1. Manuals
  2. Brands
  3. Secure Computing Manuals
  4. Network Hardware
  5. sidewinder
  6. Startup manual

Secure Computing sidewinder Startup Manual

Network gateway security
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
S
G
TARTUP
UIDE
Sidewinder
Network Gateway Security
Version 7.0
www.securecomputing.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the sidewinder and is the answer not in the manual?

Questions and answers

Summary of Contents for Secure Computing sidewinder

  • Page 1 TARTUP UIDE Sidewinder Network Gateway Security Version 7.0 www.securecomputing.com...
  • Page 3 TARTUP UIDE Sidewinder Network Gateway Security Version 7.0...

  • Page 5: Software License Agreement

    1.2 "Sidewinder Software" means the machine-readable object-code version of Secure Computing's Sidewinder software as indicated on your invoice and any updates or revisions of the Sidewinder Software that you may receive. 1.3 "Software Module" shall mean software applications that Secure Computing licenses to its customers in addition to the Sidewinder Software (for example, without limitation, anti-virus software, anti-spam software and web filtering software) as indicated on your invoice and any updates or revisions of the Software Module that you may receive.
  • Page 6 12. GENERAL. Any waiver of or modification to the terms of this Agreement will not be effective unless executed in writing and signed by Secure Computing. If any provision of this Agreement is held to be unenforceable, in whole or in part, such holding shall not affect the validity of the other provisions of this Agreement.
  • Page 7 Other Terms and Conditions This product includes software developed by Cavium Networks. Copyright © 2003-2005 Cavium Networks (support@cavium.com). All rights reserved. This product includes software developed by Tarari, Inc. Copyright © 2003-2007 Tarari, Inc. All rights reserved. This product includes software and algorithms developed by RSA Data Security Inc., including the RSA Data Security, Inc. MD5 Message Digest Algorithm.

  • Page 8: Technical Support Information

    Secure Computing works closely with our reseller partners to offer the best worldwide Technical Support services. Your Secure Computing reseller is the first line of support when you have questions about our products and services; however, if you require additional assistance, contact us directly.

  • Page 9: Table Of Contents

    Sidewinder environment ........3...
  • Page 10 Using a locally attached terminal ......34 Setting up the Sidewinder appliance ......34 Configuring your serial connection .

  • Page 11: Preface

    Who should read This guide is for anyone assigned to initially set up a Sidewinder Network Gateway appliance. It assumes you are familiar with networks and network this guide terminology.
  • Page 12 Articles include helpful troubleshooting tips and commands. All manuals and application notes are also posted here. The Knowledge Base is located at www.securecomputing.com/goto/kb. Tip: For the latest information regarding Sidewinder appliance and other Secure Computing products, see our web site at: www.securecomputing.com. viii...

  • Page 13: Installation Overview

    Installation Overview HAPTER In this chapter... Shipment contents................2 Sidewinder environment..............3 Selecting the best startup method............4 Checklist for success................5...

  • Page 14: Shipment Contents

    Shipment contents Shipment Before configuring your Sidewinder network gateway security appliance, ensure that you have received all Sidewinder components. In addition to this contents document, you should have the Management Tools CD, the Installation-Disk Imaging CD, and system hardware pre-loaded with Sidewinder software.

  • Page 15: Sidewinder Environment

    Note: If you have experience setting up a Sidewinder appliance, this may be the only chapter you need to read. If you are new to the Sidewinder appliance or want a environment more thorough explanation about each startup task, this chapter points where you can go for those details.

  • Page 16: Selecting The Best Startup Method

    Chapter 1: Installation Overview Selecting the best startup method Selecting the The following figures provide snapshots of the different initial configuration methods. The most common method, using the Quick Start Wizard while best startup directly connected to an appliance, is also reflected in the checklist starting on method page 5.

  • Page 17: Checklist For Success

    (shown in Figure 3 and Figure 4) are described in Appendix A. Use the checklist to mark off each step as you complete it. For guidance on managing and customizing a Sidewinder appliance after the initial configuration, see the Sidewinder Administration Guide.
  • Page 18 Check for recently released patches: www.securecomputing.com/goto/updates Read the section titled “Performing other post-startup tasks” on page 31. It lists tasks that serve as a good starting point for implementing your policy. Complete details are provided in the Sidewinder Administration Guide.

  • Page 19: Planning Considerations

    Planning Considerations HAPTER In this chapter... Learning about network perimeter security ........8 Preparing your Quick Start Wizard responses .........8 Preparing an integration schedule..........13...

  • Page 20: Learning About Network Perimeter Security

    Chapter 2: Planning Considerations Learning about network perimeter security Learning about If you are new to the Sidewinder Network Gateway appliance, Secure Computing recommends you spend some time reviewing network perimeter network security concepts and basic issues relevant to integrating a Sidewinder perimeter appliance into your existing network.
  • Page 21 Chapter 2: Planning Considerations Preparing your Quick Start Wizard responses Which services do you want the appliance to allow? Select the set of services to allow. The following options are available and described in Table 1 on page 9: • Allow administrative services only —...
  • Page 22 Preparing your Quick Start Wizard responses What is your appliance’s fully qualified hostname? Sidewinder appliance hostname: _________________________________ Enter the hostname by which the appliance will be known on the external burb (Internet). Determine a naming scheme for your appliances or select a name that fits with your existing scheme.
  • Page 23 Chapter 2: Planning Considerations Preparing your Quick Start Wizard responses What is your DNS resolver’s IP address? Primary IP address: ___________________________________________ (Optional) Secondary IP address: ________________________________ Enter the IP address of the preferred primary DNS resolver to handle your appliance’s DNS requests. You may enter an optional alternate DNS resolver. This can be a different primary DNS resolver in the other burb (one in the external burb, another in the internal burb), or an alternative server in the same burb to query if the DNS server at the first IP address does not respond.
  • Page 24 Chapter 2: Planning Considerations Preparing your Quick Start Wizard responses Do you need to configure a route to reach from your appliance to the computer installed with the Admin Console? Yes, to the following location: Admin Console’s IP address: _________________________________ Netmask: ________________________________________________ Gateway to reach Admin Console: _____________________________ Note: If the external interface uses DHCP, your Admin Console must be in the...

  • Page 25: Preparing An Integration Schedule

    • Notify your ISP of the date that your network traffic will start flowing through the Sidewinder. This task is necessary only if your company has an existing Internet presence. The ISP must then change your mail exchanger (MX) and name server records to point to the appliance’s external IP address.
  • Page 26 Include time for preparation, the physical installation of the appliance, and time to test critical features and services. Note: An experienced Sidewinder appliance installer requires approximately eight hours to complete the installation, configuration, and testing of a basic installation. Adjust this amount accordingly based on your experience level and the complexity of your security policy and test plan.

  • Page 27: Setting Up The Management Tools

    Setting Up the HAPTER Management Tools In this chapter... Verifying management system requirements .........16 Installing the Management Tools............17...

  • Page 28: Verifying Management System Requirements

    Chapter 3: Setting Up the Management Tools Verifying management system requirements Verifying This section describes the hardware requirements for installing and running administration software for your Sidewinder appliance. Verify that you have a management system that meets or exceeds the requirements in Table 2. system...

  • Page 29: Installing The Management Tools

    Chapter 3: Setting Up the Management Tools Installing the Management Tools Installing the This section leads you through installing the Management Tools on a Windows- based system. The Management Tools include production documentation and Management the following applications: Tools • The Quick Start Wizard creates the initial configuration.
  • Page 30 Chapter 3: Setting Up the Management Tools Installing the Management Tools To install the Sidewinder Management Tools, do the following: 1 Insert the Sidewinder Management Tools CD into the CD-ROM drive. The Welcome window appears. Note: If the Sidewinder InstallShield program does not automatically start, use Windows Explorer to view the CD-ROM ‘s contents and then go to...

  • Page 31: Configuring Your Sidewinder Appliance

    Configuring your HAPTER Sidewinder Appliance In this chapter... Setting up the hardware ..............20 Running the Quick Start Wizard .............20...

  • Page 32: Setting Up The Hardware

    4 Power on your Sidewinder appliance. 5 Using the serial cable provided in your Sidewinder appliance shipment, connect one end of the cable to the appliance and the other end to a Windows computer installed with the Management Tools.
  • Page 33 Chapter 4: Configuring your Sidewinder Appliance Running the Quick Start Wizard Table 3: Quick Start Wizard sequence Quick Start Wizard sequence Actions 1 Select Create Configuration. 2 Click Next. Note: This table assumes you are creating a new configuration. If you are using a previously saved configuration, follow the on-screen instructions.
  • Page 34 Chapter 4: Configuring your Sidewinder Appliance Running the Quick Start Wizard Quick Start Wizard sequence Actions 1 Enter your appliance ’s fully qualified hostname (for example.com example, sidewinder. appliance 2 In the external interface area, select how the should get its external address: •...
  • Page 35 If you want to save this configuration to import at a later time, click Save Configuration. Follow the on-screen instructions. • If the system running the Quick Start Wizard is attached to your Sidewinder with a serial cable, click Next. More...
  • Page 36 Chapter 4: Configuring your Sidewinder Appliance Running the Quick Start Wizard Quick Start Wizard sequence Actions If your management system has more than one COM port, a port selection window appears. 1 Select which serial port to use. 2 Click Next.

  • Page 37: Managing Your Sidewinder Appliance

    Managing your HAPTER Sidewinder Appliance In this chapter... Starting the Admin Console............26 Activating the license..............27 Performing other post-startup tasks ..........31...

  • Page 38: Starting The Admin Console

    Sidewinder Management Tools. Note: You cannot connect to a 6.x version of the Sidewinder appliance using a 7.x Admin Console. Using the information you provided in the Quick Start Wizard, do the following...

  • Page 39: Activating The License

    Strong Cryptography To manually activate your license, you can perform these procedures: • “Licensing an isolated Sidewinder appliance” on page 28 • “Licensing an internet-connected Sidewinder appliance” on page 30 Important: If at any time you change the terms of your support contract, purchase additional features, or perform a major version upgrade, you are required to re- license your system.

  • Page 40: Licensing An Isolated Sidewinder Appliance

    Bring a copy of the serial number and firewall ID with you to the web-accessible computer. 7 Use a web browser to access the Sidewinder activation web page: https://www.securecomputing.com/cgi-bin/sidewinder-activation.cgi 8 Complete the form on the web site and click .
  • Page 41 Chapter 5: Managing your Sidewinder Appliance Activating the license 14 Click the button to import the key into the appliance. Enter Import Key... information in the following fields: • Source — Select Local File. • File — Click the Browse button and navigate to the activation key file.

  • Page 42: Licensing An Internet-Connected Sidewinder Appliance

    Console. To activate an internet-connected appliance: 1 From your Windows computer, select Start > Programs > Secure Computing > Sidewinder 7 Admin Console > Admin Console 2 Select Maintenance > License 3 On the tab, enter the requested information, referring to the Contact administrator of this particular appliance.

  • Page 43: Performing Other Post-Startup Tasks

    Chapter 5: Managing your Sidewinder Appliance Performing other post-startup tasks Performing other Use the Sidewinder Administration Guide for instructions on how to create access control rules and accomplish other tasks defined by your security post-startup policy. The table below suggests a list of tasks that, depending on your site’s tasks configuration, may be beneficial starting points for implementing your policy.
  • Page 44 Chapter 5: Managing your Sidewinder Appliance Performing other post-startup tasks Task Notes Refer to... Run Reconfigure Configure your basic mail services using See the “Electronic Mail” chapter Sidewinder Administration Mail the Reconfigure Mail tool. After of the Guide. configuration is complete, create the necessary objects and rules.

  • Page 45: Appendix

    Other Quick Start PPENDIX Methods In this appendix... Using a locally attached terminal............34 Saving your initial configuration to removable media .....37...

  • Page 46: Using A Locally Attached Terminal

    1 Use a diagram of your network to determine the proper placement of your Sidewinder appliance. Your appliance must be able to reach the appropriate routers, subnets, and servers (such as mail servers and name servers).

  • Page 47: Configuring Your Serial Connection

    Appendix A: Other Quick Start Methods Using a locally attached terminal Configuring your serial connection When connecting with a terminal emulator, you will need to set the parameters listed in Table 5. Table 5: Serial connection settings Port settings Values Bits per second 9600 Data bits...

  • Page 48: Running The Quick Start Program

    Enter 3 While the reboots, disconnect the terminal cable. appliance Go to a Windows-based computer installed with the Sidewinder Management Tools to begin managing your appliance Tip: For more information, see Chapter 3, Setting Up the Management Tools, and Chapter 5, Managing your Sidewinder Appliance.

  • Page 49: Saving Your Initial Configuration To Removable Media

    Preparing the systems Install the Sidewinder Management Tools on the Windows computer: 1 Insert the Sidewinder Management Tools CD into the CD-ROM drive. The initial setup window appears. (If the Admin Console installation program does not automatically start, use Windows Explorer to view the CD-ROM’s contents and then go to \Install\Setup.exe...

  • Page 50: Running The Quick Start Wizard

    3 From the Windows desktop, select Start > Programs > Secure Computing > Sidewinder 7 Admin Console > Quick Start Wizard 4 Answer the Quick Start Wizard questions as appropriate for your site. If you need more information about a window, click the button.
  • Page 51 Appendix A: Other Quick Start Methods Saving your initial configuration to removable media 6 Select , then select the appropriate drive from the Save to removable media drop-down list. If the appropriate drive doesn’t appear in the list, verify that the media is inserted, then click Refresh Figure 10: Save...

  • Page 52: Powering On The Sidewinder Appliance

    Secure Computing activation server. If your appliance did not get licensed during initial configuration, the Sidewinder appliance will operate for seven days with a trial license. These features are licensed during the trial period: •...

  • Page 53: Appendix B Tips And Troubleshooting

    Tips and PPENDIX Troubleshooting In this appendix... Troubleshooting newly installed or re-imaged appliances....42 Troubleshooting connectivity and misconfiguration difficulties ..43 Verifying interface information ............44 Note: These tips and processes are suggestions for resolving basic problems only and are not intended to replace qualified technical assistance.

  • Page 54: Troubleshooting Technical Difficulties And Configuration Issues

    Appendix B: Tips and Troubleshooting Troubleshooting technical difficulties and configuration issues Troubleshooting Use this section to identify and resolve issues on your Sidewinder appliance technical • See “Troubleshooting newly installed or re-imaged appliances” on page 42 difficulties and for troubleshooting steps on these issues.

  • Page 55: Troubleshooting Connectivity And Misconfiguration Difficulties

    These problems are most likely to occur immediately after initialization. Tip: Set up a local console to troubleshoot Sidewinder appliance problems. For information on using a serial terminal connection with the appliance, see Knowledge Base article 3719 at www.securecomputing.com/supportkb.cfm...

  • Page 56: Verifying Interface Information

    Follow standard troubleshooting techniques to resolve the problem. Note: The external interface on the Sidewinder appliance is automatically configured to discard ping requests. If any information is incorrect, enter man ifconfig (temporary changes)
  • Page 57 Appendix B: Tips and Troubleshooting Verifying interface information 5 Send a ping from each interface by entering the following command: IPaddr ping where IPaddr is the address of another host (configured to respond to ICMP ping requests) on the same network segment as the appliance •...
  • Page 58 Appendix B: Tips and Troubleshooting Verifying interface information...

  • Page 59: Glossary

    Rules determine whether that traffic will be allowed to continue to its destination. activation key When Secure Computing receives your serial number together with your firewall ID, it returns a key that enables your system’s features and add-on modules.
  • Page 60 A network component used to connect two or more networks that may use dissimilar protocols and data transmission media. High Availability (HA) A feature that allows a second Sidewinder to be configured either in a load sharing capacity or in “hot backup" (secondary or standby) mode. host Any computer connected to a network, for example, a workstation, router, firewall, or server.
  • Page 61 A shorter term for communications protocol; provides a formal set of rules for sending and receiving data on a communication line. TCP and UDP are examples of protocols. proxy A software agent on a Sidewinder that acts on behalf of a user appliance requesting a network connection through the .
  • Page 62 Information is stored on multiple hard disks to provide redundancy. Using individual disks) RAID can improve performance and fault-tolerance. registration The process of authenticating one Sidewinder system to an HA cluster or One-To-Many cluster. This process establishes an encrypted, trusted connection between the two systems. registration key Character string used for authentication during the registration process.

  • Page 63: Index

    NDEX date and time 24 default policy 9 default route 22 activation deleting management tools 18 certificate 2 – DHCP 10 how to 27 troubleshooting 43 hosted 13 addendum viii resolver IP addresses 11 Admin Console resolvers 22 installation 18 rules 9 requirements 16 troubleshooting 43...
  • Page 64 20 provided in your shipment 2 text-mode program 34 uses during Quick Start process 4 Netscape 16 using to manage Sidewinder 24 netstat 44 serial number 8 network interface card requirements 16 serial port requirements 16 settings 35...
  • Page 65 31 USB 4 username 23 Web sites activation 28 application notes vii free online training 8 knowledge base vii Release Notes 5 Secure Computing vii upgrades 6 warranty information 2 Windows 2000 16 Windows 2000 Server 16 Windows XP 16...
  • Page 66 Index...
  • Page 68 © 2007 Secure Computing Corporation. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Secure Computing Corporation.

Table of Contents