PLANET SG-500 User Manual

SG-500 VP N Security G atew ay U ser's M anual
VPN Security Gateway
SG-500
User’s Manual
Copyright
Copyright© 2007 by PLANET Technology Corp. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, electronic, mechanical, magnetic, optical, chemical, manual or otherwise, without the prior written permission of PLANET. PLANET makes no representations or warranties, either expressed or implied, with respect to the contents hereof and specifically disclaims any warranties, merchantability or fitness for any particular purpose. Any software described in this manual is sold or licensed "as is". Should the programs prove defective following their purchase, the buyer (and not this company, its distributor, or its dealer) assumes the entire cost of all necessary servicing, repair, and any incidental or consequential damages resulting from any defect in the software. Further, this company reserves the right to revise this publication and to make changes from time to time in the contents hereof without obligation to notify any person of such revision or changes. All brand and product names mentioned in this manual are trademarks and/or registered trademarks of their respective holders.
Disclaimer
PLANET Technology does not warrant that the hardware will work properly in all environments and applications, and makes no warranty and representation, either implied or expressed, with respect to the quality, performance, merchantability, or fitness for a particular purpose. PLANET has made every effort to ensure that this User’s Manual is accurate; PLANET disclaims liability for any inaccuracies or omissions that may have occurred. Information in this User’s Manual is subject to change without notice and does not represent a commitment on the part of PLANET. PLANET assumes no responsibility for any inaccuracies that may be contained in this User’s Manual. PLANET makes no commitment to update or keep current the information in this User’s Manual, and reserves the right to make improvements to this User’s Manual and/or to the products described in this User’s Manual, at any time without notice. If you find information in this manual that is incorrect, misleading, or incomplete, we would appreciate your comments and suggestions.
Trademarks
The PLANET logo is a trademark of PLANET Technology. This documentation may refer to numerous hardware and software products by their trade names. In most, if not all cases, these designations are claimed as trademarks or registered trademarks by their respective companies.
CE mark Warning
This is a class B device. In a domestic environment, this product may cause radio interference, in which case the user may be required to take adequate measures.
Federal Communication Commission Interference Statement
This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part 15 of FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television reception, which can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one or more of the following measures:
1. Reorient or relocate the receiving antenna.
2. Increase the separation between the equipment and receiver.
3. Connect the equipment into an outlet on a circuit different from that to which the receiver is connected.
4. Consult the dealer or an experienced radio technician for help.
FCC Caution:
To assure continued compliance (example-use only shielded interface cables when connecting to computer or peripheral devices). Any changes or modifications not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment. This device complies with Part 15 of the FCC Rules. Operation is subject to the Following two conditions: (1) This device may not cause harmful interference, and (2) this Device must accept any interference received, including interference that may cause undesired operation.
R&TTE Compliance Statement
This equipment complies with all the requirements of DIRECTIVE 1999/5/EC OF THE EUROPEAN PARLIAMENT AND THE COUNCIL OF 9 March 1999 on radio equipment and telecommunication terminal Equipment and the mutual recognition of their conformity (R&TTE) The R&TTE Directive repeals and replaces in the directive 98/13/EEC (Telecommunications Terminal Equipment and Satellite Earth Station Equipment) As of April 8, 2000.
WEEE
To avoid the potential effects on the environment and human health as a result of the presence of hazardous substances in electrical and electronic equipment, end users of electrical and electronic equipment should understand the meaning of the crossed-out wheeled bin symbol. Do not dispose of WEEE as unsorted municipal waste and have to collect such WEEE separately.
Safety
This equipment is designed with the utmost care for the safety of those who install and use it. However, special attention must be paid to the dangers of electric shock and static electricity when working with electrical equipment. All guidelines of this and of the computer manufacture must therefore be allowed at all times to ensure the safe use of the equipment.
Revision
User’s Manual for VPN Security Gateway Model: SG-500 Rev: 1.0 (July, 2007)
Part No: EM-SG500v1
Table of Contents
CHAPTER 1: INTRODUCTION ...................................................................... 1
1.1 FEATURES....................................................................................................................................1
1.2 PACKAGE CONTENTS...................................................................................................................2
1.3 VPN SECURITY GATEWAY TOP VIEW ..........................................................................................2
1.4 VPN SECURITY GATEWAY REAR PANEL......................................................................................2
1.5 SPECIFICATION ............................................................................................................................3
CHAPTER 2: SYSTEM................................................................................... 4
2.1 ADMINISTRATION ........................................................................................................................4
2.2 ADMIN.........................................................................................................................................5
2.3 PERMITTED IPS ...........................................................................................................................8
2.4 LOGOUT ......................................................................................................................................9
2.5 SOFTWARE UPDATE ...................................................................................................................10
2.6 CONFIGURE ...............................................................................................................................11
2.7 SETTINGS ..................................................................................................................................12
2.8 DATE/TIME................................................................................................................................22
2.9 MULTIPLE SUBNET ....................................................................................................................23
2.10 ROUTE TABLE..........................................................................................................................28
2.11 DHCP.....................................................................................................................................32
2.12 DDNS.....................................................................................................................................34
2.13 HOST TABLE............................................................................................................................36
2.14 LANGUAGE..............................................................................................................................37
CHAPTER 3 INTERFACE............................................................................. 38
3.1 INTERFACE ................................................................................................................................39
3.2 LAN..........................................................................................................................................42
3.3 WAN.........................................................................................................................................43
3.4 DMZ.........................................................................................................................................48
CHAPTER 4 POLICY OBJECT..................................................................... 50
4.1 ADDRESS...................................................................................................................................50
4.2 EXAMPLE ..................................................................................................................................53
4.3 SERVICE ....................................................................................................................................60
4.4 CUSTOM ....................................................................................................................................63
4.5 GROUP ......................................................................................................................................67
4.6 SCHEDULE.................................................................................................................................70
4.7 QOS ..........................................................................................................................................73
4.8 EXAMPLE ..................................................................................................................................77
4.9 AUTHENTICATION......................................................................................................................79
4.10 EXAMPLE ................................................................................................................................85
4.11 CONTENT BLOCKING...............................................................................................................89
4.12 URL........................................................................................................................................93
4.13 SCRIPT.....................................................................................................................................96
4.14 P2P .........................................................................................................................................98
4.15 IM.........................................................................................................................................100
4.16 DOWNLOAD...........................................................................................................................102
4.17 VIRTUAL SERVER...................................................................................................................104
4.18 EXAMPLE ..............................................................................................................................108
4.19 IPSEC VPN...........................................................................................................................122
CHAPTER 5 POLICY.................................................................................. 223
5.1 POLICY....................................................................................................................................225
5.2 EXAMPLE ................................................................................................................................229
CHAPTER 6 WEB VPN / SSL VPN............................................................ 247
6.1 SETTINGS ................................................................................................................................250
CHAPTER 7 ANOMALY FLOW IP.............................................................. 260
7.1 SETTINGS ................................................................................................................................261
CHAPTER 8 MONITOR.............................................................................. 271
8.1 LOG........................................................................................................................................271
8.2 TRAFFIC LOG...........................................................................................................................273
8.3 EVENT LOG .............................................................................................................................278
8.4 CONNECTION LOG...................................................................................................................281
8.5 LOG BACKUP...........................................................................................................................284
8.6 ACCOUNTING REPORT .............................................................................................................286
8.7 OUTBOUND .............................................................................................................................289
8.8 INBOUND.................................................................................................................................295
8.9 STATISTICS ..............................................................................................................................301
8.10 WAN.....................................................................................................................................303
8.11 POLICY..................................................................................................................................305
8.12 WAKE ON LAN......................................................................................................................307
8.13 STATUS ..................................................................................................................................309
8.14 INTERFACE ............................................................................................................................310
8.15 AUTHENTICATION..................................................................................................................312
8.16 ARP TABLE ...........................................................................................................................313
8.17 DHCP CLIENTS.....................................................................................................................314

Chapter 1: Introduction

The innovation of the Internet has created a tremendous worldwide venue for E-business and information sharing, but it also creates network security issues. New model of Planet’s VPN Security Gateway SG-500, a special designed of VPN security gateway, provides SSL and IPSec VPN. The SSL VPN function supports up to 5 SSL VPN connection tunnels. The IPSec VPN feature provides IKE, SHA-1, and MD5 Authentication. It is specifically designed for SOHO networks.
The SG-500 provides Content Blocking feature to block specific URL, Script, IM, P2P, and download file. Also, it is built-in Anomaly Flow IP function. This function supports Hacker and Blaster Alert. An administrator could use this function to watch and track an attacker. Also, the QoS function provides Guaranteed Bandwidth and Priority Bandwidth Utilization.
Both the NAT mode and DMZ mode are supported, and therefore can maintain the existing network infrastructure without reconfiguring. The SG-500 provides policy-based firewall protection and several hacker protections to prevent hackers’ attack. Besides, the comprehensive alarm and log function allow the network manager to easily enhance the security of local network.

1.1 Features

z One 10/100Mbps LAN, DMZ, and WAN port z NAT mode and DMZ mode z DMZ mode requires no changing for the original network structure z The VPN security gateway supports SSL VPN and IPSec VPN. The SSL VPN function
supports up to 5 SSL VPN connection tunnels. The IPSec VPN has DES, 3DES, and AES encryption and SHA-1 / MD5 authentication. The network traffic over public Internet is secured.
z Traffic classification based on IP, IP range/subnet, and TCP/UDP port range z Guaranteed and maximum bandwidth with three levels of priorities z Policy-based bandwidth management z Assign daily and weekly access schedule to each individual policy z Professional Monitor function includes Log, Accounting Report, Statistics, and Status z MRTG-like Traffic Statistics, easy to trace and analyze z Multi-Servers Load Balancing z Dynamic DNS and DHCP server functions z Content Filter includes URL, Script, P2P, IM, and Download blocking z Hacker Alert and Anomaly Flow Detection z Virtual Server and IP mapping (Multi-DMZ Host) z Multi-language Web UI and easy to manage z User authentication based on user name and password
- 1 -

1.2 Package Contents

The following items should be included:
VPN Security Gateway Power Adapter Quick Installation Guide User’s Manual CD RJ-45 cable Wall-mount kit
If any of the contents are missing or damaged, please contact your dealer or distributor immediately.

1.3 VPN Security Gateway Top View

LED Description PWR Power is supplied to this device. WAN Steady on indicates the port is connected to other network
device. Blink to indicates there is traffic on the port
LAN Steady on indicates the port is connected to other network
device. Blink to indicates there is traffic on the port
DMZ Steady on indicates the port is connected to other network
device. Blink to indicates there is traffic on the port

1.4 VPN Security Gateway Rear Panel

Port or button Description Power 12V DC, 1.5A
- 2 -
RESET WAN
Press this button to restore to factory default settings. Connect to your xDSL/Cable modem or other Internet
connection device
LAN
Connect to your local PC, switch, or other local network device
DMZ
Connect to your local PC, switch, or other local network device

1.5 Specification

Product VPN Security Gateway Model SG-500 Hardware
WAN 1 x 10/100Base-TX Connections LAN
DMZ Button Reset button for hardware reset / factory default System LED PWR, WAN, LAN, DMZ Software Maximum Controlled Concurrent Session New Session / Second 1,000 SSL VPN Tunnels Up to 5 tunnels Management Web (English, Traditional Chinese, Simplified Chinese) Operation Mode DMZ_NAT, DMZ_Transparent, NAT WAN connection type in NAT mode Traffic Classification IP, IP subnet, and TCP/UDP port Bandwidth Allocation Policy rules with Inbound/Outbound traffic management
Log Traffic Log, Event Log, Connection Log, Log backup by mail or Statistics WAN port statistics and policy statistics with graph display
Firewall Security Policy-based access control
Hacker Alert and Anomaly Flow Detection
Alarm Traffic alarm for user-defined traffic level
Other Functions Firmware Upgradeable through Web
1 x 10/100Base-TX, Auto-MDI/MDI-X 1 x 10/100Base-TX, Auto-MDI/MDI-X
20,000
PPPoE, DHCP, and Fixed IP
Guaranteed and maximum bandwidth Scheduled in unit of 30 minutes 3 Priorities
syslog server
Stateful Packet Inspection (SPI) Scheduled in unit of 30 minutes Detect SYN Attack, Detect ICMP Flood, Detect UDP Flood, Detect Ping of Death Attack, Detect Tear Drop Attack, Detect IP Spoofing Attack, Filter IP Route Option, Detect Port Scan Attack, Detect Land Attack, Virus-Infected Blocking, E-Mail Alert Notification, NetBIOS Notification
Event alarm for hacker attack The alarm message can sent to administrator by e-mail
NTP support Configuration Backup and Restore through Web Dynamic DNS support Multiple NAT and multiple DMZ (mapped IP) support Multiple server load balancing
- 3 -

Chapter 2: System

2.1 Administration

“System” is the managing of settings such as the privileges of packets that pass through the SG-500 and monitoring controls. The System Administrators can manage, monitor, and configure SG-500 settings. But all configurations are “read-only” for all users other than the System Administrator; those users are not able to change any setting of the SG-500.
- 4 -

2.2 Admin

Define the required fields of Administrator
Administrator Name:
The user name of Administrators and Sub Administrator for the SG-500. The admin user name
cannot be removed; and the sub-admin user can be removed or configure.
The default Account: admin; Password: admin
Privilege:
The privileges of Administrators (Admin or Sub Admin). The user name of the main
Administrator is Administrator with reading / writing privilege. Administrator also can change the system setting, log system status, and to increase or delete sub-administrator. Sub-Admin may be created by the Admin by clicking
New Sub Admin
. Sub Admin have
only read and monitor privilege and cannot change any system setting value.
Configure:
Click Modify to change the “Sub-Administrator’s” password or click Remove to delete a “Sub
Administrator.”
- 5 -
Adding a new Sub Administrator
STEP 1In the Admin Web UI, click the New Sub Admin button to create a new Sub
Administrator.
STEP 2In the Add New Sub Administrator Web UI and enter the following setting:
Sub Admin Name: sub_admin Password: 12345 Confirm Password: 12345
STEP 3Click OK to add the user or click Cancel to cancel it.
Add New Sub Admin
- 6 -
Modify the Administrator’s Password
STEP 1In the Admin Web UI, locate the Administrator name you want to edit, and click on
Modify in the ConFigure field.
STEP 2﹒The Modify Administrator Password Web UI will appear. Enter the following
information:
Password: admin New Password: 52364 Confirm Password: 52364
STEP 3Click OK to confirm password change.
Modify Admin Password
- 7 -
Loading...
+ 28 hidden pages