GemTek Technology ISA550 User Manual
ADMINISTRATION
GUIDE
Cisco Small Business
ISA500 Series Integrated Security Appliance
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found
at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply
a partnership relationship between Cisco and any other company. (1005R)
© 2011 Cisco Systems, Inc. All rights reserved. OL-23370-01
Federal Communication Commission Interference Statement
(For ISA570 and ISA570W)
This equipment has been tested and found to compl y with the limits for a Class A digital d evice, pursuant
to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmfu l
interference when the equipment is operated in a commercial environment. This equipment genera tes,
uses, and can radiate radio frequency energy and, if not insta lled and used in accordance with the
instruction manual, may cause harmful interference to radio communications. Operation of this
equipment in a residential area is likely to cause harmful interference in which case the user will be
required to correct the interference at his own expense.
(For ISA550 and ISA550W)
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuan t
to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful
interference in a residential installation. This equipment generates, us es and can radi ate radio frequency
energy and, if not installed and used in accordance with the instructi ons, may cause harmful interference
to radio communications. However, there is no guarantee that interference will not occur in a particular
installation. If this equipment does cause harmful interference to radio or television reception, which
can be determined by turning the equipment off and on, the user is encouraged to try to correct the
interference by one of the following measures:
• Reorient or relocate the receiving antenna.
• Increase the separation between the equipment and receiver.
• Connect the equipment into an outlet on a circuit different from that to which the receiver is
connected.
• Consult the dealer or an experienced radio/TV technician for help.
FCC Caution: Any changes or modifications not expressly approved by the party responsible for
compliance could void the user's authority to operate this equipment.
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two
conditions: (1) This device may not cause harmful interference, and (2) this device must accept any
interference received, including interference that may cause undesired operation.
IMPORTANT NOTE:
FCC Radiation Exposure Statement: (For ISA550W and ISA570W)
This equipment complies with FCC radiation exposure limits set forth for an uncontrol led environment.
This equipment should be installed and operated with minimum distance 20cm between the radiator &
your body.
This transmitter must not be co-located or operating in conjunction with any oth er antenna or transmitter.
The availability of some specific channels and/or operational frequency bands are country dependent
and are firmware programmed at the factory to match the intended destination. The firmware setting is
not accessible by the end user.
Industry Canada statement:
This device complies with RSS-210 of the Industry Canada Rules. Operation is subject to the following
two conditions: (1) This device may not cause harmful interference, and ( 2) this device must accept any
interference received, including interference that may cause undesired operation.
OL-23370-01
3
Ce dispositif est conforme à la norme CNR-210 d'Industrie Canada applicable aux appareils radio
exempts de licence. Son fonctionnement est sujet aux deux conditions suivantes: (1) le dispositif ne doi t
pas produire de brouillage préjudiciable, et (2) ce dispositif doit accepter tout brouill age reçu, y compris
un brouillage susceptible de provoquer un fonctionnement indésirable.
IMPORTANT NOTE:
Canada Radiation Exposure Statement: (For ISA550W and ISA570W)
This equipment complies with Canada radiation exposure limits set forth for an uncontrolled
environment. This equipment should be installed and operated with minimum distance 20cm between
the radiator and your body.
NOTE IMPORTANTE: (Pour l'utilisation de dispositifs mobiles)
Déclaration d'exposition aux radiations:
Cet équipement est conforme aux limites d'exposition aux rayonnements IC établies pour un
environnement non contrôlé. Cet équipement doit être installé et utilisé avec un minimum de 20 cm de
distance entre la source de rayonnement et votre corps.
This device has been designed to operate with an antenna having a maximum ga in of 1.8 dBi. Antenna
having a higher gain is strictly prohibited per regulations of Industry Canada. The required antenna
impedance is 50 ohms.
Under Industry Canada regulations, this radio transmitter may only operate using an antenna of a type
and maximum (or lesser) gain approved for the transmitter by Industry Canada. To reduce potential radio
interference to other users, the antenna type and its gain should be so chosen that the equivalent
isotropically radiated power (e.i.r.p.) is not more than that necessary for successful communication.
(Le manuel d'utilisation de dispositifs émetteurs équipés d'antennes amovibles doit contenir les
informations suivantes dans un endroit bien en vue:)
Ce dispositif a été conçu pour fonctionner avec une antenne ayant un gain maximal de 1.8 dBi. Une
antenne à gain plus élevé est strictement interdite par les règlements d'Industrie Canada. L'impédance
d'antenne requise est de 50 ohms.
Conformément à la réglementation d'Industrie Canada, le présent émetteur radio peutfonctionner avec
une antenne d'un type et d'un gain maximal (ou inférieur) approuvé pourl'émetteur par Ind ustrie Canada.
Dans le but de réduire les risques de brouillage radioélectriqueà l'intention des aut res utilisateurs, il faut
choisir le type d'antenne et son gain de sorte que lapuissance isotrope rayonnée équivalente (p.i.r.e.) ne
dépasse pas l'intensité nécessaire àl'établissement d'une communication satisfaisante.
UL/CB
Rack Mount Instructions - The following or similar rack-mount instructions are included with the
installation instructions:
A) Elevated Operating Ambient - If installed in a closed or multi-unit rack assembly, the operating
ambient temperature of the rack environment may be greater than room ambient. Therefore,
consideration should be given to installing the equipment in an environment compatible with the
maximum ambient temperature (Tma) 40 degree C specified by the manufacturer.
B) Reduced Air Flow - Installation of the equipment in a rack should be such that the amount of air flow
required for safe operation of the equipment is not compromised.
C) Mechanical Loading - Mounting of the equipment in the rack should be such that a hazardous
condition is not achieved due to uneven mechanical loading.
4
OL-23370-01
D) Circuit Overloading - Consideration should be given to the connection of the equ ipment to the supply
circuit and the effect that overloading of the circuits might have on overcurrent protection and supply
wiring. Appropriate consideration of equipment nameplate ratings should be used when addressing this
concern.
OL-23370-01
5
6
OL-23370-01
Contents
Chapter 1: Getting Started 12
Introduction 12
Feature Overview 13
Device Overview 14
Front Panel 14
Back Panel 17
Installation 18
Before You Begin 19
Installation Options 19
Placement Tips 19
Wall Mounting 20
Rack Mounting 21
Hardware Installation 22
Getting Started with the Configuration Utility 23
Launching the Configuration Utility 23
Navigating Through the Configuration Utility 24
Using the Help System 25
Using the Management Buttons 25
About the Default Settings 25
Performing Common Configuration Tasks 27
Changing the User Name and Password of the Default Administrator Account
at Your First Login 27
Saving Your Configuration 28
Upgrading the Firmware if needed 29
Resetting the Device 30
Chapter 2: Wizards 32
Using the Startup Wizard 32
Using the Wireless Wizard to Configure the Wireless Settings for ISA550W and
ISA570W 40
Using the Wireless Wizard to Configure the Wireless Settings 41
Configuring the SSID for Intranet WLAN Access 43
Configuring the SSID for Guest WLAN Access 44
Configuring the SSID for Guest WLAN Access (Captive Portal) 45
Cisco ISA500 Series Integrated Security Appliance Administration Guide 1
Contents
Using the DMZ Wizard to Configure the DMZ Settings 46
Using the DMZ Wizard to Configure the DMZ Settings 47
Configuring the DMZ 48
Configuring the DMZ Services 49
Using the Dual WAN Wizard to Configure the WAN Redundancy Settings 51
Using the Site-to-Site Wizard to Establish the Site-to-Site VPN Tunnels 53
Using the Site-to-Site Wizard to Establish the Site-to-Site VPN tunnel 53
Configuring the IKE Policies 55
Configuring the Transform Policies 57
Using the Remote Access Wizard to Establish the IPSec VPN Tunnels or SSL VPN
Tunnels for Remote Access 58
Using Cisco IPSec VPN to Establish the IPSec VPN Tunnels 58
Configuring the Cisco IPSec VPN User Groups 63
Using SSL VPN to Establish the SSL VPN Tunnels 63
Configuring the SSL VPN Group Policies 66
Configuring the SSL VPN User Groups 69
Chapter 3: Status 70
System Status 70
Interface Status 74
ARP Table 74
DHCP Pool Assignment 75
Interface 75
Interface Statistics 77
Wireless Status for ISA550W and ISA570W 79
Wireless Status 80
Client Status 81
Active Users 81
VPN Status 81
IPSec VPN Status 82
SSL VPN Status 83
Reports 85
Reports of Event Logs 86
Reports of WAN Bandwidth 87
Reports of Security Services 87
Cisco ISA500 Series Integrated Security Appliance Administration Guide 2
Web Security Blocked Report 88
Anti-Virus Report 88
Email Security Report 89
Network Reputation Report 90
IPS Policy Protocol Inspection Report 90
IM and P2P Blocking Report 91
Contents
Process Status 92
Resource Utilization 92
Chapter 4: Networking 94
Configuring IP Routing Mode 95
Port Management 95
Viewing the Status of Physical Interfaces 95
Configuring the Physical Interfaces 96
Configuring 802.1X Access Control on Physical Ports 98
Configuring the Port Mirroring 100
Configuring the WAN 101
Configuring the Primary WAN 101
Configuring the Secondary WAN 104
Configuring the Network Addressing Mode 106
Configuring the PPPoE Profiles 111
Configuring the WAN Redundancy 112
Loading Balancing for WAN Redundancy 113
Load Balancing with Policy-based Routing Configuration Example 115
Failover for WAN Redundancy 116
Routing Table for WAN Redundancy 117
Configuring the Link Failover Detection 117
Configuring the VLAN 118
Configuring the VLANs 119
Configuring DHCP Reserved IPs 122
Configuring the DMZ 123
Configuring the Zones 127
Security Levels for Zones 128
Predefined Zones 128
Cisco ISA500 Series Integrated Security Appliance Administration Guide 3
Contents
Configuring the Zones 129
Configuring the Routing 130
Configuring the Routing Mode 131
Viewing the Routing Table 131
Configuring the Static Routing 132
Configuring the Dynamic Routing 133
Configuring Policy-based Routing Settings 134
Priority of Routing Rules 136
Dynamic DNS 136
IGMP 138
VRRP 139
Configuring the Quality of Service 140
General QoS Settings 141
Configuring the WAN QoS 141
Managing the WAN Bandwidth for Upstream Traffic 142
Configuring the WAN Queue Settings 142
Configuring the Traffic Selectors for WAN Interfaces 144
Configuring the WAN QoS Policy Profiles 145
Mapping the WAN QoS Policy Profiles to WAN Interfaces 146
Configuring the LAN QoS 147
Configuring the LAN Queue Settings 147
Configuring the LAN QoS Classification Methods 148
Mapping CoS to LAN Queue 149
Mapping DSCP to LAN Queue 149
Configuring Default CoS 149
Configuring the Wireless QoS 150
Default Wireless QoS Settings 150
Configuring the Wireless QoS Classification Methods 151
Mapping CoS to Wireless Queue 151
Mapping DSCP to Wireless Queue 151
Address Management 152
Configuring the Addresses 152
Configuring the Group Addresses 153
Service Management 154
Configuring the Services 154
Cisco ISA500 Series Integrated Security Appliance Administration Guide 4
Configuring the Group Services 155
Contents
Chapter 5: Wireless Configuration for ISA550W and ISA570W 157
Configuring the Radio Settings 157
Basic Radio Settings 158
Advanced Radio Settings 160
Configuring the Access Points 162
Configuring the Security Mode 162
Controlling the Wireless Access Based on MAC Addresses 169
Mapping the SSID to VLAN 170
Configuring the SSID Schedule 171
Configuring Wi-Fi Protected Setup 172
Configuring Wireless Rogue AP Detection 173
Configuring Wireless Captive Portal 174
Chapter 6: Firewall 177
Configuring the Firewall Access Rules to Control Inbound and Outbound Traffic
178
Default Firewall Settings 178
Priorities of Firewall Access Rules 180
Preliminary Tasks for Configuring the Firewall Access Rules 180
General Settings for Configuring the Firewall Access Rules 181
Configuring a Firewall Access Rule 183
Configuring a Firewall Access Rule to Allow the Multicast Traffic 185
Configuring the Firewall Schedule 186
Firewall Access Rule Configuration Examples 187
Configuring the NAT Rules to Securely Access a Remote Network 192
Configuring Dynamic PAT Rules 193
Configuring Static NAT Rules 194
Configuring Port Forwarding Rules 195
Configuring Port Triggering Rules 196
Configuring Advanced NAT Rules 197
Viewing NAT Translation Status 199
Cisco ISA500 Series Integrated Security Appliance Administration Guide 5
Priorities of NAT Rules 200
Configuring the Session Settings 200
Configuring the Content Filtering to Control Access to Internet 201
Configuring the Content Filtering Policy Profiles 201
Configuring the Website Access Control List 203
Mapping the Content Filtering Policy Profiles to Zones 204
Configuring Advanced Settings 204
Configuring the MAC Filtering to Permit or Block Traffic 205
Configuring the IP/MAC Binding to Prevent Spoofing 206
Configuring the Attack Protection 207
Configuring the Application Level Gateway 209
Contents
Chapter 7: Security Services 210
Managing the Security Services 210
About the Security Services 211
Security License 212
Priority of Security Services 212
Managing the Security Services 212
Viewing the Security Service Reports 214
Intrusion Prevention Service 214
General IPS Settings 215
Configuring the IPS Policy and Protocol Inspection 216
Blocking the Instant Messaging and Peer-to-Peer Applications 218
Anti-Virus 220
Configuring the Anti-Virus 220
Configuring the Email Notification 223
Configuring the HTTP Notification 224
Email Reputation Filter 224
Web URL Filter 226
Configuring the Web URL Filter Policy Profiles 226
Configuring the Whitelist and Blacklist of Websites 227
Mapping the Web URL Filter Policy Profiles to Zones 228
Cisco ISA500 Series Integrated Security Appliance Administration Guide 6
Configuring Advanced Web URL Filter Settings 229
Web Reputation Filter 230
Network Reputation 231
Contents
Chapter 8: VPN 232
About VPN 232
Configuring the Cisco IPSec VPN Server 233
Cisco VPN Client Compatibility 234
Configuring the Group Policies for Cisco IPSec VPN Server 235
Configuring the Cisco IPSec VPN Client 238
Restrictions for Cisco IPSec VPN Client 239
Benefits of the Cisco IPSec VPN Client Feature 239
Modes of Operation 240
Client Mode 240
Network Extension Mode 241
General Settings 242
Configuring the Group Policies for Cisco IPSec VPN Client 243
Configuring the Site-to-Site VPN 246
Configuration Tasks to Establish a Site-to-Site VPN 246
General Site-to-Site VPN Settings 247
Configuring the IPSec VPN Policies 248
Configuring the IPSec IKE Policies 254
Configuring the IPSec Transform Policies 256
Configuring the SSL VPN 257
Elements of the SSL VPN 258
Configuration Tasks to Establish a SSL VPN Tunnel 259
Installing the Cisco AnyConnect VPN Client on User’s PC 260
Importing the Certificates for User Authentication 260
Configuring the SSL VPN Users 260
Configuring the SSL VPN Gateway 261
Configuring the SSL VPN Group Policies 263
Configuring the SSL VPN Portal 266
Configuring the L2TP Server 266
Cisco ISA500 Series Integrated Security Appliance Administration Guide 7
Configuring the VPN Passthrough 268
Viewing the VPN Status 268
Monitoring the IPSec VPN Status 269
Monitoring the SSL VPN Status 270
Contents
Chapter 9: User Management 273
About the Users and Groups 273
Available Services for User Groups 273
Default User and Group 274
Preempt the Administrators 274
Configuring the Users and Groups 275
Configuring Local Users 275
Configuring Local User Groups 276
Configuring the User Authentication Settings 277
Authentication Methods for User Login 278
Using Local Database for Authentication 279
Using RADIUS Server for Authentication 279
Using Local Database and RADIUS Server for Authentication 282
Using LDAP for Authentication 283
Using Local Database and LDAP for Authentication 286
Configuring the User Session Settings 286
Viewing Active User Sessions 287
Chapter 10: Device Management 288
Remote Management 289
Administration 290
Changing the User Name and Password for the Default Administrator Account
290
Configuring the User Session Settings 291
SNMP 292
Configuration Management 294
Saving your Current Configurations 294
Restoring your Settings from a Saved Configuration File 295
Cisco ISA500 Series Integrated Security Appliance Administration Guide 8
Contents
Reverting to the Factory Default Settings 296
Firmware Management 297
Viewing the Firmware Information 297
Checking for New Firmwares 298
Upgrading the Firmware 299
Using the Secondary Firmware 300
Firmware Auto Fall Back Mechanism 301
Using the Rescue Mode to Recover the System 302
Rebooting the Security Appliance 302
Log Management 302
Configuring the Log Settings 303
Configuring the Log Facilities 305
Viewing the Logs 306
Managing the Security License 307
Checking the License Status 308
Renewing the Security License 309
Managing the Certificates for Authentication 310
Viewing the Certificate Status 310
Managing the Certificates 311
Exporting the Certificates to Local PC 312
Exporting the Certificates to a USB Device 313
Importing the Certificates from Your Local PC 313
Importing the Certificates from a Mounted USB Device 314
Importing the Signed Certificate for CSR from Your Local PC 314
Generating New Certificate Signing Requests 315
Configuring the Email Alert Settings 316
Configuring the RADIUS Servers 319
Configuring the Time Zone 320
Device Discovery 321
UPnP 321
Bonjour 322
CDP 323
LLDP 324
Cisco ISA500 Series Integrated Security Appliance Administration Guide 9
Diagnosing the Device 324
Ping 325
Tracert 325
DNS Lookup 326
Packet Capture 326
System Diagnostics 327
Measuring and Limiting Traffic with the Traffic Meter 328
Configuring the ViewMaster 330
Configuring the CCO Account 331
Configuring the Device Properties 332
Configuring the Debug Settings 332
Contents
Appendix A: Troubleshooting 333
Internet Connection 333
Date and Time 336
Pinging to Test LAN Connectivity 337
Testing the LAN Path from Your PC to Your Security Appliance 337
Testing the LAN Path from Your PC to a Remote Device 338
Restoring Factory Default Settings 339
Appendix B: Technical Specifications and Environmental Requirements 340
Appendix C: Factory Default Settings 343
Device Management 343
User Management 346
Networking 347
Wireless 352
VPN 353
Security Services 356
Firewall 357
Reports 359
Default Service Objects 360
Default Address Objects 363
Cisco ISA500 Series Integrated Security Appliance Administration Guide 10
Contents
Appendix D: Where to Go From Here 365
Cisco ISA500 Series Integrated Security Appliance Administration Guide 11
Getting Started
This chapter provides the product overview and installation instruction to help you
to install the security appliance, and describes the default settings and some
basic configuration tasks to help you to begin configuring your security appliance.
It includes the following sections:
• Introduction, page 12
• Feature Overview, page 13
1
Introduction
• Device Overview, page14
• Installation, page 18
• Getting Started with the Configuration Utility, page 23
• About the Default Settings, page 25
• Performing Common Configuration Tasks, page 27
The Cisco ISA500 Series Integrated Security Appliances are a set of Unified
Threat Management (UTM) security appliances that provide business class
security gateway solutions with zone-based firewall, site-to-site and remote
access VPN (including Cisco IPSec VPN and SSL VPN) support, and Internet
threat protection with multiple UTM security services. The ISA550W and
ISA570W include 802.11b/g/n access point capabilities.
The following table lists the available model numbers to help you become familiar
with your security appliance.
Cisco ISA500 Series Integrated Security Appliance Administration Guide 12
Getting Started
Feature Overview
1
Models Description Configuration
ISA550 Cisco ISA550 Integrated
ISA550W Cisco ISA550 Integrated
ISA570 Cisco ISA570 Integrated
ISA570W Cisco ISA570 Integrated
Feature Overview
The features of the Cisco ISA500 Series Integrated Security Appliance are
compared in the following table.
Security Appliance
Security Appliance with
WiFi
Security Appliance
Security Appliance with
WiFi
1 WAN port, 2 LAN ports, 4
configurable ports, and 1 USB 2.0 port
1 WAN port, 2 LAN ports, 4
configurable ports, 1 USB 2.0 port,
and 802.11b/g/n
1 WAN port, 4 LAN ports, 5
configurable ports, and 1 USB 2.0 port
1 WAN port, 4 LAN ports, 5
configurable ports, 1 USB 2.0 port,
and 802.11b/g/n
Feature ISA550 ISA550W ISA570 ISA570W
Firewall Throughput
(1000B)
Firewall Throughput
(IMIX)
IPSec VPN (large
packet)
Anti-Virus
Throughput
Intrusion Prevention
Service Throughput
UTM Throughput 45 Mbps 45 Mbps 120 Mbps 120 Mbps
Cisco ISA500 Series Integrated Security Appliance Administration Guide 13
150 Mbps 150 Mbps 300 Mbps 300 Mbps
70 Mbps 70 Mbps 150 Mbps 150 Mbps
75 Mbps 75 Mbps 150 Mbps 150 Mbps
60 Mbps 60 Mbps 130 Mbps 130 Mbps
80 Mbps 80 Mbps 150 Mbps 150 Mbps
Getting Started
282351
Small Business
1
VPN
USB
WAN LAN
CONFIGURABLEPOWER/SYS
SPEED
LINK /ACT
234
56
7
ISA550
Cisco
281983
Small Business
1
VPN
USB
WAN LAN
CONFIGURABLEPOWER/SYS
SPEED
LINK /ACT
234
56
7
WLAN
ISA550W
Cisco
Device Overview
1
Feature ISA550 ISA550W ISA570 ISA570W
Maximum
Concurrent Sessions
Sessions per
Seconds (cps)
Wireless (802.11b/g/n)No Yes No Yes
IPSec Tunnels 50 50 100 100
SSL VPN Tunnels 25 25 50 50
Device Overview
Before you begin to use the security appliance, become familiar with the lights on
the front panel and the ports on the rear panel. It includes the following sections:
15,000 15,000 40,000 40,000
2,500 2,500 3,000 3,000
• Front Panel, page 14
• Back Panel, page 17
Front Panel
ISA550 Front Panel
ISA550W Front Panel
Cisco ISA500 Series Integrated Security Appliance Administration Guide 14
Getting Started
Small Business
1
VPN
USB
WAN LAN
CONFIGURABLEPOWER/SYS
SPEED
LINK /ACT
910
234
56
7
8
282350
ISA570
Cisco
Small Business
1
VPN
USB
WAN LAN
CONFIGURABLEPOWER/SYS
SPEED
LINK /ACT
910
234
56
7
8
WLAN
281980
ISA570W
Cisco
Device Overview
1
ISA570 Front Panel
ISA570W Front Panel
Front Panel Lights
The following table describes the lights on the front panel of the security
appliance. These lights are used for monitoring system activity.
Lights Description
POWER/SYS Indicates the power status and system status.
• Green lights when the system is powered on and
operates normally.
• Green flashes when the system is booting.
• Amber flashes when the system booting has a
problem, a device error occurs, or the system has a
problem.
VPN Indicates the Site-to-Site VPN connection status.
• Green lights when the Site-to-Site VPN tunnel is
established.
• Green flashes when attempting to establish the Site-to-
Site VPN tunnel.
• Amber flashes when the system is experiencing
problems setting up the Site-to-Site VPN connection.
Cisco ISA500 Series Integrated Security Appliance Administration Guide 15
Getting Started
Device Overview
1
Lights Description
USB Indicates the USB device status.
• Green lights when a USB device is detected and
operates normally.
• Green flashes when the USB device is transmitting and
receiving data.
WLAN
(ISA550W and
ISA570W
only)
SPEED Indicates the traffic rate of the associated port.
LINK/ACT Indicates a connection is being made through the port.
NOTE The front panel of the ISA550 and ISA570 does not include the WLAN light.
Indicates the WLAN status.
• Green lights when the WLAN is enabled and
associated.
• Green flashes when the WLAN is transmitting and
receiving data.
• Off when the traffic rate is 10 or 100 Mbps.
• Green lights when the traffic rate is 1000 Mbps.
• Green lights when the link is up.
• Green flashes when the port is transmitting and
receiving data.
Cisco ISA500 Series Integrated Security Appliance Administration Guide 16
Getting Started
281984
ANT02ANT01
RESET
I
/
O
POWER
12VDC
4
5
6
7
CONFIGURABLE
2
3
LAN
1
WAN
ANT01 ANT02
Reset
Button
Power
Switch
Power
Connector
WAN
Por t
USB
Por t
Configurable
Por ts
LAN
Por ts
281981
I
/
O
RESET
ANT02ANT01
1
6
7
8910
WAN
CONFIGURABLE
POWER
12VDC
2
3
4
5
LAN
ANT01 ANT02
Reset
Button
Power
Switch
Power
Connector
WAN
Por t
USB
Por t
Configurable
Por ts
LAN
Por ts
Device Overview
1
Back Panel
The back panel is where you connect the network devices. The ports on the panel
vary depending on the model.
ISA550 and ISA550W Back Panel
ISA570 and ISA570W Back Panel
Cisco ISA500 Series Integrated Security Appliance Administration Guide 17
Getting Started
Installation
1
Back Panel Descriptions
Feature Description
ANT01/ANT02 Threaded connectors for the antennas (for ISA550W and
ISA570W only).
USB Port Connects the unit to a USB device. You can use a USB
device to backup and restore the configurations, or to
upgrade the firmware images.
Configurable
Ports
LAN Ports Connects PCs and other network appliances to the unit.
WAN Port Connects the unit to a DSL or a cable modem, or another
RESET Button To reboot the unit, push and release the RESET button. To
Power Switch Turns the unit on or off.
Power
Connector
NOTE The back panel of ISA550 and ISA570 does not include two threaded connectors
for the antennas.
Can be set to operate as WAN, LAN, or DMZ ports. The
ISA550 and ISA550W have 4 configurable ports. The
ISA570 and ISA570W have 5 configurable ports.
The ISA550 and ISA550W have 2 dedicated LAN ports.
The ISA570 and ISA570W have 4 dedicated LAN ports.
WAN connectivity device.
restore the factory default settings, push and hold the
RESET button for 3 seconds.
Connects the unit to power using the supplied power cord
and adapter.
Installation
This section describes how to install the security appliance. It includes the
following topics:
• Before You Begin, page 19
Cisco ISA500 Series Integrated Security Appliance Administration Guide 18
Getting Started
Installation
1
• Installation Options, page 19
• Hardware Installation, page 22
Before You Begin
Before you begin the installation, make sure that you have the following
equipments and services:
• An active Internet account.
• Mounting kits and tools for installing the hardware. The kits packed with the
security appliance are used for desktop placement and rack mounting. The
kits include 4 rubber feet, 2 brackets, 2 silicon rubber spacers, 8 M3
screws, 4 M5 screws, and 4 washers.
NOTE The Wall-mounting kit is not included.
• RJ-45 Ethernet cables (Category 5 or higher) for connecting computers,
WAN and LAN interfaces, or other devices.
• A computer with Microsoft Internet Explorer 8.0, or Mozilla Firefox 3.6.x (or
later) for using the web-based Configuration Utility.
Installation Options
You can place your security appliance on a desktop, mount it on a wall, or mount it
in a rack. It includes the following topics:
• Placement Tips, page 19
• Wall Mounting, page 20
• Rack Mounting, page 21
Placement Tips
• Ambient Temperature: To prevent the security appliance from overheating,
do not operate it in an area that exceeds an ambient temperature of 104°F
(40°C).
• Air Flow: Be sure that there is adequate air flow around the device.
Cisco ISA500 Series Integrated Security Appliance Administration Guide 19
Getting Started
1
2
4
3
196243
Installation
1
• Mechanical Loading: Be sure that the security appliance is level and stable
to avoid any hazardous conditions.
To place the security appliance on a desktop, install the supplied four rubber feet
on the bottom of the security appliance. Place the security appliance on a flat
surface.
Wall Mounting
There is no wall-mounting kit included with your security appliance. We
recommend that you use the following screws to install your security appliance to
the wall or the ceiling:
1 8mm/0.32 in 2 25mm/0.98 in 3 6.5mm/0.26in 4 18.6mm/0.73in
WARNING Insecure mounting might damage the device or cause injury. Cisco is not
responsible for damages incurred by improper wall-mounting.
To mount the security appliance to the wall:
STEP 1 Determine where you want to mount the security appliance. Verify that the surface
is smooth, flat, dry, and sturdy.
STEP 2 Insert two 18.6 mm (0.73 inch) screws, with anchors, into the wall 234 mm apart
(9.21 inches). Leave 3 to 4 mm (about 1/8 inch) of the head exposed.
STEP 3 Place the security appliance wall-mount slots over the screws. Slide the security
appliance down until the screws fit snugly into the wall-mount slots.
Cisco ISA500 Series Integrated Security Appliance Administration Guide 20
Getting Started
!
Installation
CAUTION Do not overload the power outlet or circuit when installing multiple devices in a
1
Rack Mounting
You can mount the security appliance in any standard size, 19-inch (about 48 cm)
wide rack. The security appliance requires 1 rack unit (RU) of space, which is 1.75
inches (44.45 mm) high.
rack.
STEP 1 Place one of the supplied silicon rubber spacers on the side of the security
appliance so that the four holes align to the screw holes. Place the rack mount
bracket next to the silicon rubber spacer and install the M3 screws.
NOTE If the M3 screws are not long enough to reattach the bracket with the silicon
rubber spacer, attach the bracket directly to the case without the silicon
rubber spacer.
STEP 2 Install the security appliance into a standard rack as shown below. Place the
washers on the brackets so that the holes align to the screw holes and then install
the M5 screws.
Step 1
Step 2
281985
Cisco ISA500 Series Integrated Security Appliance Administration Guide 21
Getting Started
I
/
O
RESET
ANT02ANT01
1
6
7
8910
WAN
CONFIGURABLE
POWER
12VDC
2
3
4
5
LAN
Internet
Access
Device
Public
Web Server
Power
Network
Devices
Installation
1
Hardware Installation
Follow these steps to connect the security appliance:
STEP 1 Connect the security appliance to power using the supplied power cord and
adapter. Make sure that the power switch is turned off.
STEP 2 If you are installing the ISA550W and ISA570W, screw each antenna onto a
threaded connector on the back panel. Orient each antenna to point upward.
STEP 3 For a DSL or cable modem, or other WAN connectivity devices, connect an
Ethernet network cable from the device to the WAN port on the back panel. Cisco
strongly recommends using Cat5E or better cable.
STEP 4 For network devices, connect an Ethernet network cable from the network device
to one of the dedicated LAN ports on the back panel.
STEP 5 For a UC 500 or a UC 300, connect an Ethernet network cable from the WAN port
of the UC 500 or a UC 300 to an available LAN port of the security appliance.
STEP 6 For a UC500 or a UC300, connect an Ethernet network cable from the WAN port of
the UC500 or UC300 to an available LAN port on the back panel of the security
appliance.
STEP 7 Power on the connected devices.
STEP 8 Power on the security appliance. The lights on the front panel for all connected
ports light up to show active connections.
A sample configuration is illustrated below.
Congratulations! The installation of the security appliance is complete.
Cisco ISA500 Series Integrated Security Appliance Administration Guide 22
Getting Started
Getting Started with the Configuration Utility
Getting Started with the Configuration Utility
The Configuration Utility is a web based device manager that is used to provision
the security appliance. To use this utility, you must be able to connect to the
security appliance from your administration PC or laptop. You can access the
security appliance by using web browser such as Microsoft Internet Explorer 8.0,
or Mozilla Firefox 3.6.x (or later). It includes the following sections:
• Launching the Configuration Utility, page 23
• Navigating Through the Configuration Utility, page 24
• Using the Help System, page 25
• Using the Management Buttons, page 25
1
Launching the Configuration Utility
STEP 1 Connect your computer to an available LAN port on the back panel of the security
appliance.
STEP 2 Start a web browser. In the Address bar, enter the default IP address of the
security appliance: 192.168.1.1.
NOTE The above address is the factory default LAN address. If you change this
setting in the DEFAULT VLAN configuration, you will need to enter the new IP
address to connect to the Configuration Utility.
STEP 3 Enter the default user name and password in the login screen:
• Username: cisco
• Password: cisco
STEP 4 Click Login.
For the first login, you are forced to immediately change the default user name and
password of the default administrator account to prevent unauthorized access.
For more information, see Changing the User Name and Password of the
Default Administrator Account at Your First Login, page 27.
Cisco ISA500 Series Integrated Security Appliance Administration Guide 23
Getting Started
1
2
Getting Started with the Configuration Utility
After you change them, the Startup Wizard launches. For more information about
how to use the Startup Wizard to configure your security appliance, see Using the
Startup Wizard, page 32.
Navigating Through the Configuration Utility
Use the left hand navigation pane and content pane to perform the tasks in the
Configuration Utility.
1
Number Components Description
1Left Hand
Navigation
2 Content Pane The content of the feature or subfeature appears in
Cisco ISA500 Series Integrated Security Appliance Administration Guide 24
Pane
The left hand navigation pane provides easy
navigation through the configurable features. The
main branches expand to provide the features.
Click on the main branch title to expand its
contents. Click on the right arrow of a feature to
open its subfeatures, or click on the down arrow of
a feature to contract its subfeatures. Click on the
title of a feature or subfeature to open it.
this area.
Loading...