1. Manuals
  2. Brands
  3. Multitech Manuals
  4. Gateway
  5. RF600
  6. User manual

Multitech RF600 User Manual

Vpn internet security appliance
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
RF760/660/600VPN
Internet Security Appliance
User Guide

Advertisement

Table of Contents
loading

Related Manuals for Multitech RF600

Summary of Contents for Multitech RF600

  • Page 1 RF760/660/600VPN Internet Security Appliance User Guide...

  • Page 2: Technical Support

    This publication may not be reproduced, in whole or in part, without prior expressed written permission from Multi-Tech Systems, Inc. All rights reserved. Multi-Tech Systems, Inc. makes no representations or warranty with respect to the contents hereof and specifically disclaims any implied warranties of merchantability or fitness for any particular purpose. Furthermore, Multi-Tech Systems, Inc.

  • Page 3: Table Of Contents

    Example 3 – Remote Client-to-LAN Configuration Using DNAT and Aliasing ... 37 Example 4 – Client-to-LAN Configuration Using PPTP Tunneling ... 38 Chapter 5 – URL Categorization ... 39 Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Contents Table of Contents...
  • Page 4 DHCP Server > Subnet Settings...94 DHCP Server > Fixed Addresses ...94 Tracking... 95 Tracking > Accounting ...95 Tracking > Update Services...96 Tracking > Backup...98 Tracking > Version Control ...100 Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Table of Contents...
  • Page 5 V. Access Requests to Firewall Dropped... 146 VI. Administrative Authentication Logs ... 147 VII. Admin Port Access Log ... 147 VIII. Startup History Log... 147 IX. User Log... 147 Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Table of Contents...
  • Page 6 Appendix G – Technical Support... 161 Technical Support Contacts... 161 Recording RouteFinder Information... 161 Appendix H – Multi-Tech Systems, Inc. Warranty and Repairs Policies ... 162 Appendix I – Regulatory Compliance... 164 Appendix J – License Agreements... 166 Multi-Tech Systems, Inc. End User License Agreement (EULA) ...166 GNU GENERAL PUBLIC LICENSE ...168...

  • Page 7: Chapter 1 - Product Description, Features, And Overview

    Chapter 1 – Product Description, Features, and Overview Your Multi-Tech Systems, Inc. RouteFinder Internet security appliance is an integrated VPN gateway/firewall designed to maximize network security without compromising network performance. It uses data encryption, user authentication, and the Internet to securely connect telecommuters, remote offices, customers, and suppliers to the corporate office while avoiding the cost of private leased lines or dial-up charges.

  • Page 8: Feature Highlights

    Comprehensive Service and Support. warranty and service that includes telephone technical support, 24-hour web site and FTP support. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 1 – Product Description, Features, and Overview The RouteFinder plugs in at the Internet connection of each office. It provides three...

  • Page 9: Ship Kit Contents

    Note If any of these items are missing, contact Multi-Tech Systems or your dealer or distributor. Inspect the contents for signs of any shipping damage. If damage is observed, do not power up the RouteFinder VPN; contact Technical Support at Multi- Tech Systems, Inc.

  • Page 10: License Keys

    The VPN tunnel configured for manual mode example and IPSec pass-through in manual mode example. A quick start guide for the add-on product IPSec SSH client. Hard-Disk Drive Recovery. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 1 – Product Description, Features, and Overview...

  • Page 11: Safety Warnings

    Connect like circuits. In other words, connect SELV (Secondary Extra Low Voltage) circuits to SELV circuits and TN (Telecommunications Network) circuits to TN circuits. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 1 – Product Description, Features, and Overview...

  • Page 12: Routefinder Front Panels

    POWER POWER LED - Off when the RouteFinder is in a reset state. When lit, the RouteFinder is not in a reset state. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 1 – Product Description, Features, and Overview...

  • Page 13: Rf600Vpn

    LAN Ethernet port, the ACT LED is off. 100MB 100MB LED - Lights when the LAN client has a valid link at 100MB. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 1 – Product Description, Features, and Overview...

  • Page 14: Routefinder Back Panels

    The RF600VPN back panel has a DB-9 COM1 jack, a DB-15 High-density DSUB (VIDEO) jack, a keyboard jack, an RJ-45 DMZ jack, an RJ-45 WAN jack, an RJ-45 LAN jack, and a POWER jack. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)

  • Page 15: Specifications

    Shared Internet Access Automatic Dial-Backup Integrated Modem PPPoE DHCP Client/Server User Authentication Automatic Firmware Downloads Yes Warranty Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 1 – Product Description, Features, and Overview RF760VPN RF660VPN 3x10/100/1000BaseT 3x10/100BaseT (LAN,WAN, DMZ) (LAN,WAN, DMZ)
  • Page 16 Description Power - Voltage & Frequency Power Consumption Physical Description Operating Environment Approvals Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 1 – Product Description, Features, and Overview RF760VPN RF660VPN 100-240v AC, 50-60 Hz 100-240v AC, 50-60 Hz...

  • Page 17: Overview Of Routefinder Vpn Technology

    • The protocol (e.g. TCP, UDP, ICMP) • The port number Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 1 – Product Description, Features, and Overview firewall you can grant or deny access to services, according to different...

  • Page 18: Protection Mechanisms

    IP address (10.10.10.99, port 80) and the user’s IP. The RouteFinder recognizes the packet by the user address, and it then changes the internal IP (10.10.10.99, port 80) into the external IP address (1.1.1.1, port 80). Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 1 – Product Description, Features, and Overview...
  • Page 19 VPN, Source NAT, Destination NAT, masquerading, and the ability to define static routes make the dedicated firewall an efficient distribution and checkpoint in your network. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 1 – Product Description, Features, and Overview...

  • Page 20: Typical Applications

    The RouteFinder VPN provides a full-featured firewall based on Stateful Packet Inspection technology and NAT protocol to provide security from intruders attempting to access the office LAN. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 1 – Product Description, Features, and Overview...

  • Page 21: Chapter 2 - Installation

    Network Connection – Establish policies for adding new devices and new users to the network, with an approval process, along with the associated security requirements. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 2 – Installation...

  • Page 22: Planning The Network

    If Secure Shell (SSH) is to be used, you must install an SSH client program (e.g., PuTTY in Windows 2000 or the bundled SSH client in most Linux packages). Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) IP Address Net Mask ___.___.___.___...

  • Page 23: Installation Overview

    If the RouteFinder VPN is not properly shut down before switching off Power, the next startup may take a little longer, or in the worst case, data could be lost. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 2 – Installation...

  • Page 24: Setting Up A Workstation And Starting The Routefinder Vpn

    WINIPCFG. In Windows 2000/NT/ME/XP, you can type IPCONFIG. In some environments, one or more Security Alert screen(s) may display. At the initial Security Alert screen, click Yes and follow any additional on-screen prompts. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 2 – Installation...
  • Page 25 The Web Management Home screen is displayed. Web Management software is factory-installed on your RouteFinder. (This is a view of the top part of the Home screen.) (This is a view of the Multi-Tech Systems, Inc. informational part of the Home screen.) Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Use a safe password! Your first name spelled backwards is Chapter 2 –...

  • Page 26: Navigating Through The Screens

    Help Describes what to do on each screen. Logout Logout and return to the login screen. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 2 – Installation Screen Buttons Screen...

  • Page 27: Menus And Sub-Menus

    Packet Filters Accounting Packet Filter Rules Update Services ICMP Backup Advanced Version Control Enable/Disable Log Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Proxy Network Setup HTTP Proxy Interface Custom Filters SMTP Proxy PPPoE SMTP SPAM Filtering DHCP Client...

  • Page 28: Chapter 3 - Configuration

    Set the following: • Set System Time by selecting your Time Zone • Set the current Day, Month, Year, Hour, and Minute Administration System Setup System Time Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 3 – Configuration...

  • Page 29: Second Configuration Step

    This information can be found in the Appendix. RouteFinder VPN Initial Configuration The addresses used in this example are entered through the Wizard Setup. See the screen example on the next page. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)

  • Page 30: The Wizard Setup Screen

    Test your workstation to see that it can access the Internet. If a connection is established, then the settings have been entered correctly. Your Basic Configuration Is Now Complete Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 3 – Configuration...

  • Page 31: Chapter 4 - Configuration Examples

    For details about this and other setups, see the RouteFinder Setup Examples Reference Guide, which is available on the RouteFinder CD and on the Multi-Tech Systems, Inc. Web site at Site A - Static IP Addresses (Input these parameters using the RF660VPN in the home office).
  • Page 32 Networks added using the Add Network/Host on this screen will display in the Remote Gateway IP and Remote LAN dropdown boxes on the VPN > IPSec > IKE screen. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 4 – Configuration Examples...
  • Page 33 Setup Wizard. The rule entered in the Setup Wizard displays in this table as shown here Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 4 – Configuration Examples View Rules by clicking the Show button.
  • Page 34 Establish an IPSec Protocol for your remote branch office access: click on VPN > IPSec. Check the VPN Status box, and then click Save. Click the Add button for Add IKE Connection. The VPN IPSec > IKE screen displays. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 4 – Configuration Examples...
  • Page 35 Then follow the steps for Site A, except that now you will use the parameters for Site B listed in the example on the first page of this chapter. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) SiteA RemoteWAN_IP RemoteLAN Chapter 4 –...

  • Page 36: Example 2 - Remote Client-To-Lan Vpn Configuration

    Local LAN Subnet = LAN Remote IP = Sentinel_Client (remote client static IP) Remote IP = Any (remote client dynamic IP) Remote Subnet = None UID = Disable Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 4 – Configuration Examples...

  • Page 37: Example 3 - Remote Client-To-Lan Configuration Using Dnat And Aliasing

    Use this procedure to configure the RF660VPN with DNAT and Aliasing. This configuration allows a Windows 2000 Remote Client to Telnet through the RF660VPN to several Windows 2000 Systems located on the LAN. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)

  • Page 38: Example 4 - Client-To-Lan Configuration Using Pptp Tunneling

    Tunneling Use this procedure to configure the RF660VPN as a PPTP server for VPN Remote Client Access (aka, PPTP Roadwarrior configuration). (Note: IPX and Netbeui not supported when using PPTP tunneling.) Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)

  • Page 39: Chapter 5 - Url Categorization

    URL Categorization section of this screen displays. The key number is located on the bottom of the RouteFinder chassis and on the front of the Quick Start Guide. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) The URL License number must be entered on the Administration > License Key...
  • Page 40 Categories and Networks / Hosts to bypass URL Filtering. • Click Edit for URL Categories (Allowed/Filtered). Not shown on the screen example above. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) IMPORTANT: It is important that the serial number be entered in upper case.
  • Page 41 VPN. There may be a category you would like to see added or deleted. You can submit sites to be blocked or unblocked. Click the words Click Here to open a proposal screen and send it to SurfControl. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 5 – URL Categorization...

  • Page 42: Chapter 6 - Routefinder Software

    If you close the browser while configuring the RouteFinder, the last session stays active until the end of the time-out, and no new administrator can log in. The timeout period is set at Administration > Administrative Access > Time Before Automatic Disconnect. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software...

  • Page 43: Administration

    Save. You can delete the entry and change it at any time, if desired. At least one email address must be entered in this field. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Administration > System Setup...

  • Page 44: System Logging

    No adjustments from wintertime to summertime should be made, especially if the collected reporting and accounting information is to be further processed. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Administration > System Setup...

  • Page 45: Adminstration > Ssh

    SSH service and click the Add button. Users can be deleted from this list at any time. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Administration > SSH...

  • Page 46: Administration > Sntp Client

    Enter the IP address of the SNTP Server for which the firewall will contact to synchronize its clock. Then click the Save button. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Administration > SNTP Client...

  • Page 47: Administration > Administrative Access

    PC given access to the RouteFinder. You can do this by defining a network with the address of a single computer from the Networks and Services > Networks screen. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Administration > Administrative Access...
  • Page 48 If you check this box, the failed login attempts at the RouteFinder's administrative access interface will be recorded and displayed on the Statistics & Logs > Administrative Authentication screen. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software...

  • Page 49: Administration > Site Certificate

    When the certificate has been added to the Root Store, the Completing the Certificate Manager Import Wizard displays. Click Finish. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Enter the RouteFinder‘s host address. Use the same address that you will use to Chapter 6 –...

  • Page 50: Administration > License Key

    This license key is included with your RouteFinder when it ships, but you must enter the license key to activate the feature. The key number is included on the RouteFinder CD. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software...

  • Page 51: Administration > Intrusion Detection

    After the rules are defined/selected, click the Add button. The commands can be deleted by clicking Delete under the Command option. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Check the box to enable File Integrity Checking. Check the box to enable Network Intrusion Detection for the...

  • Page 52: Administration > Tools

    After clicking the Start button, a new browser window opens with the PING statistics accumulating. "Close the PING Statistics Window to A Sample" PING log is shown below. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Select the number of pings. You can choose 3 (the default), 10 or 100 pings. Enter Chapter 6 –...

  • Page 53: Trace Route

    Enter the port number into the TCP port entry field. Example: Port number 80 for the HTTP service. Start - Start the test connection by clicking the Start button. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) A Sample Trace Route Log A Sample TCP Connect Log Chapter 6 –...

  • Page 54: Administration > System Scheduler

    You may want to record current settings for referencing later on. You have the option to Clear All Logs before resetting the factory defaults. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Administration >...

  • Page 55: Administration > User Authentication > Local Users

    You can edit or delete entries in the table by highlighting the desired entries and clicking Edit or Delete under Command. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Administration > User Authentication > Local Users...

  • Page 56: Administration > User Authentication > Radius & Sam

    RASExpress RADIUS Setup Reference Guide. The guide also gives you step-by-step setup examples and links to Microsoft’s ISA site. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Administration > User Authentication > RADIUS & SAM...

  • Page 57: Sam Prerequisite

    Save After entering the above parameters, click the Save button. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Administration > User Authentication > RADIUS & SAM This is not an Internet domain (e.g., Company.com) but a simple denominator (e.g.,...

  • Page 58: Administration > Restart

    Since the RouteFinder is now also checking the consistency of the file system, it may have to restart up to three times. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Administration >...

  • Page 59: Networks & Services

    IP address 216.200.241.66 Note About Entries: Entries can be made in the dot notation style (e.g. 255.255.255.0 for a class C network). Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Networks & Services > Networks Subnet mask 255.255.255.0...
  • Page 60 Add subnets on IPSec screen Add local and remote IP addresses on PPTP screen Mac address filtering (destination IP address) on the Packet Filters > Advanced screen Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Name IP Address RemoteLAN 192.168.100...

  • Page 61: Networks & Services > Services

    Specifies the ICMP type. It is displayed if the type of protocol is ICMP and the ICMP Type is Redirect Network, Network Unreachable, or Time to Live Exceeded. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software...
  • Page 62 Screen Packet Filter Rules Packet Filters > Advanced Network Intrusion Detection SNAT DNAT Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Fields Add packet filter rules MAC Address Based Filtering Add specific services for Network Intrusion Detection Add rule Add rule Chapter 6 –...

  • Page 63: Networks & Services > Network Groups

    Deleting Networks from a Group Networks can be deleted from the newly created group by clicking the Delete Network button. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Networks & Services > Network Groups...

  • Page 64: Networks & Services > Service Groups

    Use the Services to Add button to add services into the newly named group. Available services are: FTP-CONTROL Deleting Services from a Group Services can be deleted from the newly created group by clicking the Delete Service button. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) H323 IMAP NEWS...

  • Page 65: Proxy

    No unassigned networks can use the HTTP proxy if the proxy is configured in the browser. • You must set up the RouteFinder internal IP and port 3128 • User Authentication is possible only in non-transparent mode. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Proxy...

  • Page 66: Proxy > Http Proxy

    When this is enabled, then cookies in the Web pages will be filtered out before the page is forwarded to the Web client. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Proxy > HTTP Proxy...
  • Page 67 Delete button. The name moves back into the Available list. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Proxy > HTTP Proxy > URL Categorization...
  • Page 68 Available Users list. Notes: Adding New Users: Non-Transparent Mode: Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Proxy > HTTP Proxy > User Authentication New users can be added to the Available Users list on the Administration > User Authentication screen.

  • Page 69: Proxy > Http Proxy > Custom Filters

    Click the Add button to save the name. On this screen List1 has been added as a URL group. After clicking the Add button, the Access Rules section of the screen displays. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software...
  • Page 70 Users from Net2 trying to access google.com will not be allowed to access the site. • Users from any other network will be allowed/denied access based on the URL Categorization rules. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Proxy > HTTP Proxy > Custom Filters...

  • Page 71: Proxy > Smtp Proxy

    To enable SMTP, check the Status box and click the Save button. When enabled, the SMTP Proxy starts functioning and listens on port 25. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software incoming connection is not accepted.
  • Page 72 ID. Click the Save button after a Change Action. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Select the action to be taken on infected emails for SMTP traffic.
  • Page 73 All outgoing mail is then forwarded via the SMTP proxy of the RouteFinder. All settings are immediately active and are preserved after leaving the Proxies > SMTP menu. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software...

  • Page 74: Proxy > Smtp Proxy > Smtp Spam Filtering

    @routefinder.yourdomain.com If you want to block all email from the domain routefinder. yourdomain.com, then add it as @routefinder.yourdomain.com Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) > SMTP SPAM Filtering Check this box to block emails from the IP addresses listed in RBL sites. If Enter any sender’s network name that you wish to bypass the spam filtering process.
  • Page 75 Message Filtering When Message Filtering is checked, the screen expands to display the following fields: Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) SPAM emails with percent-hack can be eliminated by adding *%* to the Bad Patterns Chapter 6 – RouteFinder Software...
  • Page 76 Note: If remote quarantine is enabled, then local quarantine no longer exists. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) If you check this option, then the email message or body will be searched for the Examples of extensions are bmp, exe, gif. Also, double extensions such as If you want to search for the expression as is in the email, then add The wild card ‘*’...

  • Page 77: Proxy > Pop3 Proxy

    Email Address of Virus Account – quarantined emails will be forwarded to this account. Click the Save button. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Check the box to enable POP3 virus scanning of the traffic that goes through the Check this box to have information sent to the administrator.

  • Page 78: Proxy > Pop3 Proxy > Pop3 Spam Filtering

    Once you enter the ID and click the Add button, the ID displays in a list below the entry field. You may enter more than one email ID, and each ID can be deleted. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software...
  • Page 79 If the entry is to be used as a regular expression, the entry should be enclosed in < >. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) xyz*@ abc.com, then all email from the domain abc.com with user names starting with xyz will be marked as SPAM.

  • Page 80: Proxy > Socks Proxy

    SOCKS proxy. If you disable User Authentication, then client applications must be configured with empty user name and password fields! Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Proxy > SOCKS Proxy...
  • Page 81 SOCKS users in the User Authentication > Users section. The left box contains SOCKS users and the right box consists of all the local users who are not allowed to access SOCKS. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software...

  • Page 82: Proxy > Dns Proxy

    This is a list of all the networks which are allowed to access the DNS proxy. Any other requests are not forwarded to the DNS proxy. Note: You can delete these networks at any time. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Proxy > DNS Proxy...

  • Page 83: Network Setup

    FIREWALL.yourdomain.com; the gateway could be your Internet router. A suitable IP address must be entered for each network card. Let‘s assume that you are using a Class-C network for your internal network, in this case the entry for network card 1 could look like the following: Description: INTERNAL IP address: 192.168.2.1 (Default)

  • Page 84: Network Setup > Interface

    Once the name is in this box, you can highlight it and delete it or move it WINS Server WINS Server Enter a name for the WINS Server. Click the Add button. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Network Setup > Interface...

  • Page 85: Network Cards

    Subnet Mask: 255.255.255.0 Caution: When entering a new IP address for Network Card 1, it is possible to “lock yourself out“. If you do, in most cases you will need to reinstall the RouteFinder to re-establish access. Proxy ARP on This Interface If you check the Proxy ARP on This Interface checkbox, the RouteFinder will automatically announce itself as responsible for all packets to destinations for which it has an Interface Route.

  • Page 86: Network Setup > Ppp

    Euro/NAM A list of country/region codes can be found on the Multi-Tech Web site at http://www.multitech.com/PRODUCTS/Categories/Modems/global/configuration.asp#chart Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) To enable PPP Dial Backup for WAN, check the corresponding checkbox. AT Command (hexadecimal) AT%T19,0,34 (default) Chapter 6 –...

  • Page 87: Network Setup > Pppoe

    Check this box if you want to obtain DNS server addresses from the peer (i.e., the ISP). Save Click Save to activate these settings. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Network Setup > PPPoE...

  • Page 88: Network Setup > Dhcp Client

    DHCP Client on WAN To Enable DHCP Client on WAN, check the corresponding checkbox. Save Click the Save button after enabling this function. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Network Setup > DHCP Client...

  • Page 89: Network Setup > Dynamic Dns

    For example, if you have registered test.dyndns.org, and the IP address assigned to it is resolved to a.b.c.d, all the subdomains (e.g., dns.test.dyndns.org) will also be resolved to a.b.c.d. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software...

  • Page 90: Network Setup > Routes

    Add Routes - Interface Route Interface Route Select an already defined network and a network card. The entries are confirmed by clicking the Add button. Also, existing entries can be deleted by highlighting the entry and clicking the Delete button.

  • Page 91: Network Setup > Masquerading

    IP address. For all data packets that are to go into the Internet, the IP address of the sender is exchanged for the IP address of the external network card. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software...

  • Page 92: Network Setup > Snat

    The entry is confirmed by clicking the Add button. Existing entries can be deleted or edited by clicking the Edit or the Delete buttons. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Network Setup > SNAT...

  • Page 93: Network Setup > Dnat

    IP-Range ⇒ IP-Range IP ⇒ IP-Range (load balancing) The “way back" (return) translation is done automatically; you do not need a rule for it. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Network Setup > DNAT...

  • Page 94: Dhcp Server

    DHCP Server Fixed Addresses Add Fixed Address Enter both a MAC address and an IP address. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software DHCP Server > Subnet Settings DHCP Server > Fixed Addresses...

  • Page 95: Tracking

    VPN Accounting VPN-Based Accounting Check the VPN Accounting Status box to have the VPN status monitored by the accounting function. Click the Save button. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Tracking > Accounting...

  • Page 96: Tracking > Update Services

    To ensure that patterns stay up-to-date at all times, the process can be automated by setting a time interval after which the system automatically checks for virus pattern updates at the specified update server. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Tracking > Update Services...
  • Page 97 Virus Update - Livelog After clicking the Virus - Livelog button, a log file of the virus pattern updates will be displayed. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Tracking > Update Services...

  • Page 98: Tracking > Backup

    Once you are sure of the file you want, click the Import button. Passwords will be saved. Note: Backups taken from a previous version cannot be imported. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Tracking > Backup...
  • Page 99 Set the maximum number of backups that you want to be retained in the server. Enter a number between 1-20. Adaptive Database Backup Enables Adaptive Database Backup. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Tracking > Backup...

  • Page 100: Tracking > Version Control

    = no user = root server = /usr/bin/cvs server_args = -f --allow-root=/usr/local/cvs pserver log_on_failure += USERID log_type = FILE /root/bin/temp Restart xinetd Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Tracking > Version Control...

  • Page 101: Packet Filters

    Never place a rule with the entries Any – Any – Any – Accept at the top of your rule set, as such a setting will match all packets, and thus, cause all subsequent rules to be ignored. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Packet Filters >...
  • Page 102 The entries can then be edited. The changes are saved by clicking the Save button. Delete – Rules can be deleted by clicking the Delete button. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Packet Filters > Packet Filter Rules To Broadcast on One Network Segment: 1.

  • Page 103: Packet Filters > Icmp

    RouteFinder, it is recommended that you disable this rule so that the RouteFinder cannot be pinged anymore. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Packet Filters > ICMP...

  • Page 104: Packet Filters > Advanced

    Action – Select whether you want the packet to be forwarded or dropped. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) By default, packets from / via the WAN interface of the RouteFinder, destined to Enables/disables dropping of IP fragmented packets.

  • Page 105: Packet Filters > Enable/Disable Log

    Check this box to enable the logging of all access requests from private (LAN), service (DMZ), and public (WAN) network clients to send traffic to the RouteFinder itself on the administrative access port. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software...

  • Page 106: Vpn (Virtual Private Networks)

    Click the Add IKE Connection button. A screen displays for setting up an IKE connection. Add Manual Connection Click the Add Manual Connection button. A separate screen displays for setting up a manual connection. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software VPN > IPSec...

  • Page 107: Add An Ike Connection

    28800 seconds and the maximum is 86400 seconds. Number of Retries Specify the number of retries for the IPSec tunnel. Enter zero for unlimited retries. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software VPN > IPSec > Add IKE Connection...
  • Page 108 Check this option to enable broadcasts over the connection. It will allow computers on the network to share Microsoft file and printer sharing information. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software VPN > IPSec > IKE...
  • Page 109 Local WAN IP Select the Interface to initiate the IPSec tunnel (Left Security Gateway). Options are LAN, WAN, and DMZ. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software AH using MD5 –128 bit key AH using SHA1 –...
  • Page 110 Check this option to enable broadcasts over the connection. It will allow computers on the network to share Microsoft file and printer sharing information. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software VPN > IPSec > Manual...

  • Page 111: Vpn > X.509 Certificates

    If any packet has a specified source and destination network, the packet will be sent encrypted via the tunnel. Note: Packets are sent via the tunnels only if the tunnels are up and running. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software VPN > X.509 Certificates...

  • Page 112: Vpn > Pptp

    If an application such as online banking is not working after implementing the RouteFinder, you can see if any packets were filtered out and which rule was responsible for filtering them. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software...

  • Page 113: User Authentication

    The names of the users entered above display in this text box. If you wish to delete a name, click the Delete button. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software VPN > PPTP...

  • Page 114: Wizard Setup

    Click the PPPoE button. The corresponding entry fields will display. Enter the ADSL User Name and Password provided by the ISP for the PPPoE connection. DHCP Client When selected, no other fields display. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Wizard Setup...
  • Page 115 It is highly recommended that you change passwords. Save or Cancel When all of the parameters are set, click the Save button to activate them. Your RouteFinder is now configured. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 6 – RouteFinder Software Wizard Setup...

  • Page 116: Statistics & Logs

    Messages that someone should examine, such as why someone is sending UDP packets from port 20 to some arbitrary port above port 1024 (doesn‘t match any known protocol). Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Messages that should cause some action (email the administrator, start investigating Chapter 6 –...

  • Page 117: Statistics & Logs > Uptime

    The log files are updated every five minutes and displayed in the Hardware charts. What the Graphs Show The graph shows daily, weekly, monthly, and yearly CPU, RAM and SWAP utilization statistics. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Uptime >...

  • Page 118: Statistics And Logs > Networks

    The address of the next-hop router. Use Iface (User Interface) Indicates the name of the local interface from which the packet is to be sent. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Networks > Chapter 6 – RouteFinder Software...

  • Page 119: Network Connections

    DISCONNECTING – The socket is disconnecting. (empty) – The socket is not connected to another one. PID/Program Name Process ID (PID) and process name of the process that has the socket open. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Send-Q Local Address 0.0.0.0:22 TIME_WAIT.

  • Page 120: Statistics & Logs > Interfaces

    Click the DMZ Traffic button for a graphical overview of network traffic on the DMZ interface. Example Statistics are shown for daily, weekly, monthly, and yearly traffic. This example shows the daily graph for LAN traffic. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Interfaces > Chapter 6 – RouteFinder Software...

  • Page 121: Statistics & Logs > Smtp Proxy

    SMTP Status The SMTP Status displays the number of emails in the queue and the number of emails waiting to be processed. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) SMTP Proxy > Chapter 6 – RouteFinder Software...

  • Page 122: Statistics & Logs > Accounting

    If there are no entries in the drop down list box, you can add them on the Tracking > Accounting screen in the IP-Based Accounting section. VPN Based Accounting Displays the accounting information for all the IPSec tunnels that are currently enabled. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) > Accounting Chapter 6 – RouteFinder Software...

  • Page 123: Statistics & Logs > Self Monitor

    Click the Self Monitor Live Log button to open the report, which provides a record of the processes that have been restarted due to possible abnormal termination. Example of a Self Monitor Live Log Report Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Self Monitor >...

  • Page 124: Statistics & Logs > Ipsec

    The PPTP History of Calls displays information about users who have connected so far. It shows connect date and time, user name, interface on which the user is connected, original IP address of the user, and total traffic transmitted and received. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) IPSec >...

  • Page 125: Statistics & Logs > Packet Filter

    Select this option to view all logs listed above. Backup Logs Use this section of the screen to backup your log files or to delete the current log files. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Packet Filter >...

  • Page 126: Statistics & Logs > Port Scans

    Display the file • Search for a pattern in the file • Download the file Click Go. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Port Scans > iew Logs > V Chapter 6 – RouteFinder Software Statistics & Logs > Port Scan Logs...

  • Page 127: Statistics & Logs > Http Access

    (See HTTP screen at top of the page) The report provides IP addresses / user names of the users who have tried to access denied sites. You must configure Proxy > HTTP Proxy > URL Categorization in order to view this report. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) HTTP Access >...

  • Page 128: Statistics & Logs > Dhcp

    Chapter 6 – RouteFinder Software Statistics & Logs > DHCP Statistics & Logs DHCP > This live Log gives information about the DHCP leases that have been provided so far. Example of a DHCP Log Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)

  • Page 129: Statistics & Logs > Smtp & Pop3 Virus Quarantines

    Shows all traffic that is directed at the RouteFinder's currently configured administrative HTTP access port. This log view is enabled on the Administration > Administrative Access screen. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Statistics & Logs > SMTP & POP3 Virus Quarantines Statistics &...

  • Page 130: Chapter 7 - User Authentication Methods

    Many mixed scenarios are also possible. For example, you could have some local users being able to use the SOCKS service, plus a RADIUS server authenticating users for the HTTP proxy service. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 7 – User Authentication Methods...

  • Page 131: Authentication Setup

    Check the System Log in the NT/2000 Event Viewer; that's where NT/2000 puts information about RADIUS authentication requests. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) routefinder RADIUS Use the address of the RouteFinder's interface pointing "towards" the RADIUS server (this will be the "internal"...

  • Page 132: Setting Up Nt/2000 Sam (Smb) Authentication

    Finally, you need the default domain to authenticate against. This will be overridden if users specify their user name as <DOMAIN>\<USERNAME>. Otherwise, it will be filled in as the <DOMAIN> part. Caution: Disable the Guest account of your NT domain, since this one will allow Any username/password combination to pass! Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)

  • Page 133: Chapter 8 - Frequently Asked Questions (Faqs)

    Yes, in addition to providing shared Internet access, the RouteFinder can support a Web, FTP, or other Internet servers. Once configured, the RouteFinder only accepts unsolicited IP packets addressed to the web or ftp server. Refer to Chapter 3. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 8 – Frequently Asked Questions (FAQs)
  • Page 134 Firewall: RouteFinder Ethernet Interface: IP: 196.126.228.66 Netmask: 255.255.255.224 Def GW: 196.126.228.65 Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 8 – Frequently Asked Questions (FAQs) You cannot map: IP => IP IP-Range => IP IP => IP-Range (load balancing)
  • Page 135 (Cuba, Iran, Iraq, Libya, North Korea, Serbia, Sudan, Syria, and Taleban-controlled areas of Afghanistan, as of January 2000). Export to government end-users may also be approved, but under a license. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 8 – Frequently Asked Questions (FAQs)
  • Page 136 Go to Packet Filters > Packet Filter Rules and add the following rules: Any FTP_ALTControl FTP_Server This rule allows connections of clients to the FTP server. FTP_Server Any Any Allow Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 255.255.255.255 Allow Chapter 8 – Frequently Asked Questions (FAQs)
  • Page 137 For SOCKS V5, the clients can pass unresolved host names to SOCKS V5 servers to resolve. SOCKS will work if the SOCKS V5 client or SOCKS V5 servers can resolve a host. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) FTP_Server PASV_Range with no subject line and a one line body: subscribe <mailing-list>...
  • Page 138 Socks displays this log message when someone tries to use the SOCKS server as an HTTP proxy. ASCII code 71 is the letter "G", the first letter of an HTTP/1.0 request. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 8 – Frequently Asked Questions (FAQs)

  • Page 139: Chapter 9 - Troubleshooting

    Click Open Packet Filter LiveLog; a window opens with the rule violations listed in order of occurrence. Note: Packets dropped by the Drop setting in Packet Filters > Packet Filter Rules do not appear in the Packet Filter Livelog. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 9 – Troubleshooting...
  • Page 140 HTTP Access: displays a list of users and the Internet sites visited by them Refer to Chapter 3 of this manual for Statistics & Logs menu information. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Chapter 9 – Troubleshooting...

  • Page 141: Appendix A - Disposition Of Events For The Routefinder V3.2X

    Figure 13 – Snapshot of User Log Figure 14 – Snapshot of Fragmented Dropped Log Figure 15 – Snapshot of Log with ICMP Information Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) For ICSA Certification Based on The Modular Firewall Certification Criteria Baseline module - version 4.0...

  • Page 142: Abstract

    Authentication Log. Administrative Authentication Log corresponds to LO1.E of Baseline module - version 4.0, ICSA Labs. Figure 10 shows a snapshot of Administrative Authentication Log. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Appendix A – Disposition of Events...

  • Page 143: Ii. Inbound Access Log

    Description of Figure 2 The Access request originated from the source (204.26.122.9) to the destination (204.54.39.103) is accepted by the candidate firewall. Classified as Inbound Accepted. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) – Figure 1 Inbound Access –...

  • Page 144: Figure 3 - Inbound Access (Dnat With Connection Tracking)

    “CONTROL connection information” for this data connection. Dnat ip:port = 192.168.1.76:21” – This corresponds to the “CONTROL connection’s DNATTED ipaddress” for this data connection. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) 192.168.1.76:20:21” Inbound Log Inbound Log Appendix A – Disposition of Events –...

  • Page 145: Iii. Outbound Access Log

    Appendix A – Disposition of Events III. Outbound Access Log – Figure 4 Outbound Access – Figure 5 Snapshot of Outbound Access Log – Figure 6 Snapshot of Outbound Access Log (with Connection Tracking) Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)

  • Page 146: Iv. Access Requests Through Firewall Dropped

    Figure 7 V. Access Requests to Firewall Dropped Figure 8 – Access Requests to Firewall Dropped Figure 9 Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) – Snapshot of Through Firewall Dropped Log – Snapshot of To Firewall Dropped Log Appendix A –...

  • Page 147: Vi. Administrative Authentication Logs

    VIII. Startup History Log – Figure 12 Snapshot of Startup History IX. User Log – Figure 13 Snapshot of User Log X. Fragmented Dropped Log – Figure 14 Snapshot of Fragmented Dropped Log Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)

  • Page 148: Xi. Icmp Information

    Appendix A – Disposition of Events XI. ICMP Information Figure 15 – Snapshot of Log with ICMP Information Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)

  • Page 149: Appendix B - The Routefinder Rescue Kernel

    When using RF760VPN hardware, DO NOT specify version 3.00 ISO image. • LAN and WAN Interface configuration work during the Rescue Kernel setup only if you are reinstalling 3.1x ISO image and above. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Appendix B – The RouteFinder Rescue Kernel...

  • Page 150: Method 1 - How To Perform The Install Using No External Server

    If any of these questions are answered incorrectly, execute the ./create_netinstall_cfg command again and answer all questions correctly. Type in lilo -R RFNetInstall. Type in reboot. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Appendix B – The RouteFinder Rescue Kernel...

  • Page 151: Method 2 - How To Perform The Install Using An External Ftp Server

    If you answer y (yes), you can configure the LAN and WAN interface to match up with your network. Note: If any of these questions are answered incorrectly, execute the ./create_netinstall_cfg command again and answer all questions correctly. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Appendix B – The RouteFinder Rescue Kernel...

  • Page 152: Method 3 - How To Perform The Install If The Other Methods Fail Or If The File Systems Are Corrupted

    Configure your RouteFinder with live internet access. Then perform the live update to match the version you were running. Then import the backup configuration file. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Appendix B – The RouteFinder Rescue Kernel...

  • Page 153: Appendix C - Board Components, Hardware Upgrades & Add-Ons, Software Add-Ons, Overnight Replacement

    J6 has an arrow to designate pin 1. The hard drive ribbon cable is terminated with a connector for the HD as well as a connector for substituting a CD-ROM drive. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Tech Support before changing the component settings.

  • Page 154: Hardware Upgrades And Add-Ons

    Perform steps 1 through 4 in reverse order. Power up the RouteFinder and refer to Chapter 2 - Configuration. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) the microprocessor that provides processing power to the unit. The the memory component for the unit. The DIMM memory module can be upgraded The floppy drive connector (CN4) does not have a designator for pin 1.

  • Page 155: Memory Upgrade

    Rack Mount screws are provided to attach the brackets to the RouteFinder. It is up to you to provide the bracket-to-rack rack mounting screws that match your rack's thread size. Use the rack manufacturer's documentation and procedure to safely and securely install the RouteFinder in almost any 19" rack. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)

  • Page 156: Software Add-Ons

    Contract is renewable every two years* If you have any questions regarding the program, contact customer service at 1-888-288-5470. You may also visit our Web site at Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Description SSH IPSec VPN Client 1-User License...

  • Page 157: Appendix D - Cd-Rom Drive Adapter And Pin Out

    15 -------- 15 16 -------- 16 17 -------- 17 18 -------- 18 19 -------- 19 Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Appendix D – CD-ROM Drive Adapter and Pin Out 21 --------- 21 22 --------- 22 23 --------- 23...

  • Page 158: Appendix E - Routefinder Maintenance

    Authentication, Tracking, and Statistics & Logs in Chapter 3). For information on RouteFinder upgrades and add- ons refer to the preceding section, Software Upgrades and Add-ons. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Appendix E – RouteFinder Maintenance...
  • Page 159 Several commercial vulnerability scanners may also be used to scan for these vulnerabilities, and the SANS Institute maintains a list of all scanners that provide a focused Top Twenty scanning function at www.sans.org. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Appendix E – RouteFinder Maintenance...

  • Page 160: Appendix F - Ordering Accessories

    After you have selected all of your items, click Checkout to finalize the order. The SupplyNet site uses Verisign’s Secure Socket Layer (SSL) technology to ensure your complete shopping security. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Appendix F – Ordering Accessories...

  • Page 161: Appendix G - Technical Support

    Access Control (MAC) address to identify it and/or differentiate it from any other network-attached device. Also, note the status of your RouteFinder including LED indicators, screen messages, diagnostic test results, problems with a specific application, etc. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Appendix G - Technical Support By Phone...

  • Page 162: Appendix H - Multi-Tech Systems, Inc. Warranty And Repairs Policies

    Multi-Tech Warranty Statement Multi-Tech Systems, Inc., (hereafter “MTS”) warrants that its products will be free from defects in material or workmanship for a period of two, five, or ten years (depending on model) from date of purchase, or if proof of purchase is not provided, two, five, or ten years (depending on model) from date of shipment.

  • Page 163: Repair Procedures For International Distributors

    Appendix H - Multi-Tech Systems, Inc. Warranty and Repairs Policies Please direct your questions regarding technical matters, product configuration, verification that the product is defective, etc., to our Technical Support department nearest you or email support@multitech.com. When calling the U.S., please direct your questions regarding repair expediting, receiving, shipping, billing, etc., to our Repair Accounting department at +(763) 717-5631 in the U.S.A., or email...

  • Page 164: Appendix I - Regulatory Compliance

    No repairs are to be made by you. Repairs are to be made only by Multi-Tech Systems or its licensees. Unauthorized repairs void registration and warranty.
  • Page 165 This precaution may be particularly important in rural areas. Caution: Users should not attempt to make such connections themselves, but should contact the appropriate electric inspection authority, or electrician, as appropriate. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Appendix I – Regulatory Compliance...

  • Page 166: Appendix J - License Agreements

    Woodale Drive, Mounds View, MN 55112. This is a legal agreement between you (either an individual or a single entity) and Multi-Tech Systems, Inc. for the Multi-Tech software product enclosed, which includes computer software and may include associated media, printed materials, and "online" or electronic documentation ("SOFTWARE PRODUCT").
  • Page 167 Multi-Tech Systems, Inc. Copies of the Software may be made to replace worn or deteriorated copies, for archival, or back-up purposes.

  • Page 168: Gnu General Public License

    Sections 1 and 2 above on a medium customarily used for software interchange; or, Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Appendix J – License Agreements...
  • Page 169 FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Appendix J – License Agreements...

  • Page 170: Surfcontrol Url Filtering End-User Terms

    Licensee may not disclose, modify, adapt, translate, reverse engineer, disassemble, decompile or create derivative works from the Software or any portion of the Software, including, without limitation, any databases that comprise the Software, the organization of such databases Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Appendix J – License Agreements...
  • Page 171 LIABILITY OF SURFCONTROL AND ITS AFFILIATES, SUPPLIERS, AND/OR LICENSORS EXCEED THE AMOUNT PAID BY LICENSEE FOR THE SOFTWARE. THESE LIMITATIONS APPLY TO ALL CAUSES OF ACTION IN THE AGGREGATE, INCLUDING WITHOUT LIMITATION, BREACH OF CONTRACT, BREACH OF WARRANTY, SURFCONTROL’S NEGLIGENCE, STRICT LIABILITY, MISREPRESENTATION AND OTHER TORTS. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)
  • Page 172 License. All communications and notices given pursuant to this License will be in the English language. Should you have any questions concerning this License, please contact SurfControl in writing. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)

  • Page 173: Kaspersky Standard End User License Agreement

    (ii) Support Services will terminate unless renewed annually by payment of the then current annual support charge and by successful completion of the Support Services Subscription Form again. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Appendix J – License Agreements...

  • Page 174: Limited Warranty

    (iii) The liability of Kaspersky Lab for Misrepresentation as to a fundamental matter, including a matter fundamental to the maker's ability to perform its obligations under this Agreement, shall be subject to the limitation of liability set out in paragraph 7(iii). Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Appendix J – License Agreements...

  • Page 175: Appendix K - Waste Electrical And Electronic Equipment Directive (Weee)

    For more information about where you can drop off your waste equipment for recycling, please contact your local city office, your household waste disposal service or the seller from whom you purchased the product. 06/27/2005 Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)

  • Page 176: Glossary

    – The address that a computer refers to if it wants to address all the computers of a network. Example: for a network with the IP address 212.6.145.0 and a net mask 225.225.225.240, a broadcast would be the address 212.6.145.15. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)
  • Page 177 DES (Data Encryption Standard) – A secret key encryption scheme; contrast with “public key”. DES is an NIST standard for a secret key cryptography method that uses a 56-bit key. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)
  • Page 178 (called cipher text) using an encryption algorithm. The cipher text is decoded (decrypted) at the receiving end, and is converted back into plain text. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) – An IETF standard for dynamically allocating and managing a pool of IP –...
  • Page 179 – A computer that allows users to communicate with other host computers on a network. Individual users communicate by using application programs, such as electronic mail, Telnet, and FTP. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) – An authentication protocol much like AH. IP ESP may be applied in combination...
  • Page 180 L2TP is defined in IETF RFC 2661. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) – The international standards body that has standardized the IP protocol and most...
  • Page 181 IP address (i.e. if he starts an HTTP request into the Internet, his IP address is replaced by the IP address of the external network card). This way, the data packet entering the external network (Internet) contains no internal information.
  • Page 182 In public-key systems, one key can be kept private while the other key is made public. Knowing that the public key does not reveal the private key. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) – An IETF standard which provides the ability to connect a network of –...
  • Page 183 The general policy sets the overall approach to security. The rules define what is and what is not allowed. The security policy describes how data is protected, which traffic is allowed or denied, and who is able to use the network resources. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Glossary...
  • Page 184 – The Internet standard protocol for remote terminal connection service. It is defined in IETF RFC 854 and extended with options by many other RFCs. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) – The algorithm designed by NSA, and is part of the U.S. Digital Signature –...
  • Page 185 Internet. A VPN can use encryption, user authentication, and/or firewall protection to solve remote access security threats. WAN (Wide Area Network) – A data network, typically extending a LAN beyond a building or campus, linking to other (remote) LANs. Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D)

  • Page 186: Index

    Browser...24 Cabling...23 Case-sensitive password ...25 CD-ROM - Adding...155 Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) CD-ROM Drive Adapter Dimensions... 157 CD-ROM Drive Adapter Pin Out... 157 Certificate of Authority Generation ... 111 Change the country/region code ... 86 Changing Passwords ...
  • Page 187 IPSec Logs ...124 IPSec VPN client software ...8 ISO Image Directions...149 ISO Layers and TCP/IP ...19 Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Kaspersky Standard End User License Agreement ... 173 Key exchanges... 7 Keyboard Connection... 155 LAN ... 17 LAN eth0 ...
  • Page 188 Recovery CD ...9 Regulatory Information...164 Remote Client-to-LAN setup ...36 Remote Syslog Host ...44 Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Remote User ... 15 Remote User example ... 20 Removing the Top Cover ... 154 Reporting function ... 7 Rescue Kernel...
  • Page 189 Traffic monitoring and reporting ...7 Transparent mode ...66 Troubleshooting ...139 Tunnels ...15 Typical applications ...20 Multi-Tech Systems, Inc. RouteFinderVPN RF760/660/600VPN User Guide (PN S000323D) Update Service... 96 Updating... 159 Upgrade the Processor ... 154 Uptime Logs ... 117 URL Categories... 67 URL Categorization...

This manual is also suitable for:

Rf760Rf660Routefinder rf600vpnRoutefinder rf660vpnRoutefinder rf760vpn

Table of Contents