1. Manuals
  2. Brands
  3. Symantec Manuals
  4. Gateway
  5. 360R - Security Gateway SGS
  6. Installation manual

Symantec 360R - Security Gateway SGS Installation Manual

Gateway security 300 series
Hide thumbs Also See for 360R - Security Gateway SGS:
Table of Contents

Advertisement

Quick Links

See also: Administration Manual
Symantec™ Gateway Security
300 Series Installation Guide
Supported models:
Models 320, 360, and 360R

Advertisement

Table of Contents
loading

Related Manuals for Symantec 360R - Security Gateway SGS

Summary of Contents for Symantec 360R - Security Gateway SGS

  • Page 1 Symantec™ Gateway Security 300 Series Installation Guide Supported models: Models 320, 360, and 360R...

  • Page 2: Installation Guide

    Corporation. NO WARRANTY. The technical documentation is being delivered to you AS-IS and Symantec Corporation makes no warranty as to its accuracy or use. Any use of the technical documentation or the information contained therein is at the risk of the user. Documentation may include technical or other inaccuracies or typographical errors.

  • Page 3: Contacting Technical Support

    24 hours a day, 7 days a week worldwide in a variety of languages for those customers enrolled in the Platinum Support program Advanced features, such as the Symantec Alerting Service and Technical ■ Account Manager role, offer enhanced response and proactive security support Please visit our Web site for current information on Support Programs.

  • Page 4: Customer Service

    General product information (features, language availability, local dealers) ■ Latest information on product updates and upgrades ■ Information on upgrade insurance and maintenance contracts ■ Information on Symantec Value License Program ■ Advice on Symantec’s technical support options ■ Nontechnical presales questions ■...

  • Page 5: Table Of Contents

    Contents Chapter 1 Introducing the Symantec Gateway Security 300 Series Intended audience ....................8 Document structure ....................8 Where to get more information ................9 Checking the components list ................9 Replacement CD-ROMs ..................10 Chapter 2 Installing the Symantec Gateway Security 300 Series appliance Planning for installation ..................
  • Page 6 Access lists ....................42 Defining your network architecture ............45 Appendix B Licensing Session licensing for Symantec Gateway Security 300 Series Client-to-Gateway VPN functions ..............47 Additive session licenses ................47 SYMANTEC GATEWAY SECURITY APPLIANCE LICENSE AND WARRANTY AGREEMENT ................48...

  • Page 7: Introducing The Symantec Gateway Security 300 Series

    Remote Office/Branch Office (ROBO) and small office environments, with support for secure wireless LANs in any size office. Symantec Gateway Security 300 Series provides integrated security by offering six security functions in the base product: Firewall ■...

  • Page 8: Intended Audience

    All these features are designed specifically for the small or remote office. These appliances are perfect for stand-alone environments or as a complement to Symantec Gateway Security 5400 Series appliances deployed at hub sites. Symantec Gateway Security 300 Series models are wireless-capable. They have special wireless firmware and a CardBus slot that can accommodate an optional wireless network card consisting of an integrated 802.11b/g radio and antenna,...

  • Page 9: Where To Get More Information

    This guide describes the SGMI. This guide covers topics related to the appliance and its related components, including: base components, access controls, secure tunnels, VPN policies, remote policies, and monitoring controls. It is provided in PDF format on the Symantec Gateway Security 300 Series software CD-ROM. Checking the components list...

  • Page 10: Replacement Cd-Roms

    10 Introducing the Symantec Gateway Security 300 Series Replacement CD-ROMs Table 1-2 Components list (Continued) Part Description Symantec Gateway Security AVpe 300 Series software CD- AVpe client activation registration file ■ Documentation Symantec Gateway Security 300 Series ■ Administrator’s Guide (PDF) Symantec Gateway Security 300 Series Getting Started ■...

  • Page 11: Chapter 2 Installing The Symantec Gateway Security 300 Series Appliance

    Installing the appliance ■ Configuring the appliance ■ This chapter contains information about preparing to install the Symantec Gateway Security 300 Series appliance, connecting it to the network, and turning on the power. Planning for installation Before you install your appliance, remove plastic cover sheet from the top of the appliance.

  • Page 12: Installing The Appliance

    ■ Install the appliance in an area that is out of the way of foot traffic. Installing the appliance This section describes the back panel of Symantec Gateway Security 300 Series models 320, 360, and 360R. Figure 2-1 shows the back panel of model 320.
  • Page 13 Installing the Symantec Gateway Security 300 Series appliance Installing the appliance Table 2-1 describes the features and icons on the back panel of all the models. Table 2-1 Symantec Gateway Security 300 Series back panel features Location Icon Feature Description...

  • Page 14: Connecting The Appliance To The Network

    You install the appliance by connecting it to your network with the LAN and WAN ports on the back panel of the appliance. Symantec Gateway Security 300 Series models 320, 360, and 360R have different numbers of LAN and WAN ports.

  • Page 15: Configuring The Appliance

    Installing the Symantec Gateway Security 300 Series appliance Configuring the appliance To connect the power cord to your appliance Plug the power cord into the power socket on the back panel (6). Connect the power cord from the appliance into an electrical outlet.
  • Page 16 16 Installing the Symantec Gateway Security 300 Series appliance Configuring the appliance...

  • Page 17: Running The Setup Wizard

    About the Setup Wizard The Setup Wizard guides you through the steps required to connect your Symantec Gateway Security 300 Series WAN port (WAN 1 on models 360 and 360R) to the Internet, a corporate network, or any other external private or public network.
  • Page 18 18 Running the Setup Wizard Understanding connection types accounts are broadband cable, DSL, T1/E1, or T3 connected to a terminal adaptor. Note: Connect only RJ-45 cables to the WAN ports. The following tables describe the supported connection types. The Connection type column is the option button you click on the Main Setup tab or in the Setup Wizard.

  • Page 19: Dhcp

    Channel Service Unit/Digital Service Unit (CSU/DSU) Direct Ethernet Ethernet cable (usually an enclave connection network) PPTP PPTP DSL modem with Ethernet cable The following connection methods are supported by Symantec Gateway Security 300 Series: DHCP ■ ■ Static IP address ■ Dial-up/ISDN ■...

  • Page 20: Dsl

    20 Running the Setup Wizard Understanding connection types DSL ISPs provide Internet service by allocating IP addresses by DHCP, or they may assign your account a static IP address. DSL ISPs use Point-to-Point Protocol over Ethernet (PPPoE) or Point-to-Point Tunneling Protocol (PPTP) technologies for user authentication of network connections.

  • Page 21: Static Ip Address

    TCP/IP-based network. Symantec Gateway Security 300 Series appliances act as a PPTP access client (PAC) when you connect to a PPTP Network Server (PNS), generally with your ISP.

  • Page 22: Dial-Up/Isdn

    (RJ-11 connector). ISDN is a digital dial-up account type that uses a special telephone line. On the Symantec Gateway Security 300 Series appliance, you can use a dial-up account as your primary connection to the Internet, or as a backup to your dedicated account.

  • Page 23: Running The Setup Wizard

    360 and 360R appliances. Figure 3-2 Rear panel of Symantec Gateway Security model 360 and 360R appliances Serial port Before configuring the appliance to use your dial-up account as either the...

  • Page 24: Before You Begin

    If the WAN port is not active, the Setup Wizard guides you through entering ISP-specific connection parameters. LiveUpdate enables customers to keep their Symantec products up-to-date with the latest revision. You should run LiveUpdate as soon as your appliance is connected to the Internet.

  • Page 25: Setting Up Dialup/Isdn

    Browse to the appliance IP address. By default, the IP address is 192.168.0.1. In the Symantec Gateway Security 300 Series panel, select a language. When you select a language, it is the language in which the Setup Wizard proceeds, as well as the language which is used on the appliance.

  • Page 26: Configuring A Dhcp Connection

    26 Running the Setup Wizard Running the Setup Wizard Dial-up Telephone 2 Optionally, type a backup dial-up telephone number. Dial-up Telephone 3 Optionally, type a backup dial-up telephone number. Under ISP-provided static IP address, in the IP address text boxes, type the static IP address, if you have one.

  • Page 27: Configuring A Dsl Connection

    Running the Setup Wizard Running the Setup Wizard In the Broadband Cable Connection panel, in the Computer or gateway MAC address text boxes, type the physical address. Change this value only if required by your ISP. Click Next. Skip to “To complete the Setup Wizard”...

  • Page 28: Completing The Setup Wizard

    28 Running the Setup Wizard Running the Setup Wizard To configure a static IP address connection Run the Setup Wizard. “Starting the Setup Wizard” on page 24. In the Connection Settings panel, click Static IP. In the Broadband connection using a Static IP panel, do the following: IP Address Type the static IP address.

  • Page 29: Access The Security Gateway Management Interface (Sgmi)

    Running the Setup Wizard Access the Security Gateway Management Interface (SGMI) Gateway Host Name Type the name of the gateway host. You can leave the default value, or change it if required by your ISP or leave it blank. Enable If you do not want to permit PING requests, under Block ICMP Requests, click this option button.
  • Page 30 This is the default IP address of the appliance. Once you have logged in to the SGMI, you can change the IP address. The administration user name is always admin. The SGMI login is case- sensitive. For more information about configuring the appliance, see Symantec Gateway Security 300 Series Administrator’s Guide.

  • Page 31: Appendix A Developing A Pre-Installation Security Plan

    This appendix provides basic guidelines for developing an overall security plan. Developing a security plan is your first step in your installation process and helps you collect the information needed to install Symantec Gateway Security 300 Series. The process of developing a security plan consists of three basic steps: Defining your security policy ■...

  • Page 32: Before Writing Your Security Plan

    ■ Information in files and databases ■ The Symantec Gateway Security 300 Series firewall is the main tool for enforcing security, allowing you to define a security policy that allows or denies access to specific resources throughout your network. Before writing your security plan Before you write rules to implement your plan using the Symantec Gateway Security 300 Series Administrator’s Guide, answer the following questions:...

  • Page 33: Becoming Security-Conscious

    Developing a pre-installation security plan Educating users What type of authentication will you require for external users? (Symantec ■ recommends strong authentication for any access from public networks.) If you are implementing VPN tunnels between any internal and external ■...

  • Page 34: Involving The User Community

    34 Developing a pre-installation security plan Filling out worksheets Involving the user community When developing the details of your security plan, you should solicit the input of group managers or leaders on what services they require, for what users, and so on.
  • Page 35 Developing a pre-installation security plan Filling out worksheets To define your existing organization Does your organization have a security policy? _____ Yes _____ No If you checked No, refer to the first part of this chapter for information relating to the development of a security policy. Number of users behind your security gateway: _____ Do you plan to establish special groups or users with different levels of...
  • Page 36 ______________________________________________________________________ ______________________________________________________________________ 11 Do you plan to manage the security gateway remotely? _____ Yes _____ No 12 Do you have other Symantec security gateways on your network now? _____ Yes _____ No 13 If Yes, what product and version? ________________________________...

  • Page 37: Site Hardware Information

    To collect hardware information for your site Type the Symantec System ID of the appliance: ____________________________________ Select type and quantity of network interface cards. _____ Ethernet qty:...

  • Page 38: Tcp/Ip Address

    Are there any other Internet connections besides the firewall (such as modems connected to workstations)? _____ Yes _____ No Will you be using Symantec Client VPN? _____ Yes _____ No TCP/IP address It is important to think about the TCP/IP requirements for your site. This...
  • Page 39 _____ Unregistered IP address Your connection to the Internet must have at least one public network address. Symantec is not responsible for acquiring or registering public IP addresses. The internal (behind the firewall) addresses do not have to be legal or registered. Symantec strongly recommends that you use private, RFC 1918-compliant addresses internally.

  • Page 40: Allowed Tcp/Ip Services

    40 Developing a pre-installation security plan Filling out worksheets Allowed TCP/IP services Use the following tables to define all the allowed TCP/IP services in your network. To define allowed TCP/IP services Table A-2 and check the access type (if any) you will allow for the following services: Table A-2 Allowed TCP/IP access type...
  • Page 41 Developing a pre-installation security plan Filling out worksheets Table A-3 Special services names Service name Service port Service type Server name number (UDP/TCP) Table A-4 to list your TCP/IP services. Table A-4 TCP/IP services Group Authentication Telnet HTTP Other Over time, you will likely refine these permissions. You should make periodic updates to this list.

  • Page 42: Web Service Information

    _____ Yes _____ No If yes, select the location of the Web server: _____ Internal to the Symantec Gateway Security 300 Series _____ External to the Symantec Gateway Security 300 Series Notate the Web server name and IP address: Name:_______________...
  • Page 43 Developing a pre-installation security plan Filling out worksheets Entities allowed through the Symantec Gateway Security 300 Series security gateway Table A-5 to list all allowed entity identifications. Table A-5 Entity identification IP address/DNS name Entity type Internal/external Users allowed through the security gateway Table A-6 to list all allowed user identities.
  • Page 44 44 Developing a pre-installation security plan Filling out worksheets Allowed Web sites Table A-7 to list all the Web sites users can view that are specified in content filtering Allow lists. Table A-7 Allowed Web sites Web site name comments Denied Web sites Table A-8 to list all Web sites users cannot view specified in content...

  • Page 45: Defining Your Network Architecture

    IP address and network mask. Table A-9 to create a list of all internal servers. Your external network consists of at least the Symantec Gateway Security 300 Series host and a router. Table A-9 Internal network servers...
  • Page 46 46 Developing a pre-installation security plan Filling out worksheets Table A-11 to list your router IP addresses. Table A-11 Router IP addresses Router IP addresses Your external network can also include external servers, such as an external Web server. Use Table A-12 to list all external network servers.

  • Page 47: Appendix B Licensing

    300 Series Client-to-Gateway VPN functions Symantec Client VPN software may licensed for an appliance. The Symantec Client VPN software version must be listed as supported in the Symantec Gateway Security 300 Series Release Notes. The Client-to-Gateway VPN add-on is licensed by the maximum number of concurrent VPN sessions allowed. The appliance comes with a license for one Client-to-Gateway VPN session.

  • Page 48: Symantec Gateway Security Appliance License And Warranty Agreement

    Software that the Licensor may furnish to You . Except as may be modified by a Symantec license certificate, license coupon, or license key (each a "License Module") which accompanies, precedes, or follows this license, and as may be...

  • Page 49: Limited Warranty

    (30) days from the date of original purchase of the Appliance. Your sole remedy in the event of a breach of this warranty will be that Symantec will, at its option, repair or replace any defective Software returned to Symantec within the warranty period or refund the money You paid for the Appliance.
  • Page 50 Appliance, Symantec will return such repaired or replacement Appliance to You, freight and insurance prepaid. In the event that Symantec, in its sole discretion, determines that it is unable to replace or repair the Hardware, Symantec will refund to You the F.O.B.
  • Page 51 Symantec products to any military entity not approved under the EAR, or to any other entity for any military purpose, nor will it sell any Symantec product for use in connection with chemical, biological, or nuclear weapons or missiles capable of delivering such weapons.
  • Page 52 52 Licensing SYMANTEC GATEWAY SECURITY APPLIANCE LICENSE AND WARRANTY AGREEMENT...

  • Page 53: Appendix C Specifications And Safety

    Safeguard instructions ■ Product certifications ■ This appendix lists the product specifications and safety certifications. Product specifications Each respective Symantec Gateway Security 300 Series model offers increased performance and these different specifications are listed in Table C-1. Table C-1 Product specifications...
  • Page 54 54 Specifications and safety Product specifications Table C-1 Product specifications (Continued) Parameter Model 320 Model 360 and 360R Operating 32 to 104° F (0 to 40° C) 32 to 104° F (0 to 40° C) temperature range Non-operating -4 to 149° F (-20 to 65° C) -4 to 149°...

  • Page 55: Safeguard Instructions

    Warning: To reduce the risk of electrical shock, do not disassemble this product. Return it to Symantec when service or repair work is required. Opening or removing covers may expose you to dangerous voltage or other risks. Incorrect reassembly can cause electric shock when this product is subsequently used.
  • Page 56 Warning: Electrical current from power, telephone, and network cables is hazardous. Operating the unit in an equipment rack ■ If you plan to install the Symantec Gateway Security 300 Series in an equipment rack, use these precautions: Ensure the ambient temperature around the appliance (which may be ■...

  • Page 57: Product Certifications

    Specifications and safety Product certifications Product certifications These appliances have been certified for the following electrical and safety standards: EMC: FCC Part 15 Class B ■ ICES-003 (Canada) ■ EN 301.489-1 & -17 ■ EN55022 (1998), Class B Emissions (Radiated & Conducted) ■...
  • Page 58 58 Specifications and safety Product certifications...

  • Page 59: About Leds

    ■ About LEDs The front panel on Symantec Gateway Security 300 Series models 320, 360, and 360R have LED lights that indicate the status of the appliance. Each LED indicates status of a different part of the appliance, such as the LAN and WAN ports.

  • Page 60: Interpreting The Leds

    60 LEDs and DIP switches About LEDs Table D-1 describes each LED. Table D-1 LEDs Location Symbol Feature Description Power Illuminates when the appliance is turned Error Illuminates if there is a problem with the appliance. Transmit Illuminates or flashes when traffic is being passed over the LAN or WAN ports.

  • Page 61: Liveupdate Led Status

    LEDs and DIP switches About LEDs Table D-2 LEDs states and appliance status (Continued) Error LED state Transmit LED state Appliance status Flashing Flashing MAC address not assigned. ■ Firmware problem. Appliance is ■ ready for a forced download. Appliance detected an error ■...

  • Page 62: Dip Switches

    DIP switches allow for manual intervention on the appliance to perform tasks like upgrading the firmware, backing up your configuration, and using the serial port for maintenance operations. See Symantec Gateway Security 300 Series Administrator’s Guide for more information. For normal operation, set all the DIP switches to off (down).

  • Page 63: Appendix E About Troubleshooting

    This chapter includes the following topics: Accessing troubleshooting information ■ You can find up-to-date troubleshooting information for Symantec Gateway Security 300 Series (and all Symantec products) on the Symantec Web site, www.symantec.com. Accessing troubleshooting information Use the following procedure to access troubleshooting information from the Symantec Knowledge Base.
  • Page 64 64 About troubleshooting Accessing troubleshooting information On the Search tab, in the text box, type a string containing your ■ question. Use the drop-down list to determine how the search is performed and click Search. On the Browse tab, expand a heading to see knowledge base articles ■...
  • Page 65 Index DIP switches 13, 62 disconnect idle PPPoE connections 20 access lists, checklists 40 documentation administrator password 28 supplied 9 aDSL 20 DSL 17, 18, 20 analog 17 DSL connectivity 19 Analog connections 18 DSL, configuring 27 analog, dial-up accounts 22 appliance back panel 13 installation 11...
  • Page 66 66 Index ports LAN 13 user documentation 9 serial 13 WAN 13 power button 13 power cord 13, 15 WAN ports 13 power socket 13 RJ-45 cables 17 PPPoE Setup Wizard 17 connectivity 18 WAN/ISP multiple IP addresses 20 defined 20 Web service, checklist 42 PPTP (Point-to-Point Tunneling Protocol) 21 worksheets 34...

This manual is also suitable for:

320360

Table of Contents