How it Works
HotBrick
Loading...
VPN 600/2
User Manual
64 pgs2.65 Mb0

HotBrick VPN 600/2, VPN 1200/2 User Manual

Firewall VPN 600/2 – 1200/2 User Manual
HotBrick Firewall VPN 600/2 - 1200/2
Don’t get hacked, get…
Don’t get hacked, get…
Firewall VPN 600/2 - 1200/2 User Manual
1
HotBrick Firewall VPN 600/2 - 1200/2
Copyright Notice
Copyright HotBrick Incorporated, 2003. All rights reserved.
No part of this document may be copied, reproduced, or transmitted by any means, for any purpose without prior written permission from HotBrick Incorporated.
Disclaimer
HotBrick Incorporated shall not be liable for technical or editorial errors or omissions contained herein; nor for incidental or consequential damages resulting from furnishing this material, or the performance or use of the product.
HotBrick Incorporated reserves the right to change the product specification without notice. Information in this document may change without notice.
Trademarks
Microsoft, Windows 98, ME, 2000, NT, XP are registered trademarks of the Microsoft Corporation. All other brand and product names mentioned herein may be registered trademarks of their respective owners.
Customers should ensure that their use of this product does not infringe upon any patent rights. Trademarks mentioned in this publication are used for identification purposes only and are properties of their respective companies.
Don’t get hacked, get…
Firewall VPN 600/2 - 1200/2 User Manual
2
HotBrick Firewall VPN 600/2 - 1200/2
Table of Contents
1. Initial Setup............................................................................................................................5
2. Logging In.............................................................................................................................9
3. Changing the Administrator Account and Password..................................................................... 12
4. Configuring the Firewall VPN for Your Network........................................................................... 15
5. Configuring the Firewall VPN ................................................................................................... 20
6. Adding a VPN tunnel .............................................................................................................. 24
7. Overview of Advanced Setup...................................................................................................28
Basic Network Setup.............................................................................................................. 28
Status ............................................................................................................................. 28
Setup.............................................................................................................................. 28
Load Balance....................................................................................................................32
Monitor............................................................................................................................ 32
Network Policy...................................................................................................................... 33
Service............................................................................................................................ 33
Rules .............................................................................................................................. 33
Add Service...................................................................................................................... 34
Special Rules.................................................................................................................... 35
Session Control ................................................................................................................ 36
Anti-DoS.......................................................................................................................... 38
IPS ................................................................................................................................. 38
Traffic Control .................................................................................................................. 39
VPN .................................................................................................................................... 39
Status ............................................................................................................................. 39
Configure......................................................................................................................... 40
Certificate........................................................................................................................ 40
RADIUS ........................................................................................................................... 41
Users .............................................................................................................................. 42
PPTP/L2TP .......................................................................................................................42
View Log.......................................................................................................................... 43
How to Configure the HotBrick Firewall VPN Server for Remote User access ............................... 44
Configure a VPN Connection to Your Corporate Network in Windows 2000 ................................. 44
Configure a VPN Connection to Your Corporate Network in Windows XP..................................... 44
Web Filter ............................................................................................................................ 45
URL ................................................................................................................................ 46
Schedule ......................................................................................................................... 47
Intranet............................................................................................................................... 47
DHCP Information ............................................................................................................. 47
DHCP Add & Del................................................................................................................ 48
One to One NAT................................................................................................................ 48
System Service..................................................................................................................... 49
Time ............................................................................................................................... 49
Administrator ...................................................................................................................49
Version............................................................................................................................ 50
Backup ............................................................................................................................ 51
Restore ........................................................................................................................... 51
Diagnostic........................................................................................................................ 51
Log ..................................................................................................................................... 52
View Log.......................................................................................................................... 52
Log Settings..................................................................................................................... 53
Don’t get hacked, get…
Firewall VPN 600/2 - 1200/2 User Manual
3
HotBrick Firewall VPN 600/2 - 1200/2
Remote Log ..................................................................................................................... 54
Web Statistics ..................................................................................................................54
Search ............................................................................................................................ 54
Exit..................................................................................................................................... 55
Quick Tips............................................................................................................................ 55
How to Use Port Triggering..................................................................................................... 56
How to Use Standard Transparent Mode ................................................................................... 58
APPENDIX A – Commonly Used Ports and Services..................................................................... 61
APPENDIX B – Common Services and Ports............................................................................... 63
Don’t get hacked, get…
Firewall VPN 600/2 - 1200/2 User Manual
4
HotBrick Firewall VPN 600/2 - 1200/2
1. Initial Setup
The Firewall VPN 600/2 - 1200/2 is configurable for a variety of network environments, and will automatically reconfigure itself, if possible, to avoid collision with your existing networks.
Each HotBrick box contains the following:
1 HotBrick 1200/2 Firewall VPN or 1 HotBrick 600/2 Firewall VPN 1 Power Cord 2 Patch Cables (1 red cross over cable, 1 blue straight-thru patch cable) 2 Mounting Brackets 4 Mounting Screws
Connect either a 568A or 568B standard straight-thru network patch cable plug from one of the LAN ports of the Firewall VPN 600/2 - 1200/2 to the network card of a client computer.
1. Plug in the power cable into your Firewall VPN 600/2 - 1200/2.
2. Power on your client computer.
3. Verify you client computer has the following network setup.
Windows 2000 Professional
StartÆSettingsÆNetwork and Dial-up connectionsÆLocal Area Connection (Figure 1.1)
Don’t get hacked, get…
Windows 2000 Professional, Network configuration
Figure 1.1
Firewall VPN 600/2 - 1200/2 User Manual
5
This will bring up a window like Figure 1.2.
Windows 2000 Professional, Local Area Connection Status, Properties button circled.
HotBrick Firewall VPN 600/2 - 1200/2
Figure 1.2
Click on the properties button to bring up a window like Figure 1.3. First click on Internet Protocol (TCP/IP), then click the properties button.
Windows 2000 Professional, Local Area Connection Properties, TCP/IP marked, Properties button circled.
Don’t get hacked, get…
Figure 1.3
Firewall VPN 600/2 - 1200/2 User Manual
6
HotBrick Firewall VPN 600/2 - 1200/2
This should bring up the Internet Protocol (TCP/IP) Properties page, please make sure that both “Obtain an IP address automatically,” and “Obtain DNS server address automatically” are both selected.
Windows 2000 Professional, Internet Protocol (TCP/IP) Properties
Figure 1.4
The Firewall VPN 600/2 - 1200/2 will automatically assign your computer an IP address, netmask and gateway.
You can verify this by opening a command or Ms-Dos prompt on your windows machine and typing ipconfig into the command line. You should see something like Figure 1.5.
*Note: The default configuration for the Firewall VPN 600/2 - 1200/2 is to allocate a 192.168.1.1/24 IP
address with a gateway of 192.168.1.1. If that does not work use 172.16.0.1
Verify your setup using the command line and typing ipconfig
Figure 1.5
If you fail to receive an IP address, netmask, and gateway, the result from ipconfig may look something like Figure 1.6. To remedy this, please reboot your client computer, and try the previous steps again.
Don’t get hacked, get…
Firewall VPN 600/2 - 1200/2 User Manual
7
Figure 1.6
If your computer fails to receive DHCP, this is what may appear when you type ipconfig
HotBrick Firewall VPN 600/2 - 1200/2
More advanced windows users can try typing ipconfig /renew as seen in Figure 1.7.
Renew your DHCP allocation using ipconfig /renew
Figure 1.7
If this should still fail, you can try manually configuring your client computer.
Don’t get hacked, get…
Firewall VPN 600/2 - 1200/2 User Manual
8
HotBrick Firewall VPN 600/2 - 1200/2
2. Logging In
Once you have physically connected the necessary network cables and powered up both the Firewall VPN 600/2 - 1200/2 and the client machine, and verified your network setup on the client computer, you need to open a SSL enabled web browser that can handle forms and connect to the web GUI of the Firewall VPN 600/2 - 1200/2
Using the gateway IP that is displayed when you type ipconfig, open up a browser, and type in (in the case shown before) https://172.16.0.1:8443
192.168.1.1, type https://192.168.1.1:8443
Type https://172.16.0.1:8443
into the URL field. If you have some other gateway, such as into the URL field.
Figure 2.1
or other gateway IP address shown when you type ipconfig
You will see a Security Alert popup dialog box (Figure 2.2) warning you that you are switching to a secure connection, followed by a second Security popup dialog box warning about the details of the actual security certificate (Figure 2.3). Click through these dialog boxes answering in the affirmative and you will see the login interface (Figure 2.4).
Don’t get hacked, get…
Secure connection security alert with URL highlighted.
Figure 2.2
Firewall VPN 600/2 - 1200/2 User Manual
9
HotBrick Firewall VPN 600/2 - 1200/2
Security certificate security alert with URL highlighted
Figure 2.3
Firewall VPN 600/2 - 1200/2 login interface
Figure 2.4
The default login is “admin” with a password “123456” (Figure 2.5). If you should enter any of the above incorrectly, the Firewall VPN will let you know (Figure 2.6).
Don’t get hacked, get…
Firewall VPN 600/2 - 1200/2 User Manual
10
HotBrick Firewall VPN 600/2 - 1200/2
Firewall VPN1200 login interface with default login entered
Figure 2.5
Don’t get hacked, get…
Incorrect account or password
Figure 2.6
11
Firewall VPN 600/2 - 1200/2 User Manual
HotBrick Firewall VPN 600/2 - 1200/2
3. Changing the Administrator Account and Password
Once you have logged in, the first thing you should do is change the administrator password and/or the administrator account name. To do this from the default login screen, click on the Advanced Setup button on the left panel to access the advanced menus (Figure 3.1).
Default login screen with Advanced Setup button circled
Figure 3.1
The advanced menus are a series of links across the top in alphabetical order, matched with tabs specific to the selected menu. The default page showing when you click on the Advanced Setup button will be the Basic Setup menu with the Status tab selected (Figure 3.2).
Don’t get hacked, get…
Default Advanced Setup page with advanced menus circled
Figure 3.2
Firewall VPN 600/2 - 1200/2 User Manual
12
HotBrick Firewall VPN 600/2 - 1200/2
From here, click on the System Service menu link to bring up the System Service tabs. The default tab showing will be the Time tab which allows you to configure the Firewall VPN’s clock. You are looking for the Administrator tab (Figure 3.3). Click on it to bring up Figure 3.4.
System Service tabs with Administrator tab circled.
Figure 3.3
Administrator tab with Administrator Status block marked.
Figure 3.4
Once on this tab, you can see immediately the first item on the page is the Administrator account information (Figure 3.4). This should be fairly self-explanatory; Name is the current login name of the administrator, Old Password is the old password, New Password is the password you want to change the old password to, Verify is a second New Password field to be sure you have not mistyped it the first time, and E-mail Address is the email address of the administrator, to which critical email messages from the
Don’t get hacked, get…
Firewall VPN 600/2 - 1200/2 User Manual
13
HotBrick Firewall VPN 600/2 - 1200/2
Firewall VPN will be sent. Make any changes to these fields as you like. These changes are not final until you scroll down and click on the Update button (Figure 3.5). The Firewall VPN will verify it has performed the change (Figure 3.6). Click Exit to return to the Administrator tab. Note: You may change the administrator login name and the email address without entering a password. Changing the password is the only function that requires a reconfirmation of the old password. Additionally, the administrator login name cannot have any slashes (“/” or “\”) or spaces and is limited to 16 characters, while the password cannot have any spaces, backslashes (“\”), or periods and is limited to 12 characters.
Congratulations, you have performed your first Firewall VPN customization!
Administrator tab with Update button circled.
Figure 3.5
Figure 3.6
Password Updated Confirmation Screen
Don’t get hacked, get…
Firewall VPN 600/2 - 1200/2 User Manual
14
HotBrick Firewall VPN 600/2 - 1200/2
4. Configuring the Firewall VPN for Your Network
To configure your Firewall VPN for the first time we recommend using the Setup Wizard, which can be accessed at any time from a similarly named button on the left menu (figure 4.1).
System Service menu, Administrator tab with the Setup Wizard button circled.
Figure 4.1
Clicking on the Setup Wizard button will bring up the first of four major steps to configuring your Firewall VPN, Network Mode (Figure 4.2). You might notice along the top there are different menus, Network Setup, Network Policy, and Add VPN Tunnel. These menus lead to different wizards covering the major aspects of your Firewall VPN; network configuration, Firewall rules, and adding new VPN tunnels respectively.
Don’t get hacked, get…
Setup Wizard, Network Setup Step 1/4, Network Mode.
Figure 4.2
Firewall VPN 600/2 - 1200/2 User Manual
15
HotBrick Firewall VPN 600/2 - 1200/2
The network modes are defined as follows.
NAT Only:
This mode refers to the network configuration in which the Firewall VPN external IP and DMZ IP’s share the same subnet, but the LAN uses a private addressing scheme for its IP’s. This is one of the most common network configurations for fixed external IP’s on broadband connections; with the only major difference between implementations is how LAN IP addresses are handled.
NAT with PPPoE Client:
This mode is similar to the NAT only network configuration except that your ISP configures the gateway IP address and Firewall VPN external IP and netmask. There is no DMZ in this configuration, since PPPoE only supports the auto-configuration of a single “dial-up” machine by the ISP. This is increasingly becoming a common network configuration for the home user subscribing to ADSL.
NAT with DHCP Client:
This mode is similar to the NAT with PPPoE Client network configuration except that instead of using PPPoE, the Firewall VPN obtains its gateway, external IP and netmask from a DHCP server. This is not to be confused for using DHCP in your own LAN, but rather DHCP for configuring your external real IP of the Firewall VPN. Like the PPP and PPPoE configurations, there is no DMZ.
Depending on the type of network mode you choose, your second step, the configuration of real IPs of your Firewall VPN, will vary.
If you selected NAT only, your second step (Figure 4.3a) will again consist of filling in the blanks corresponding to information given to you by your ISP.
Setup Wizard, Network Setup 2/4, Network Settings, NAT Only, sample settings.
Figure 4.3a
Selecting NAT with PPPoE Client will bring you to a screen where you enter your user name and password to log into your ADSL provider (Figure 4.3b).
Don’t get hacked, get…
Firewall VPN 600/2 - 1200/2 User Manual
16
HotBrick Firewall VPN 600/2 - 1200/2
Setup Wizard, Network Setup 2/4, Network Settings, NAT with PPPoE Client, sample settings
Figure 4.3b
Selecting NAT with DHCP Client, luckily means that there is no configuration needed in this step. Click on Next to continue (Figure 4.3d).
Setup Wizard, Network Setup 2/4, Network Settings, NAT with DHCP Client
Figure 4.3d
The third step is for configuring the internal IP of the Firewall VPN. Naturally for Standard Transparent mode, which has no internal IP, this step needs no configuration (Figure 4.4a). However for all NAT modes, this step is the same. You may notice the Firewall VPN is already configured for a 192.168.0.1/16 network (Figure 4.4b). Simply change these values to match your internal network needs. All computers connecting to the LAN ports of the Firewall VPN require the IP entered here as their gateway.
Don’t get hacked, get…
Firewall VPN 600/2 - 1200/2 User Manual
17
Figure 4.4a
Setup Wizard, Network Setup 3/4, Network Settings, Standard Transparent
HotBrick Firewall VPN 600/2 - 1200/2
Setup Wizard, Network Setup 3/4, Network Settings, all NAT modes
Figure 4.4b
The fourth and final step for configuring the network setup of the Firewall VPN is setting the Firewall VPN’s hostname and primary DNS. The hostname cannot have any uppercase or otherwise non-alphanumeric characters. Once you have filled in this information, click Finish to finalize your network configuration.
Setup Wizard, Network Setup 4/4, Network Settings, all modes.
Figure 4.5
Don’t get hacked, get…
Firewall VPN 600/2 - 1200/2 User Manual
18
HotBrick Firewall VPN 600/2 - 1200/2
Clicking on finish will bring up a screen that shows text similar to Figure 4.6. You might notice there is a thirty second countdown in the lower left hand status bar. When the countdown is finished, the Firewall VPN will confirm what mode you have selected, and then will ask you to reconnect (Figure 4.7).
Congratulations, your Firewall VPN is now ready to be placed into your network!
Setup Wizard, Network Setup finalization.
Figure 4.6
Setup Wizard, Network Setup Changed, NAT Only, “please reconnect.”
Figure 4.7
Don’t get hacked, get…
Firewall VPN 600/2 - 1200/2 User Manual
19
HotBrick Firewall VPN 600/2 - 1200/2
5. Configuring the Firewall VPN
By default, the Firewall VPN is completely open to minimize installation problems. However, this is not optimal in terms of information security. To begin configuring the firewall, click on the Setup Wizard button on the left menu. This will bring up the Network Settings Wizard (Figure 4.2). As noted before, the menus along the top change to reflect the three major wizards for the Firewall VPN. In this case we are interested in the Network Policy link (Figure 5.1).
Setup Wizard, Network Setup screen, Network Policy link circled.
Figure 5.1
After clicking on the Network Policy link, you will see a screen similar to Figure 5.2. This was designed for quickly adding and removing services, critical for your network needs. Most of the common services can be added via the Common Services radio button and pull down menu (Figure 5.3).
Don’t get hacked, get…
Setup Wizard, Network Policy.
Figure 5.2
20
Firewall VPN 600/2 - 1200/2 User Manual
Loading...
+ 44 hidden pages
Buy Points How it Works FAQ Contact Us Questions and Suggestions Privacy Policy Cookie Policy Terms of Use