Page 1
1
Getting started guide
Symantec™ Gateway
Security 300 Series
This guide briefly describes the tasks and information
you need to configure, operate, and maintain your
secuirty gateway and provides references to where you
can find more information.
This guide includes the following topics:
■ Set up an Internet account that all your users can
share. Set up multiple Internet connections for
continuous access.
■ Control traffic to and from your protected network.
■ Secure your network. Grant network access to your
remote users.
■ Prevent and handle attacks. Keep hackers out.
■ Enforce virus protection on your network.
■ Control access to what users on your network can
view.
■ Automatically update your security gateway.
■ Maintain your security gateway.
Set up an Internet account that all your
users can share. Set up multiple Internet
connections for continuous access.
The first time you access the security gateway, the Setup
Wizard guides you through configuring Internet
connectivity for the security gateway. Using the Security
Gateway Management Interface (SGMI), you can
configure a second Internet connection as a backup.
The Internet account or accounts that you set up using
either the Setup Wizard or the SGMI can be shared by all
computers that you connect through the LAN ports, or
that use the security gateway as a wireless access point.
See Chapter 3, “Running the Setup Wizard” in the
Symantec Gateway Security 300 Series Installation Guide
for information on the Setup Wizard.
Symantec Gateway Security 300 Series security gateways
provides additional ports for backup WAN connection
and software that automatically senses failures and
transfers WAN data through the backup connection.
Model 320 has a serial port to which an external dial-up
modem can be attached. Models 360 and 360R have a
second full-speed WAN port, in addition to the serial
port, to ensure continuous access.
See Chapter 3, “Configuring a connection to the outside
network” in the Symantec Gateway Security 300 Series
Administrator’s Guide for information on connecting
your security gateway to the Internet.
Control traffic to and from your protected
network.
Symantec Gateway Security 300 Series protects
enterprise assets and business transactions with one of
the most secure, high-performance solutions for
ensuring safe connections with the Internet and between
networks. The firewall component delivers security and
speed, providing strong and transparent firewall
Page 2
2
protection against unwanted intrusion without slowing
the flow of approved traffic on enterprise networks.
Using rules-based software, the security gateway lets you
define the type of traffic that can enter or leave your
network.
■ Inbound rules control the type of traffic flowing
into application servers on your security gatewayprotected networks. When creating inbound rules,
you must specify the applications server, the service,
protocols, and ports that the rule allows. When an
inbound rule exists, the firewall allows entry for
traffic matching the rule from any external host.
Note: By default, all inbound traffic is blocked.
■ Outbound rules control the type of traffic leaving
your protected network. By default, all internal
computers have no restrictions on outbound access.
When you define an outbound rule for a given
computer group however, all other traffic is blocked
unless an outbound rule is defined to allow it.
The security gateway also lets you configure special
applications that can be used for certain applications
with two-way communication (such as games and video
conferencing). When a special application is enabled, it
acts as a global filter; it is not specific to any computer
group or inbound/outbound rule. When enabled, the
traffic specified can pass in either direction from any
host.
See Chapter 5, “Network Traffic Control” in the
Symantec Gateway Security 300 Series Administrator’s
Guide.
Secure your network. Grant network access
to your remote users.
Symantec Gateway Security 300 Series supports IPseccompliant Virtual Private Network (VPN) technology
that lets you securely extend the boundaries of your
internal network to use insecure communication
channels (such as the Internet or wireless) to safely
transport sensitive data. VPNs are used to allow remote
users or remote networks access to the protected
resources of your network.
Symantec Gateway Security 300 Series supports three
types of VPN tunnels: Gateway-to-Gateway, Client-toGateway, and wireless LAN (WLAN) Client-to-Gateway
tunnels.
Additive license/media kit options for Symantec
Gateway Security 300 Series Client-to-Gateway VPN
software allow concurrent client-to-gateway VPN
tunnels on all models. Licenses are available in 5 and 10
concurrent session increments.
Securing your network connections using VPN
technology is an important step in ensuring the quality
and integrity of your data.
See Chapter 6, “Establishing Secure VPN Connections”
in the Symantec Gateway Security 300 Series
Administrator’s Guide.
Prevent and handle attacks. Keep hackers
out.
The Symantec Gateway Security 300 Series’ intrusion
detection and intrusion prevention (IDS and IPS)
features help you to secure your organization against
unwanted intruders and attacks. They let you monitor
network traffic for suspicious behavior and respond to
detected intrusions in real time.
The intrusion detection component detects intrusion
attempts based on specific atomic signatures including
Teardrop, Back Orifice, Girlfriend, buffer overflows, and
many others. As new firmware packages containing
more atomic signatures become available, Symantec’s
LiveUpdate technology, can download it to address new
threats well before they become security issues.
In addition to preventing attacks based on atomic
signatures, the IDS and IPS components also offer the
following levels of protection:
■ IP spoofing protection
■ IP options verification
■ TCP flag validation
■ Trojan horse protection
■ Port scan detection
See Chapter 8, “Preventing Attacks” in the Symantec
Gateway Security 300 Series Administrator’s Guide.
Page 3
3
Enforce virus protection on your network.
Symantec Gateway Security 300 Series includes an
antivirus policy enforcement (AVpe) feature that lets
you monitor client AV configurations and, if necessary,
enforce security policies to restrict network access to
only those clients who are protected by antivirus
software with the most current virus definitions.
Implementing antivirus protection at each client
computer is an important step in protecting your
network against viruses and other related threats that
may enter your network through other means. The
security gateway’s AVpe feature, when used with
supported Symantec antivirus products, provides a level
of assurance that clients are fully compliant with
network security policies before they are allowed access
to your network.
See Chapter 7, “Advanced Network Traffic Control” in
the Symantec Gateway Security 300 Series Administrator’s
Guide.
Control access to what users on your
network can view.
Symantec Gateway Security 300 Series supports content
filtering for outbound traffic. You use content filtering
to restrict the content to which clients have access. For
example, add to the allow list the URLs to known
business-related sites such as www.cnn.com.
Content filtering is administered through computer
groups. A computer group is a group of computers,
defined in the Firewall section, to which you apply the
same rules. When you define a computer group in the
Firewall section, you specify if the group uses a content
filtering deny or allow list.
See Chapter 7, “Advanced Network Traffic Control” in
the Symantec Gateway Security 300 Series Administrator’s
Guide.
Automatically update your security
gateway.
The key to security is vigilance. One of the best ways to
keep your network secure is to have the latest updates for
your security gateway. You can configure the security
gateway to automatically handle updates using
Symantec’s LiveUpdate technology.
Symantec Gateway Security 300 Series firmware can be
securely and automatically updated without user
involvement to apply updates or protection for new
threats.
When enabled, the LiveUpdate component contacts
Symantec’s LiveUpdate servers and checks for available
updates. If updates are available, the security gateway
downloads and applies them, and then restarts the
security gateway.
The Symantec Gateway Security 300 Series LiveUpdate
feature offers a Scheduler to help you minimize network
downtime from restarts. Using the Scheduler, you can
specify the exact time and day of week that you want the
security gateway to check for firmware updates. This
helps to ensure that network traffic is not interrupted
during peak operating hours.
See chapter 9, “Logging, Monitoring, and Updates” in
the Symantec Gateway Security 300 Series Administrator’s
Guide.
Maintain your security gateway.
After you have installed and configured the functionality
on your security gateway, you should perform periodic
maintenance tasks. Use this list as a basis to create your
own maintenance routine.
Based on growth
■ Build VPN Gateway-to-Gateway tunnels to business
partners and remote offices.
As you create relationships and expand to remote
offices, secure your traffic with VPN Gateway-toGateway tunnels. See Chapter 6, “Establishing
secure VPN connections” in the Symantec Gateway
Security 300 Series Administrator’s Guide.
■ Enable secured Client-to-Gateway access to
employees.
■ Expand your secured wireless local area network.
See Symantec Gateway Security 300 Series Wireless
Implementation Guide.
Page 4
4
■ Enable dynamic user authentication for VPN
tunnels.
Dynamic users use RADIUS authentication for
their Client-to-Gateway tunnels. See Chapter 6,
“Establishing secure VPN connections” in the
Symantec Gateway Security 300 Series
Administrator’s Guide.
■ Add new internal users to the security policy.
Daily
■ Monitor the security gateway status.
Current security gateway status is available on the
main page when you log in, or by clicking Logging/
Monitoring > Status. You can get information like
the current build, the current WAN and LAN IP
addresses, and connection states.
Status on many specific features is available in their
respective sections. For example, for status on VPN
tunnels, in the SGMI, click VPN > Status.
■ Respond to new virus threats and attacks.
View the log daily to watch for attack patterns by
clicking Logging/Monitoring > View Log.
Ensure that your clients have a supported Symantec
antivirus client with the latest virus signatures by
enabling AVpe. See Chapter 7, “Advanced network
traffic control” in the Symantec Gateway Security
300 Series Administrator’s Guide.
■ Respond to internal calls on connections blocked by
content filtering or AVpe to help users with their AV
updates.
See Chapter 7, “Advanced network traffic control”
in the Symantec Gateway Security 300 Series
Administrator’s Guide for information on AVpe.
Weekly or monthly
■ Enable access to external applications by internal
users. Enable access for external users to internal
applications.
You enable access to your network with inbound
firewall rules, and enable external access for your
internal users by creating outbound firewall rules.
See Chapter 5, “Network traffic control” in the
Symantec Gateway Security 300 Series
Administrator’s Guide.
■ Troubleshoot user authentication problems with
RADIUS.
Dynamic VPN clients (users) use RADIUS to
authenticate. You must set up a separate RADIUS
server for this authentication. See Chapter 6,
“Establishing secure VPN connections” in the
Symantec Gateway Security 300 Series
Administrator’s Guide.
Monthly
■ LiveUpdate the security gateway to the latest version
of the firmware.
Symantec Gateway Security 300 Series’s LiveUpdate
includes a Scheduler that automatically checks for
firmware updates. You should configure the
Scheduler to check for updates at least monthly.
Also, if you prefer to check for updates manually,
schedule this into regular monthly maintenance.
See Chapter 9, “Logging, monitoring, and
maintenance” in the Symantec Gateway Security 300
Series Administrator’s Guide.
■ Add new sites to the content filtering allow or deny
list.
Periodically you should monitor the types of traffic
that your internal clients are viewing and create
content filtering rules to match your policies for
traffic. See Chapter 7, “Advanced network traffic
control” in the Symantec Gateway Security 300
Series Administrator’s Guide.
Monthly or based on changes at remote sites
■ Improve Gateway-to-Gateway VPN tunnels to
remote offices.
When a remote office goes through a change (new
ISP, new office, moving the servers, and so on), you
may have to improve Gateway-to-Gateway VPN
tunnels. See Chapter 6, “Establishing secure VPN
connections” in the Symantec Gateway Security 300
Series Administrator’s Guide.
Page 5
5
As needed
■ Recover from power failures.
In the event of a power failure, traffic may be
interrupted. You can mitigate interruptions by
backing up the power with a universal power supply
(UPS).
If a LiveUpdate is occurring when the power fails,
the security gateway may revert to the last
successfully applied all.bin version of the firmware.
■ Communicate with Symantec Technical Support for
technical issues.
See Appendix A, “Troubleshooting” in the
Symantec Gateway Security 300 Series
Administrator’s Guide for information on
contacting Symantec Technical Support.
Where to get more information
Online Help is available for each tab by clicking the Help
button (blue circle with a question mark) at the top right
corner of each screen.
The following documents describe the Symantec
Gateway Security 300 Series functionality:
Symantec Gateway Security 300 Series Installation Guide
Symantec Gateway Security 300 Series Administrator’s
Guide
Loading...