Web-accessible Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering as well as Symantec Security Response to provide Alerting Services and Virus Definition Updates for virus outbreaks and security alerts.
American English. For support in other languages, select the language for the appropriate Global Site, then select the continue link for enterprise. Customers with Platinum support agreements may contact Platinum Technical Support by accessing the Platinum Web site at https://www-secure.symantec.com/platinum. When contacting the Technical Support group, have the following information available: Product release level...
Symantec Gateway Security 1600 Series back panel features ..............10 Connecting an uninterruptible power supply .......................11 Resetting the appliance to factory defaults ......................12 Restoring the appliance firmware with the Symantec Gateway Security OS Restore CD-ROM ....13 Chapter 2 Developing a security plan Defining your security policy ..........................15...
Symantec Gateway Security 1600 Series appliance. Read the installation instructions and heed all warnings before connecting the appliance to its power source. See the Symantec Gateway Security 1600 Series Getting Started Guide for all warning information about the Symantec Gateway Security 1600 Series appliances.
Installing the appliance Installing the Symantec Gateway Security 1600 Series appliance You can install the Symantec Gateway Security 1600 Series appliance on a flat surface or in a rack. When preparing to install your appliance, refer to the following guidelines: Prepare a smooth and level surface Place the appliance on a smooth and level surface, such as the top of a computer table or in a rack.
Using the mounting screws provided with the rack, secure the mounting brackets to the equipment rack. Symantec Gateway Security 1600 Series hardware The Symantec Gateway Security 1600 Series v3.0 consists of the models 1620 and 1660. Both models run the same software and have the same front panel features. Front panel status indicators The front panel of the Symantec Gateway Security 1600 Series v3.0 contains status indicators to...
Symantec Gateway Security 1600 Series back panel features This section describes the back panel features of the Symantec Gateway Security 1600 Series v3.0. All models of the Symantec Gateway Security 1600 Series appliances have Ethernet ports which can connect to 10/100/1000 Base-T networks.
UPS unit through a USB port. The recommended supplier for UPS units is American Power Conversion (www.apcc.com). The UPS unit must support USB ports. Units that support serial ports only do not work with Symantec Gateway Security 1600 Series appliances.
See the Symantec Gateway Security 1600 Series Getting Started Guide for more information. You can also reset the appliance to factory defaults using the serial console menu. See the Symantec Gateway Security 1600 Series Administration Guide for more information.
Once the Symantec Gateway Security OS Restore CD-ROM boots, it will tell you whether it found the appropriate hardware to continue the process. If it cannot use your network card, locate another computer with a different network interface type.
Page 14
ROM from the drive. The CD-ROM is not ejected automatically during the restart. Turn on the security gateway using the power switch, and then perform the initial setup process again. For information regarding initial setup, see the Symantec Gateway Security 1600 Series Getting Started Guide.
Networking and applications software Information in files and databases The firewall component of Symantec Gateway Security 1600 Series v3.0 is the main tool for enforcing access security gateway access, allowing you to define a set of rules that allow or deny access to specific resources throughout your network.
Developing a security plan Educating users What external users will have access to your network? Where will they come from and where do you want to allow them to go? During what hours? For what period of time? Do you intend to implement a service network? Do you intend to implement a de-militarized zone (DMZ)? What types of services do you want to allow for external users and hosts? What type of authentication will you require for external users? (Strong authentication is...
Developing a security plan Security policy worksheets For instance, if you plan to limit Web services to a single server during specific hours, let this be known to the affected groups and users. If you plan to pass all email through a dedicated server, or if external users will be disallowed from accessing certain systems by Telnet, consider passing these changes along before implementation.
Page 18
Developing a security plan Security policy worksheets What are your network access points? ______________________________________________________________________ ______________________________________________________________________ Name of the primary administrator: ____________________________________ Table 2-1 to list all persons involved in administering the system. Table 2-1 Administrator names Name Email Phone Pager ______________________ ______________________ ______________________...
_____ Email _____ Pager _____ Client program _____ SNMP V1 _____ SNMP V2 15 Do you have other Symantec security gateways on your network now? _____ Yes _____ No 16 If yes, what version? ________________________________ 17 Do you plan to combine security gateways for failover?
_____ Yes _____ No If yes, list. ______________________________________________________________________ ______________________________________________________________________ Will you be using Symantec Client VPN? _____ Yes _____ No Collecting your TCP/IP address It is important to think about the TCP/IP requirements for your site. This includes information about running Domain Name Services (DNS), types and names of domains on your network, and making a list of protocols used that need to pass through your security gateway.
Developing a security plan Security policy worksheets Do you have someone at your site who is knowledgeable about, and comfortable working with DNS and how to configure it properly? _____ Yes _____ No If yes, who? ______________________________________________________________________ Check the address types being used at your site: _____ Registered IP address _____ Private IP address (RFC 1918) _____ Unregistered IP address...
Page 22
Developing a security plan Security policy worksheets To define your allowed TCP/IP services Table 2-2 and check the access type (if any) you will allow for the following services. Table 2-2 Allowed TCP/IP access type Access group All users All internal users Selected group No access Table 2-3...
Developing a security plan Security policy worksheets Collecting email information for security gateway notifications You need to know information about email notifications. Use this section to collect data such as type of mail server, mail server IP address, and mail transport protocol. To collect email information for security gateway notifications Record the name and IP address of your mail server: Name: __________________________________...
Developing a security plan Security policy worksheets Will you be using an external caching/proxy server? If Yes, record the server name and IP address. _____ Yes _____ No Proxy server name:___________ Address:______________ Do you plan to use the content filtering service for security gateway? _____ Yes _____ No Do you plan to restrict access to any specific URLs?
Developing a security plan Security policy worksheets Table 2-5 Entity identification (Continued) IP address/Fully qualified domain Entity type Internal/external name _______________________ _______________________ _______________________ Table 2-6 to list all allowed user identities. Table 2-6 User identification User name Group name Client VPN Clientless VPN ________________________________ _______________________...
Page 26
Developing a security plan Security policy worksheets Table 2-7 to create a list of all internal servers. Your internal network consists of at least the security gateway host and a router. Table 2-7 Internal network servers DNS name services Mail server Web server Other server Service...
Page 27
Developing a security plan Security policy worksheets Table 2-10 to list your router IP addresses. Table 2-10 Router IP addresses Router IP addresses ______________________________________ _______________________________________ ______________________________________ _______________________________________ ______________________________________ _______________________________________ ______________________________________ _______________________________________ ______________________________________ _______________________________________ Your external network can also include external servers, such as an external Web server. Use Table 2- to list all external network servers.
Page 28
Developing a security plan Security policy worksheets...