Stonesoft StoneGate SG-250, StoneGate SG-200 Quick Start Manual
StoneGate
SG-250/SG-200
Quick Start Guide
StoneGate SG-250/SG-200 Quick Start Guide 1
Copyright © 2001–2005 Stonesoft Corp. Stonesoft Corp. All rights reserved. No part of this
book may be reproduced or transmitted in any form or by any means, electronic or mechanical,
including photocopying, recording, or by any information storage and retrieval system, without
permission in writing from Stonesoft Corporation.
Stonesoft Corporation Stonesoft Inc. Stonesoft Corporation
Itälahdenkatu 22 A South Terraces, Suite 1000 90 Cecil Street, #13-01
FIN-00210 Helsinki 115 Perimeter Center Place 069531 Singapore
Finland Atlanta, GA 30346 USA
Trademarks and Patents
Stonesoft, the Stonesoft logo, StoneBeat, FullCluster, ServerCluster, StoneGate, and
WebCluster are trademarks or registered trademarks of Stonesoft Corporation in the United
States and/or other countries. Multi-link technology, multi-link VPN, and the StoneGate
clustering technology-as well as other technologies included in StoneGate-are protected by
patents or pending patent applications in the U.S. and other countries.
Sun™, Sun Microsystems™, the Sun™ Logo, Solaris™, and Java™ are trademarks or
registered trademarks of Sun Microsystems, Inc. in the United States and other countries. All
SPARC™ trademarks are used under license and are trademarks or registered trademarks of
SPARC International, Inc. in the United States and other countries. Products bearing SPARC
trademarks are based upon an architecture developed by Sun Microsystems, Inc.
Windows®, Windows NT®, and Microsoft® are trademarks or registered trademarks of
Microsoft Corporation in the United States and/or other countries.
Linux™ is a registered trademark of Linus Torvalds.
Syntax™ is a registered trademark of Linotype-Hell AG and/or its subsidiaries.
All other trademarks or registered trademarks are property of their respective owners.
The products described in this documentation are also protected by one or more of U.S.
Patents and European Patents: U.S. Patent No. 6,650,621, European Patents No. 1065844,
1289202, and may be protected by other U.S. Patents, foreign patents, or pending applications.
Disclaimer
Although every precaution has been taken to prepare these materials, Stonesoft assumes no
responsibility for errors, omissions, or resulting damages from the use of the information
contained herein. All IP addresses in these materials were chosen at random and are used for
illustrative purposes only. They are not intended to represent the IP addresses of any specific
individual or organization.
THESE MATERIALS ARE PROVIDED "AS-IS." STONESOFT MAKES NO
WARRANTIES, EXPRESS OR IMPLIED, AS TO, THE INFORMATION CONTAINED
HEREIN. IN ADDITION, STONESOFT MAKES NO EXPRESS OR IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
PURPOSE OR USE WITH RESPECT THE INFORMATION OR TECHNIQUES
CONTAINED IN THESE MATERIALS. IN NO EVENT SHALL STONESOFT BE
LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL OR INCIDENTAL
DAMAGES, INCLUDING, BUT NOT LIMITED TO, LOST PROFITS OR LOSS OR
DAMAGE TO DATA ARISING FROM THE USE OF THESE MATERIALS, EVEN IF
ADVISED IN ADVANCE OF THE POSSIBILITY OF SUCH DAMAGES.
Revision: SGHGS-250/200_100_16/03/2005
2
1. Introduction
Thank you for choosing Stonesoft’s StoneGate™ High Availability
Firewall and VPN.
The StoneGate security appliances are optimized for the most demanding
network environments, yet easy to deploy, easy to use and centrally
managed, making them extremely cost-effective. The product family
includes a range of appliances from small office/branch office systems to
high-end enterprise firewall and VPN gateways.
The following firewall/VPN devices are available:
• SG-3000/SGS-3000
• SG-1000/SGS-1000
• SG-570/SGS-570
• SG-500/SGS-500
• SG-250/SGS-250
• SG-200/SGV-200/SGS-200
Introduction
• A “V” designator (for example, SGV-200) indicates that particular
model is customized for operating a VPN only.
• An “S” designator (e.g., SGS-500) indicates that that particular model
is customized for operating a Single Site installation (SGS).
Note – The SG-250 and the SG-200 appliance families are treated as the
same in this installation guide as are the SGV models. When settings for
the SG-250 appliance family differ from the SG-200, or SGV models
from SG models, they are stated separately.
ILLUSTRATION 1 SG-250
StoneGate SG-250/SG-200 Quick Start Guide 3
ILLUSTRATION 2 SG-200/SGV-200/SGS-200
This guide is designed to show you how to set up quickly the device.
Then more detail is given in order to familiarize you better with the SG250/SG-200.
•Section 2. Before You Begin, on page 5, gives recommendations on how
to ensure proper operation of the device.
•Section 3. Initial Configuration, on page 7, describes how to initially
configure the device so that you can continue the installation with the
StoneGate Installation Guide.
•Section 4. Device Introduction, on page 19, gives an introduction to the
device features in more detail.
•Section 5. System Safety, on page 22, lists safety precautions you must be
aware of.
•Section 6. System Specifications, on page 24, describes the system
specifications in more detail.
4
2. Before You Begin
You should inspect the box the Stonesoft SG-250/SG-200 was shipped
in and note if it was damaged in any way. If the device itself shows
damage you should file a damage claim with the carrier who delivered it.
Likewise, you should confirm that the Stonesoft anti-tamper tape on the
chassis is intact.
Decide on a suitable location for the Stonesoft SG-250/SG-200. It
should be situated in a clean, dust-free area that is well ventilated. Avoid
areas where heat, electrical noise, and electromagnetic fields are
generated. You will also need it placed near a grounded power outlet. It is
recommended to use a regulating uninterruptible power supply (UPS) to
protect the device from power surges, voltage spikes and to keep your
system operating in case of a power failure.
2.1 SGS-Specific Information
Before You Begin
With StoneGate Appliance Solution for Single Site you get one POS
(Proof-Of-Serial number) attached to the appliance, that combines the
licenses of the Local StoneGate Management Center (SMC) and the
StoneGate Appliance. The local SMC can manage a single gateway or a
cluster on that one site. The SMC needs to be installed on hardware of its
own (see the specifications below). Should you want to install a cluster,
you need to select same type of appliance for additional nodes, as you
have purchased for this initial setup (e.g., SG-200, SG-500-50, SG-500-
100).
Technical Specifications of the SMC
The latest hardware requirements and recommended platform hardware
for this edition of StoneGate can be found on our website at http://
www.stonesoft.com/products/StoneGate/Technical_Requirements.
Basic Management System Hardware Requirements
Management Server: Pentium II processor or higher recommended
(suggested minimum processor speed is 500 MHz) or equivalent on a
non-Intel platforms
Log Server: Pentium III processor or higher is recommended (suggested
minimum processor speed is 700 MHz) or equivalent on a non-Intel
platform.
• A mouse or pointing device (for GUI only)
StoneGate SG-250/SG-200 Quick Start Guide 5
• SVGA (800x600) display or higher (for GUI only)
• 256 MB RAM minimum (512 MB recommended, for larger
installations 1 GB recommended)
• Disk space of Management Server database: 50 MB recommended
• Disk space of Log Server database (minimum suggested):
• For evaluation use: 4 GB
• For normal use: 20 GB (separate hard disk recommended)
• For direct archiving with high volumes: separate disk for archive files, 80
GB or greater
Operating Systems
StoneGate Management System supports the following operating systems
and versions - detailed information about supported versions and service
packs can be found at http://www.stonesoft.com/products/StoneGate/
Technical_Requirements:
•Microsoft
® Windows® XP (U.S. English)
• Microsoft Windows 2000 (U.S. English)
•Windows NT
® 4.0 (U.S. English)
•Red Hat® Linux®
•Sun. Solaris
6
3. Initial Configuration
Your StoneGate SG-250/SG-200 comes pre-loaded with StoneGate
engine software. However, before a security policy can be loaded on the
device you have to perform the initial engine configuration. For SGS
models you also need to install the Management Server before you can
proceed with the initial engine configuration.
3.1 Configuration Overview
The initial engine configuration involves the following steps:
1. Installing the Management Server (for SGS only!)
2. Defining the firewall on the Management Server
3. Saving the initial configuration
4. Connecting the cables
5. Setting up a terminal
6. Starting up the device
Initial Configuration
7. Performing the initial using the configuration wizard
3.2 Installing the Management Server
This step is only done for the Single Site Solution (SGS). If you are not
using SGS skip this step and continue with the next one Section 3.3
Defining Firewalls on the Management Server, on page 7.
Install the Management Server, the Log Server(s), and the GUI client.
The detailed installation instructions can be found in the StoneGate
Installation Guide. For more thorough explanation on using StoneGate,
please refer to the StoneGate Administrator’s Guide and the Administrator’s
Reference.
After installing the Management Server for SGS continue on to the next
step Section 3.3 Defining Firewalls on the Management Server, on page 7.
3.3 Defining Firewalls on the Management Server
Before the engine can be configured the corresponding firewall or firewall
cluster element must be defined on the Management Server. For more
information, see Chapter 5, Defining a Single Firewall or Firewall Cluster in
the StoneGate Installation Guide.
StoneGate SG-250/SG-200 Quick Start Guide 7
Caution – Due to memory constraints, SG-250/SG-200-class
appliances lack enough free swap space to pass the Free Swap Space
test that is enabled by default when defining firewall clusters.
Therefore, you need to disable the Free Swap Space test in the
Management Server before installing the security policy on to a cluster
of appliances. In the StoneGate Control Panel, open up the appliance
cluster's properties, then Teste r S ett in gs and disable the Free Swap
Space test.
3.4 Saving the Initial Configuration
After the firewall or firewall cluster element has been defined on the
Management Server, the initial configuration data must be generated.
This initial configuration data includes the key fingerprint and the onetime password for contacting the Management Server.
▼ To generate initial configuration information:
1. Start the StoneGate GUI, the Control Panel appears.
ILLUSTRATION 3 StoneGate Control Panel
2. On the control panel, right-click on the name of the firewall and
click Save Initial Configuration. The Select a Directory window
appears.
8
Loading...