protocol) is the underlying<br />
communication protocol of the Internet.<br />
UDP<br />
UDP (User Datagram Protocol) is a communications protocol that offers a<br />
limited amount of service when messages are exchanged between computers<br />
in a network that uses the Internet Protocol (IP). UDP is an alternative to the<br />
Transmission Control Protocol (TCP) and, together with IP, is sometimes<br />
referred to as UDP/IP. Like the Transmission Control Protocol, UDP uses the<br />
Internet Protocol to actually get a data unit (called a datagram) from one<br />
computer to another. Unlike TCP, however, UDP does not provide the service<br />
of dividing a message into packets (datagrams) and reassembling it at the other<br />
end.<br />
UDP is often used for applications such as streaming data.<br />
152<br />
SofaWare S-box Getting Started Guide
URL<br />
A URL (Uniform Resource Locator) is the address of a file (resource)<br />
accessible on the Internet. The type of resource depends on the Internet<br />
application protocol. On the Web (which uses the Hypertext Transfer<br />
Protocol), an example of a URL is 'http://www.sofaware.com'.<br />
Glossary<br />
VPN<br />
A virtual private network (VPN) is a private data network that makes use of the<br />
public telecommunication infrastructure, maintaining privacy through the use<br />
of a tunneling protocol and security procedures.<br />
VPN tunnel<br />
A secure connection between a VPN client and a VPN server.<br />
Glossary 153
Glossary<br />
154<br />
SofaWare S-box Getting Started Guide
A<br />
account, configuring, 93<br />
active computers, viewing, 68<br />
active connections, viewing, 67<br />
Allow rules<br />
creating, 75<br />
deleting, 77<br />
explained, 74<br />
Automatic Login, 114<br />
B<br />
Block rules<br />
creating, 75<br />
deleting, 77<br />
explained, 74<br />
C<br />
cable type, 26<br />
D<br />
Demilitarized Zone. See DMZ<br />
DHCP server<br />
enabling/disabling, 54<br />
explained, 54<br />
diagnostics, 143<br />
DMZ<br />
defining a computer as, 77<br />
explained, 77<br />
Dynamic Host Configuration<br />
Protocol Server. See DHCP<br />
server<br />
E<br />
Email Anti Virus<br />
disabling, 87<br />
enabling, 87<br />
selecting protocols for, 88<br />
snoozing, 89<br />
event log, viewing, 65<br />
F<br />
firewall<br />
levels, 71<br />
Index<br />
Index<br />
setting security level, 71<br />
firmware<br />
explained, 140<br />
updating manually, 132<br />
viewing status, 140<br />
H<br />
HTTPS, configuring, 58<br />
I<br />
installation<br />
cable type, 26<br />
Internet connection<br />
configuring, 27<br />
establishing quick, 57<br />
terminating, 57<br />
troubleshooting, 135, 136, 137<br />
M<br />
Manual Login, 114<br />
N<br />
NAT<br />
enabling/disabling, 57<br />
explained, 57<br />
network<br />
changing internal range of, 55<br />
configuring, 54<br />
enabling DHCP Server on, 54<br />
enabling NAT on, 57<br />
managing, 53<br />
viewing activity, 53<br />
Network Address Translation. See<br />
NAT<br />
node limit, viewing, 69<br />
P<br />
password<br />
changing, 121<br />
setting up, 27<br />
product key, 127<br />
installing, 127<br />
Index 155
Index<br />
R<br />
Remote Access VPN sites, 96<br />
reports<br />
active computers, 68<br />
active connections, 67<br />
event log, 65<br />
node limit, 69<br />
viewing, 65<br />
S<br />
Safe@ Portal<br />
accessing through the Internet,<br />
58<br />
logging off, 51<br />
logging on, 45, 47<br />
using, 49<br />
Safe@Home, 7, 8<br />
Safe@Home Pro, 7, 8<br />
Safe@Office, 7, 8<br />
Safe@Office Plus, 7, 8<br />
S-box<br />
about, 7<br />
changing internal IP address of,<br />
55<br />
configuring Internet connection,<br />
27<br />
features, 10<br />
front panel, 13<br />
installing, 26<br />
rear panel, 12<br />
rebooting, 142<br />
registering, 131<br />
resetting to factory defaults, 141<br />
setting up as a VPN server, 109<br />
software, 7<br />
technical specifications, 145<br />
security<br />
configuring virtual servers, 72<br />
creating rules, 74<br />
defining a computer as DMZ, 77<br />
firewall, 71<br />
managed services, 79<br />
156<br />
SofaWare S-box Getting Started Guide<br />
setting policy, 71<br />
Service Center<br />
connecting to, 79<br />
disconnecting from, 83<br />
refreshing a connection to, 93<br />
services, 79<br />
canceling, 83<br />
Email Anti Virus, 87<br />
software updates, 91, 132<br />
status of, 83<br />
subscribing to, 79<br />
viewing information on, 83<br />
Web Filtering, 84<br />
setup<br />
advanced, 35<br />
wizard, 29<br />
Site to Site VPN gateways, 102<br />
software updates, 132<br />
checking for manually, 91<br />
explained, 91<br />
software, upgrading, 127<br />
static routes<br />
adding, 59<br />
deleting, 63<br />
viewing and editing, 61<br />
T<br />
TCP/IP<br />
setting up for MAC OS, 24<br />
setting up for Windows 95/98,<br />
15<br />
setting up for Windows<br />
XP/2000, 20<br />
troubleshooting<br />
rebooting the S-box, 142<br />
resetting the S-box to factory<br />
defaults, 141<br />
viewing firmware status, 140<br />
troubleshooting, 135<br />
running diagnostics, 143<br />
typographical conventions, 9
U<br />
users<br />
deleting, 126<br />
setting up remote VPN access<br />
for, 126<br />
viewing and editing, 124<br />
V<br />
virtual private network. See VPN<br />
virtual servers, configuring, 72<br />
VPN clients, explained, 95<br />
VPN functionality<br />
in Safe@Home Pro, 96<br />
in Safe@Office, 96<br />
VPN gateways<br />
explained, 95<br />
Site to Site, 102<br />
VPN server, setting up the S-box<br />
as, 109<br />
VPN servers, explained, 95<br />
VPN sites<br />
adding and editing in<br />
Safe@Home Pro, 96<br />
adding and editing in<br />
Safe@Office, 102<br />
deleting, 110<br />
enabling/disabling, 110<br />
logging off, 118<br />
logging on, 114<br />
Remote Access, 96, 102<br />
VPN tunnels<br />
creation and closing of, 118<br />
establishing, 114<br />
explained, 95<br />
viewing, 118<br />
VPN, explained, 95<br />
W<br />
Web Filtering<br />
disabling, 84<br />
enabling, 84<br />
selecting categories for, 85<br />
snoozing, 85<br />
Index<br />
Index 157