Planet CS-2000 User Manual

Utm content security gateway

page of 569

/ 569
Contents
Table of Contents
Bookmarks

Table of Contents

Quick Links

Download this manual

CS-2000 UTM Content Security Gateway User's Manual

UTM Content Security

Gateway

CS-2000

User's Manual

Table of Contents

Summary of Contents for Planet CS-2000

Page 1 CS-2000 UTM Content Security Gateway User’s Manual UTM Content Security Gateway CS-2000 User’s Manual...
Page 2: Federal Communication Commission Interference Statement
Information in this User’s Manual is subject to change without notice and does not represent a commitment on the part of PLANET. PLANET assumes no responsibility for any inaccuracies that may be contained in this User’s Manual. PLANET makes no commitment to update or keep current the information in this User’s Manual, and reserves the right to make improvements to this User’s Manual and/or to the products described...
Page 3: Customer Service
CS-2000 UTM Content Security Gateway User’s Manual FCC Caution: To assure continued compliance (example-use only shielded interface cables when connecting to computer or peripheral devices). Any changes or modifications not expressly approved by the party responsible for compliance could void the user’s authority to operate the equipment.
Page 4: Table Of Contents
CS-2000 UTM Content Security Gateway User’s Manual Table of Contents CHAPTER 1: INTRODUCTION ........................1 1.1 F ................................1 EATURES 1.2 P .............................. 2 ACKAGE ONTENTS 1.3 CS-2000 F ............................3 RONT 1.4 S ................................ 3 PECIFICATION CHAPTER 2: HARDWARE INSTALLATION....................5 CHAPTER 3: SYSTEM .............................
Page 5 CS-2000 UTM Content Security Gateway User’s Manual 5.5.2 Example 2 RADIUS Server Authentication..................84 5.5.3 Example 3 POP3 Server Authentication ..................98 5.5.4 Example 4 LDAP Server Authentication ..................101 5.6 C ............................115 ONTENT LOCKING 5.7 IM/P2P B .............................. 127 LOCKING 5.8 V...
Page 6 CS-2000 UTM Content Security Gateway User’s Manual CHAPTER 8: IDP ............................420 8.1 C ................................. 420 ONFIGURE 8.2 S ................................425 IGNATURE 8.2.1 Anomaly ............................426 8.2.2 Pre-defined ..........................427 8.3 IDP R ................................ 434 EPORT 8.3.1 Setting ............................435 8.3.2 Statistics............................
Page 7: Chapter 1: Introduction
The CS-2000 not only can filter spam and virus mail, the IDP and firewall functions can defense hacker and blaster attack from Internet or Intranet. The completely function in one device can provide you an excellent security solution and the secure environment than ever.
Page 8: Package Contents
(MSN, Yahoo Messenger, ICQ, QQ, Skype and Google Talk) and Download / Upload. If there are new updated version of P2P or IM software in client side, CS-2000 will detect the difference and update the Content Filtering pattern to renew the filtering mechanism.
Page 9: Cs-2000 Front View
CS-2000 UTM Content Security Gateway User’s Manual 1.3 CS-2000 Front View CS-2000 Front Panel LED / Port Definition LED / Port Description Power is supplied to this device. Blinks to indicate this devise is being to access the Hard Disk.
Page 10 CS-2000 UTM Content Security Gateway User’s Manual VPN Tunnels 200 / 1000 (Connection/Configure) VPN Function IPSec, SSL VPN, PPTP server and client DES, 3DES and AES encrypting SHA-1 / MD5 authentication algorithm Remote access VPN (Client-to-Site) and Site to Site VPN...
Page 11: Chapter 2: Hardware Installation
CS-2000 UTM Content Security Gateway User’s Manual Chapter 2: Hardware Installation Deployment ADW-4401v2 ADW-4302v2 WAN1 WAN2 61.11.11.11 61.22.22.22 CS-2000 Transparent Mode 192.168.1.1 Mail Server 61.11.11.13 WGSW-2840 Co-Defense Authentication RADIUS Server LAN PC1 LAN PC2 LAN PC3 192.168.1.2 192.168.1.5 192.168.1.3 192.168.1.4...
Page 12 CS-2000 UTM Content Security Gateway User’s Manual The CS-2000’s Web UI contains two panes. The right pane is an “operation window”. At the top of the “operation window” is a bar that shows Main Function Sub Function and under the bar is a “working window.”...
Page 13: Chapter 3: System
Generally speaking, the system administration refers to the privileges of log in/out, monitor and control the CS-2000 appliance with some relevant settings. In this Chapter, the system administration will be defined as the management of the MIS engineer, Permitted IPs, System Log-Out and Software Update.
Page 14 The default chief administrator can add or modify the other admin to be the sub admin or chief admin; otherwise the other chief admin can modify its privilege to be the sub admin but can not be deleted. The CS-2000 appliance still force to reserve a chief admin. Privilege: Chief administrator has the Write/Read/View privilege.
Page 15: Admin
CS-2000 UTM Content Security Gateway User’s Manual 3.1.1 Admin Step 1. Click Admin New Sub-Admin. Step 2. In Add New Sub Admin , add the settings : Sub Admin name: sub_admin. Password: 12345. Confirm Password: 12345. If the admin select Write Access and View Log & Report Privilege, the new sub-admin becomes chief admin.
Page 16 CS-2000 UTM Content Security Gateway User’s Manual Changing the Main/Sub-Administrator’s Password Step 1. In Admin, select the admin to change, correspond to the Configure Modify. Step 2. In Modify Admin Password , enter the following information: Password: admin. New Password: 52364.
Page 17: Permitted Ips
To activate Permitted IPs, click Interface LAN, WAN and DMZ to uncheck Ping, HTTP and HTTPS. However, Permitted IPs must be set before the cancellation of HTTP and HTTPS, or MIS engineer can not enter CS-2000’s Web UI via the appointed interface. - 11 -...
Page 18: Software Update
CS-2000 UTM Content Security Gateway User’s Manual 3.1.3 Software Update Step1. In System Administration Software Update In Version Number, to know the version number, then connect to network and download the latest version in the CS-2000 appliance. Click Browse Choose File, select the latest update file and open it.
Page 19: Configure
CS-2000’s remote management. Set up the idle timeout as the MIS engineer log into the CS-2000 appliance. The CS-2000 appliance will forced to logout the Web UI as the MIS engineer did not process any system monitoring or management.
Page 20 RIPv2 packets and the router will automatically cancel the dynamic routing table.) SIP Protocol pass-through If enable the function, all the SIP packets pass through the CS-2000 will be first processed then sent out. Administration Packet Logging After enabled this function, the system will record its packet information in Monitor Traffic for the MIS engineer to query.
Page 21 CS-2000 UTM Content Security Gateway User’s Manual line and the company is divided into R&D, Customer Service, Sales, Procurement, and Accounting Department. For easy management, assign different IP segment for each department. The settings are as the following: R&D Dep.
Page 22: Dynamic Dns
CS-2000 UTM Content Security Gateway User’s Manual Dynamic DNS Domain Name The domain name that the MIS engineer applied from the DDNS provider. WAN IP The real IP which the domain name correspond to. Host Table Host Name Customized by the MIS engineer. The internal user can access the resources provided by a corresponded host.
Page 23: Setting
Export System Setting to Client. Step2. In File Download window, click Save. Then, choose the destination location to save the exported file. Finally, click Save for CS-2000 to copy the configuration file to the appointed storage location. Choose the save location...
Page 24 CS-2000 UTM Content Security Gateway User’s Manual Importing CS-2000 settings Step1. In Setting window, click Browse near Import System Setting from Client. Step2. In Choose File window, select the previously saved settings and click Open. Step3. Click Open, and a confirmation dialogue box pop out.
Page 25 CS-2000 UTM Content Security Gateway User’s Manual Restoring Factory Settings and Format Hard Disk Step1. In Setting Backup/Restore Configuration, select Restore Factory Setting and Format Hard Disk. Step2. Click OK to restore the default settings and format the hard disk at the same time.
Page 26 CS-2000 UTM Content Security Gateway User’s Manual System Name Setting and Email Setting Step1. Company Name: Enter the unit name which the CS-2000 appliance objects to. Step2. Device Name: Enter the title name of the CS-2000 appliance. Step3. In E-Mail Setting Enable Email Alert Notification.
Page 27 RIP can connect automatically. You can choose to enable LAN, WAN1, WAN2 or DMZ interface to allow RIP protocol supporting. Routing information update timer: CS-2000 will send out the RIP protocol in a period of time to update the routing table, the default timer is 30 seconds.
Page 28 Enable To-Appliance Packets Log System Reboot Step1. To restart the CS-2000 appliance, Click Reboot near Reboot Multi Security Firewall Appliance. Step2. It shows the confirm dialogue of Are you sure to reboot? Step3.
Page 29: Date/Time
Enter the update time. Set the system clock Click Sync near Synchronize system clock with this client, to synchronize the CS-2000 time to the MIS engineer’s PC. Click Assist near Set Offset from GMT or Server IP / Name to consult the setting value.
Page 30: Multiple Subnet
Internal users use the IP address to link the internet via the multiple subnet NAT or Routing mode. Exercise Preparations Connect the CS-2000 appliance WAN 1(10.10.10.1）to the ISP’s Router(10.10.10.2）. The segment is 162.172.50.0/24 (Distributed by the ISP.) Connect the CS-2000’s WAN 2（211.22.22.22）to ATUR to link to the network.
Page 31 CS-2000 UTM Content Security Gateway User’s Manual Add a Multiple Subnet with Routing Mode: Step1. Click Configure Multiple Subnet Click New Entry. Interface : select LAN Alias IP of Interface : enter 162.172.50.1 Netmask : enter 255.255.255.0 WAN 1: 10.10.10.1 , Forwarding Mode : select routing WAN 2: 211.22.22.22 , Forwarding Mode : select NAT...
Page 32 CS-2000 UTM Content Security Gateway User’s Manual Can enter the interface IP of WAN 1 ＆ WAN 2 by Assist. After completed the settings, there are two LAN segment 192.168.1.0/24 (the default LAN segment) and 162.172.50.0/24. Therefore, if the LAN IP is: 192.168.1.xx –Use the NAT Mode to connect to the network (As regulated in Policy, one can only...
Page 33: Route Table
CS-2000 UTM Content Security Gateway User’s Manual 3.2.4 Route Table Make the Router which deploy in two different segments can link to the internet via the CS-2000 appliance. Preparations Company A Connect WAN 1（61.11.11.11）to ATUR and link to network. Connect WAN 2（211.22.22.22）to ATUR and link to network.
Page 34 CS-2000 UTM Content Security Gateway User’s Manual Step1. In Configure Route Table Destination IP : Enter 192.168.10.1 Netmask: Enter 255.255.255.0 Gateway: Enter 192.168.1.252 Interface: Select LAN. Click OK Add new static route—1 Step2. In Configure Route Table Destination IP: Enter 192.168.20.1 Netmask: Enter 255.255.255.0...
Page 35 CS-2000 UTM Content Security Gateway User’s Manual Step3. In Configure Route Table Destination IP: Enter 10.10.10.0 Netmask: Enter 255.255.255.0 Gateway: Enter 192.168.1.252 Interface: Select LAN. Click OK Fig. 2-12 Add new static route-- 3 - 29 -...
Page 36 CS-2000 UTM Content Security Gateway User’s Manual Step4. As completed all. The CS-2000 appliance can translate the virtual IP to real IP. Therefore, the LAN subnet PC 192.168.10.1/24, 192.168.20.1/24 and 192.168.1.1/24 can communicate to each other via the CS-2000 appliance.
Page 37: Dhcp
CS-2000 UTM Content Security Gateway User’s Manual 3.2.5 DHCP Step1. In Configure DHCP , to select and set the following setting: Domain Name: Enter the domain name in private LAN. DNS Server 1: Enter the IP address distributed to DNS server 1.
Page 38 CS-2000 UTM Content Security Gateway User’s Manual DHCP setting When the LAN network adaptor set to Automatically Get DNS, the DNS Server will auto lock the LAN interface IP. (Note: When enabled the Authentication, the first DNS server must correspond to the LAN interface IP).
Page 39: Ddns
CS-2000 UTM Content Security Gateway User’s Manual 3.2.6 DDNS Step1. In Configure DDNS. Click New Entry. Service Provider: Select from the drop-down menu. Select Automatically and select a WAN interface to correspond from the menu. User Name and Password: Enter the applied name and password.
Page 40 CS-2000 UTM Content Security Gateway User’s Manual Icon Connotation Connection Wrong Connecting Errors Succeeds Password If the MIS engineer have not apply the DDNS account, then he can choose the proper DDNS supplier, click Sign up, and then it will display the registration web page.
Page 41: Host Table
Complete Host Table setting. Host table setting Use the Host Table of the CS-2000 appliance, the first DNS Server in Client PC must correspond to the LAN or DMZ Port IP; that is the default gateway of the computer. - 35 -...
Page 42: Snmp
Description: Can customize the settings. Default setting is Multi Security Firewall Appliance. Click OK. Complete the SNMP Agent settings. The MIS engineer can monitor CS-2000’S operating status by the SNMP Agent message recipient installed in administrator’s PC. SNMP agent setting...
Page 43 Click OK. Complete the SNMP Trap setting. The MIS engineer can use the SNMP Trap software and receive the alarm notification from the CS-2000 appliance.（it will send the notification about connection / disconnection and the attacks information to the SNMP Trap recipient address.
Page 44: Language
CS-2000 UTM Content Security Gateway User’s Manual 3.2.9 Language Step1. In Configure Language to select the language, click OK. Language Version setting - 38 -...
Page 45: Logout
CS-2000 UTM Content Security Gateway User’s Manual 3.3 Logout STEP 1﹒Click Logout in System to protect the system while Administrator is away. Confirm Logout WebUI STEP 2﹒Click OK and the logout message will appear in WebUI. Logout WebUI Message - 39 -...
Page 46: Chapter 4: Interface
HTTP From the Ethernet interface to the CS-2000 WebUI through HTTP. HTTPS From the Ethernet interface to the CS-2000 Web UI through HTTPS. Can set the external connection. Balance Mode Auto：Can auto adjust the usage of WAN depends on the downstream and upstream status.
Page 47 As the WAN interface set to be the PPPoE (ADSL users) settings, the MIS engineer can set the idle time when the WAN port is not in use. (Its unit is minute) Can set the DMZ in the CS-2000 appliance. The DMZ includes two modes: NAT：The DMZ is an isolated virtual domain.
Page 48: Lan
CS-2000 UTM Content Security Gateway User’s Manual 4.1 LAN Modify the LAN Interface Address Step1. In Interface LAN to enter the following settings: Enter the new LAN IP Address and Netmask. Select Ping, HTTP and HTTPS. Click OK LAN interface setting The default LAN interface address is 192.168.1.1.
Page 49: Wan
CS-2000 UTM Content Security Gateway User’s Manual 4.2 WAN Set the WAN Interface Address Step1. Interface WAN, click Modify of WAN 1. WAN 2/3 Interface’s settings are almost the same as WAN 1 setting. The difference is that WAN 2/3 has the additional Disable function.
Page 50 CS-2000 UTM Content Security Gateway User’s Manual Step3. Choose the network connection. PPPoE (ADSL User) 1. Select PPPoE (ADSL User) 2. Enter User Name as an account. 3. Password as the applied password. 4. Select Dynamic or Fixed in IP Address provided by ISP. It depends on the user’s network status, click Fixed option, please enter the IP address.
Page 51 CS-2000 UTM Content Security Gateway User’s Manual Use PPPoE To Complete PPPoE connection setting If use the PPPoE, the MIS engineer can set the WAN interface auto connect when it disconnect (it is recommended enable this function ) or set the WAN interface disconnect as idle（Not Recommended ）.
Page 52 CS-2000 UTM Content Security Gateway User’s Manual Dynamic IP Address ( cable modem user ) 1. Click Dynamic IP Address. 2. Click IP Address Renew, and then get the Dynamic IP. 3. If the ISP requires entering the MAC address, Click MAC Address Clone MAC, then gets the MAC address.
Page 53 In WAN 2 Interface, the MIS engineer has no need to set the DNS server as setting the Static IP address. When selecting Ping, HTTP and HTTPS in WAN interface, the user can ping the CS-2000 appliance and it’s WebUI. This action may cause the network security problem. It’s recommended do not select the Ping, HTTP and HTTPS after confirming all the setting is completed.
Page 54: Dmz
CS-2000 UTM Content Security Gateway User’s Manual 4.3 DMZ Sets DMZ Interface (NAT Mode) Step1. In Interface DMZ. Step2. In DMZ Interface, select NAT mode. In DMZ Interface, select NAT from the drop-down menu. Enter the value in IP Address and Netmask.
Page 55 CS-2000 UTM Content Security Gateway User’s Manual Sets DMZ Interface (Transparent Mode) Step1. In Interface DMZ. Step2. In DMZ Interface, select Transparent Mode. In DMZ Interface, select DMZ_ Transparent Mode from the drop-down menu. Step3. Select Ping, HTTP, and HTTPS.
Page 56: Chapter 5: Policy Object
CS-2000 UTM Content Security Gateway User’s Manual Chapter 5: Policy Object 5.1 Address In this chapter, it includes the definition of the chief MIS engineer, LAN, LAN group, WAN, WAN group, DMZ and DMZ group. The IP address recorded in Address is probably a host IP address, or represents many IP address in the Domain .The MIS engineer can set an easy to identify name to represent the IP address.
Page 57 Get IP address from DHCP Server When enable this function，LAN or DMZ will get the PC ‘s IP address via the DHCP server in the CS-2000 appliance, and the PC’s IP address will correspond to the MAC address. - 51 -...
Page 58 CS-2000 UTM Content Security Gateway User’s Manual We set two address application environments. Range The Application Environment Pages Example 1 When use the DHCP, to distribute the static IP address to the specific user and limit the user can only access the FTP resources through policy.
Page 59 CS-2000 UTM Content Security Gateway User’s Manual Example 1 When use the DHCP, to distribute the static IP address to the specific user and limit the user can only access the FTP resources through policy. In Address LAN , make the setting as following ：...
Page 60 CS-2000 UTM Content Security Gateway User’s Manual Outgoing, add the new settings ： Step2. In Policy To limit the single user accessing the network resources through specific service Step3. In Policy Outgoing, to complete the settings to appoint the static IP to the specific user and limit the user can only accessing FTP resources through policy.
Page 61 When the MIS engineer set the Address settings , he can click CS-2000 can automatically copy the user’s network adapter MAC address . LAN ， the CS-2000 appliance will automatically set an Inside_Any Address ， it represents In Address the whole LAN . The WAN or DMZ also has its Outside_Any and DMZ_Any default address setting to represents its whole domain.
Page 62 CS-2000 UTM Content Security Gateway User’s Manual Example 2 To set the policy which allow part of users connect to the remote static IP address. Step1. Set many LAN address. To set the LAN address - 56 -...
Page 63 CS-2000 UTM Content Security Gateway User’s Manual Step2. In Address LAN Group, to set the setting as following. Click New Entry. To set the group Name. In available address, select the user in the group and click Add. Click OK.
Page 64 CS-2000 UTM Content Security Gateway User’s Manual Step3. In Address WAN , add the setting as following Click New Entry Enter the remote static IP information. （Name , IP , Netmask） Click OK Set the WAN address Complete the WAN address setting...
Page 65 CS-2000 UTM Content Security Gateway User’s Manual Step4. To apply Step 1～3 to policy. Apply the address setting to policy Complete the policy setting The Address function works by apply it to policy. - 59 -...
Page 66: Service
CS-2000 UTM Content Security Gateway User’s Manual 5.2 Service The TCP Protocol and UDP Protocol can provide different services and every service has its TCP port or UDP port number. For example , TELNET(23) , FTP(21), SMTP(25) , POP3(110) , and so on . The Service function includes two parts: Pre-defined and Custom.
Page 67 CS-2000 UTM Content Security Gateway User’s Manual Service Pre-defined Icon The Definition Any service. TCP service , for example , FTP , FINGER , HTTP , HTTPS , IMAP , SMTP , POP3 , ANY , AOL , BGP , GOPHER , InterLocator , IRC , L2TP , LDAP , NetMeeting , NNTP , PPTPReal , Media , RLOGIN , SSH , TCP ANY , TELNET , VDO Live , WAIS , WINFRAME , X-WINDOWS .
Page 68 CS-2000 UTM Content Security Gateway User’s Manual We set two service application environments. Range The application environment Pages Example. 1 Custom To permit the WAN users communicate to LAN user via the network phone through policy. （ VoIP port number：TCP 1720 , TCP 15328-15333 , UDP 15328-15333）...
Page 69 CS-2000 UTM Content Security Gateway User’s Manual Example 1 To permit the WAN users communicate to LAN user via the network phone through policy. （VoIP port number：TCP 1720 , TCP 15328-15333 , UDP 15328-15333） Step1. In Address LAN and LAN Group , add the following setting：...
Page 70 CS-2000 UTM Content Security Gateway User’s Manual Custom add the setting as following ： Step2. In Service Click New Entry. Service NAME, enters the default name, VoIP. Protocol # 1 , select TCP , Client Port ‘s setting reserve the default value , Server Port , enter the value of 1720：1720.
Page 71 CS-2000 UTM Content Security Gateway User’s Manual Normally, the default client port number is range from 0 to 65535. It is recommended not to modify the port number range in Custom Service function. To enter the port number in the client port, if the MIS engineer has to enter two different port numbers in server port, then enter the range of 15328:15333.
Page 72 CS-2000 UTM Content Security Gateway User’s Manual Step3. Apply the Service setting to Virtual Server. Apply the Server setting to Virtual Server Step4. Apply Virtual Service to Policy Incoming Complete the Incoming VoIP Policy Step5. In Policy Outgoing, to complete the Outgoing VoIP setting.
Page 73 CS-2000 UTM Content Security Gateway User’s Manual Example 2 To Group the Service, and limit the user can only access the Network resources provided by the Group through Policy Object.（Group：HTTP , POP3 , SMTP , DNS） Group , add the new setting as following ：...
Page 74 CS-2000 UTM Content Security Gateway User’s Manual Step2. In Address LAN Group, to set the LAN group which can only access the specific service. The LAN group setting Step3. Apply Service Group to Policy Outgoing. The policy setting - 68 -...
Page 75: Schedule
CS-2000 UTM Content Security Gateway User’s Manual 5.3 Schedule In this chapter, the MIS engineer can define the network connection and the process time period in Schedule. In other words, the MIS engineer can select the specific time period for internal user to transfer the data packets by policy management.
Page 76 CS-2000 UTM Content Security Gateway User’s Manual Example To set the valid time of LAN user can access the network data everyday through the policy management. Step1. In Schedule , add the new setting as following： Click New Entry Set the Schedule Name.
Page 77: Q O S
QoS Priority：Can set the QoS priority of upstream and downstream bandwidth . The CS-2000 appliance can set the outgoing bandwidth depends on different QoS , and can select the proper QoS setting by policy . It can let the MIS engineer efficiently to distribute the bandwidth.
Page 78 CS-2000 UTM Content Security Gateway User’s Manual QoS： Includes WAN 1 and WAN 2. Downstream Bandwidth The maximum bandwidth and guarantee bandwidth of downstream bandwidth. Upstream Bandwidth The maximum bandwidth and guarantee bandwidth of upstream bandwidth. QoS Priority To set the unused upstream and downstream bandwidth in QoS priority.
Page 79 CS-2000 UTM Content Security Gateway User’s Manual Example Sets the Policy of the Upstream Bandwidth and Downstream Bandwidth. In QoS , add the new setting as following ： Step1. Click New Entry In Name, to set the QoS name. In WAN 1and 2, enter the parameter of limited bandwidth.
Page 80 CS-2000 UTM Content Security Gateway User’s Manual Step2. In Policy Outgoing , to apply the QoS Setting in Step 1 To select the QoS Service To set the QoS policy Complete the policy setting When the MIS engineer setting the QoS, he must use the correct range of upstream and downstream bandwidth in interface WAN.
Page 81: Authentication
. The CS-2000 appliance provided 4 authentication modes . The User and User Group built in ; others are RADIUS , POP3 and LDAP self-built Authentication Server. The MIS engineer can use the 5 modes , to manage the authentication.
Page 82 CS-2000 UTM Content Security Gateway User’s Manual Authentication： Authentication Management It can provide the authentication port to the MIS engineer and the valid authentication time. (The MIS engineer has to set the Authentication function first.) Authentication Port：When enable the Authentication, the LAN user must pass the authentication to login to the WAN.
Page 83 CS-2000 UTM Content Security Gateway User’s Manual To add the settings in the authentication management ： The authentication management When the user connect to the WAN through the authentication , it shows the following window ： The authentication login window...
Page 84 After the authentication , it will redirect to the assigned web site ： Redirect to the assigned web site after authenticated If the users want to require the authentication, then he can enter the CS-2000’s LAN interface IP and the authentication port number in the URL address, then shows the authentication window.
Page 85 CS-2000 UTM Content Security Gateway User’s Manual Search Distinguished Name The identify name of LDAP server. LDAP Filter To assign the specific account in LDAP server. User Distinguished Name The required account in the authentication between the CS-2000 appliance and LDAP server. - 79 -...
Page 86 CS-2000 UTM Content Security Gateway User’s Manual We set 4 authentication application environments. Range The Application Environments Pages Example 1 User To plan the LAN user connect to the WAN through the authentication by policy. （To use the built-in user and user group authentication.）...
Page 87: Example 1 User & User Group Authentication
Step1. In Authentication User, to add the Authentication – User Name. The Authentication – User Name setting The user’s DNS server must correspond to the LAN interface through the CS-2000 appliance, in order to enable the authentication. Step2. In Authentication User Group , add the new setting as following：...
Page 88 CS-2000 UTM Content Security Gateway User’s Manual Step3. In Policy Outgoing, add a new policy, and apply the Step 1, 2 into the new policy setting. The authentication user policy setting Complete the authentication user policy setting - 82 -...
Page 89 CS-2000 UTM Content Security Gateway User’s Manual Step4. When the LAN users want to connect to the network via browser, it will show the authentication window. After enter the correct user name and password, Click OK , to connect to the network...
Page 90: Example 2 Radius Server Authentication
CS-2000 UTM Content Security Gateway User’s Manual 5.5.2 Example 2 RADIUS Server Authentication To plan the user connect to the WAN through the authentication in policy .To use the WAN RADIUS server（Windows 2003 Server built-in authentication .） ※ Windows 2003 RADIUS Server Deployment Step1.
Page 91 CS-2000 UTM Content Security Gateway User’s Manual Step3. Select Internet Authentication Service Add new network authentication service components Step4. Click Start Control Panel Administrative Tools, select Network Authentication Service. Select network authentication service - 85 -...
Page 92 CS-2000 UTM Content Security Gateway User’s Manual Step5. Right click RADIUS Clients New RADIUS Client Add new RADIUS client Step6. Enter the Name and Client Address (It is the same as CS-2000 IP Address). Add New RADIUS client name and IP address setting - 86 -...
Page 93 CS-2000 UTM Content Security Gateway User’s Manual Step7. Select RADISU Standard; enter the Shared secret and Confirm Shared secret. (It must be the same setting as RADIUS in CS-2000). Add new RADIUS client-vendor and shared secret Step8. Right click on Remote Access Policies...
Page 94 CS-2000 UTM Content Security Gateway User’s Manual Step9. Select Use the wizard to set up a typical policy for a common scenario , and enter the Policy name Add new remote access policies and policy name Step10. Select Ethernet. The way to add new remote access policy...
Page 95 CS-2000 UTM Content Security Gateway User’s Manual Step11. Select User Add new remote access policy user and group Step12. Select MD5-Challenge. The authentication of add new remote access policy - 89 -...
Page 96 CS-2000 UTM Content Security Gateway User’s Manual Step13. Right click on the Radius Properties The network authentication service setting - 90 -...
Page 97 CS-2000 UTM Content Security Gateway User’s Manual Step14. Select Grant remote access permission, and Remove the original setting, then click Add. The RADIUS properties settings - 91 -...
Page 98 CS-2000 UTM Content Security Gateway User’s Manual Step15. Add Service-Type. Add new RADIUS properties attribute Step16. Add Authenticate Only from the left side. Add RADIUS properties service-type - 92 -...
Page 99 CS-2000 UTM Content Security Gateway User’s Manual Step17. Click Edit Profile, select Authentication, and check Unencrypted authentication (PAP, SPAP) . Edit RADIUS service-type dial-in property - 93 -...
Page 100 CS-2000 UTM Content Security Gateway User’s Manual Step18. Add Auth User, click Start Setting Control Panel Administrative Tools, select Computer Management Enter computer management Step19. Right click on Users, select New User. Add new user - 94 -...
Page 101 RADIUS function, enter IP, Port and Shared Secret. (The setting must be the same as RADIUS server). The RADIUS server setting Click Test，it can detect if the CS-2000 and RADIUS server can real working . Step22. In Authentication User Group, add new Radius User.
Page 102 CS-2000 UTM Content Security Gateway User’s Manual Step23. In Policy Outgoing, apply the Authentication Group (RADIUS included) in Step22. To add the new policy. To add the RADIUS authentication policy Complete the RADIUS authentication policy setting - 96 -...
Page 103 When the users connect to the network via the browser, it will show the authentication window. Enter the user name and password, click OK, and then link to the network through the CS-2000. Link to the network through the authentication window...
Page 104: Example 3 Pop3 Server Authentication
Step1. In Authentication POP3, add the new setting as following. The POP3 server setting Click Test，it can detect if the CS-2000 and POP3 server can real working . Step2. In Authentication User Group, add new POP3 User. Add new POP3 user...
Page 105 CS-2000 UTM Content Security Gateway User’s Manual Step3. In Policy Outgoing, apply Step2 (The authentication group) in to the policy. The POP3 server authentication in policy setting Complete the POP3 server authentication in policy setting - 99 -...
Page 106 CS-2000 UTM Content Security Gateway User’s Manual Step4. When the users want to connect to the network via browser, it will show the authentication window. Enter the user name and password, click OK, and then link to the network through the CS-2000 appliance.
Page 107: Example 4 Ldap Server Authentication
CS-2000 UTM Content Security Gateway User’s Manual 5.5.4 Example 4 LDAP Server Authentication To plan the users connect to the WAN through the authentication by policy. (To use the WAN LDAP server（Windows 2003 Server built-in authentication） ※ Windows 2003 LDAP Server Deployment Step1.
Page 108 CS-2000 UTM Content Security Gateway User’s Manual Step4. In Server Role window, select Active Directory and click Next. The server role window Step5. In Summary of Selections window, click Next. The summary of selections window - 102 -...
Page 109 CS-2000 UTM Content Security Gateway User’s Manual Step6. In Active Directory Installation Wizard window, click Next. Active directory installation wizard Step7. In Operating System Compatibility window, click Next. The operating system compatibility window - 103 -...
Page 110 CS-2000 UTM Content Security Gateway User’s Manual Step8. In Domain Controller Type window, select Domain controller for a new domain click Next. The domain controller type window Step9. In Create New Domain window, select Domain in a new forest, click Next .
Page 111 CS-2000 UTM Content Security Gateway User’s Manual Step10. In New Domain Name window, enter the Full DNS name for new domain, click Next. The new domain name window Step11. In NetBIOS Domain Name window, enter the Domain NetBIOS name, click Next.
Page 112 CS-2000 UTM Content Security Gateway User’s Manual Step12. In Database and Log Folders window, enter the routes of Database folder and Log folder, click Next. The database and log folder window Step13. In Shared System Volume window, enter the Folder location, click Next.
Page 113 CS-2000 UTM Content Security Gateway User’s Manual Step14. In DNS Registration Diagnostics window, select I will correct the problem later by configuring DNS manually (Advanced), click Next. The DNS registration diagnostics window Step15. In Permissions window, select Permissions compatible only with Windows 2000 or Windows Server 2003 operating systems, click Next.
Page 114 CS-2000 UTM Content Security Gateway User’s Manual Step16. In Directory Services Restore Mode Administrator Password window, enter the Restore Mode Password and Confirm password, click Next. The directory services restore mode administrator password window Step17. In Summary window, click Next.
Page 115 CS-2000 UTM Content Security Gateway User’s Manual Step18. Complete the Active Directory installation wizard. Complete the active directory installation wizard Step19. Click Start Programs Administrative Tools Active Directory Users and Computers. Enable active directory users and computers - 109 -...
Page 116 CS-2000 UTM Content Security Gateway User’s Manual Step20. In Active Directory Users and Computers window, right click on the Users, select New User. Add new active directory user Step21. In New Object–User window, enter the settings, click Next. The new object – user setting window 1...
Page 117 CS-2000 UTM Content Security Gateway User’s Manual Step22. In New Object –User window, enter the password, click Next. The new object – user setting window 2 Step23. Complete to add the user. Complete to add the user - 111 -...
Page 118 LDAP , enter the following setting ： Step24. In Authentication The LDAP server setting Click Test，it can detect if the CS-2000 and LDAP server can real working . Step25. In Authentication User Group, add LDAP User. Add new LDAP user...
Page 119 CS-2000 UTM Content Security Gateway User’s Manual Step26. In Policy Outgoing, apply Step25. (The authentication group) in to the policy setting. The LDAP server authentication in policy setting Complete the LDAP server authentication in policy setting - 113 -...
Page 120 When the users want to connect to the network, it will show the authentication window. Enter the user name and password , click OK, then link to the network through the CS-2000 appliance Link to the network through the authentication...
Page 121: Content Blocking
CS-2000 UTM Content Security Gateway User’s Manual 5.6 Content Blocking The content blocking included the URL, Script, Upload and Download. 1. URL：The MIS engineer can decide to open or limit the specific web site through the complete domain name, keywords and wildcards.（～ and ＊）.
Page 122 CS-2000 UTM Content Security Gateway User’s Manual Content Blocking： URL String The domain name restricted by the CS-2000 appliance which can decide to allow or limit the competency to use the domain. Popup Can block the popup window when browsing the web site.
Page 123 CS-2000 UTM Content Security Gateway User’s Manual We set 4 application environments of Content Blocking. Range The Application Environment Pages Example 1 Only permit the LAN user to access the data in specific web site. Example 2 Script To limit the LAN user to access the script data in the web site.
Page 124 CS-2000 UTM Content Security Gateway User’s Manual Example 1. URL Only permit the LAN user to access the data in specific web site. ※ The way to use the content blocking Symbol：～ , the symbol means to open；＊ , the symbol means the Wildcards .
Page 125 CS-2000 UTM Content Security Gateway User’s Manual URL , add the following setting ： Step1. In Content Blocking Click New Entry. URL String, enter ~yahoo. Click OK. Click New Entry. URL String, enter ~google. Click OK. Click New Entry. URL String , enter ＊. Click OK.
Page 126 CS-2000 UTM Content Security Gateway User’s Manual Step2. In Policy Outgoing, apply the Content Blocking setting in to the policy. The URL content blocking setting in policy Step3. In Policy Outgoing, complete the setting to permit the user can only access the data in specific web site through the policy.
Page 127 CS-2000 UTM Content Security Gateway User’s Manual Example 2. Script To limit the LAN user to access the script data in the web site. Step1. In Content Blocking Script , select the following setting： Select Popup. Select ActiveX. Select Java.
Page 128 CS-2000 UTM Content Security Gateway User’s Manual Outgoing , apply the Script Content Blocking Setting in to policy ： Step2. In Policy The script content blocking in policy setting Step3. In Policy Outgoing , to complete the settings to limit the LAN user accessing the script data in the web site through the policy：...
Page 129 CS-2000 UTM Content Security Gateway User’s Manual Example 3. Download Blocking To limit the LAN user to download the extension files, video and audio files in the internet through http or ftp. Download, add the following settings ： Step1. In Content Blocking Select All Types.
Page 130 CS-2000 UTM Content Security Gateway User’s Manual Step2. In Policy Outgoing, apply the Download Content Blocking settings in to the policy. The download content block setting in policy Step3. In Policy Outgoing, complete the settings to limit the LAN user to transfer the video and audio files and specific extension files in the network.
Page 131 CS-2000 UTM Content Security Gateway User’s Manual Example 4. Upload Blocking To limit the LAN user to upload the extension files on the internet through http or ftp. Upload Blocking , set the following settings ： Step1. In Content Blocking Select ALL Types Blocking.
Page 132 CS-2000 UTM Content Security Gateway User’s Manual Step2. In Policy Outgoing, apply the Upload Content Blocking settings in to the policy. The upload content block setting in policy Step3. In Policy Outgoing, complete the settings to limit the LAN user to upload the video and audio files and specific extension files in the network.
Page 133: Im/P2P Blocking
CS-2000 UTM Content Security Gateway User’s Manual 5.7 IM/P2P Blocking MIS engineer can limit user to use IM and P2P software by using IM / P2P Blocking function. 1. IM： Set the login privilege of MSN Messenger, Yahoo Messenger, ICQ Messenger, QQ Messenger, Skype, Google Talk and Gadu-Gadu Messenger.
Page 134 CS-2000 UTM Content Security Gateway User’s Manual Setting IM/P2P Signature Definitions System can update the IM / P2P signature definitions every one hour, or user can manually update it instantly. System will show the update time and version of IM / P2P signature definitions.
Page 135 CS-2000 UTM Content Security Gateway User’s Manual We set two examples: Range Environment Pages Example 1 Limit internal user transfer messages, files and media files by IM software. Limit internal user access internet resources by P2P software. Example 2 - 129 -...
Page 136 CS-2000 UTM Content Security Gateway User’s Manual Example 1. IM Blocking Limit internal user transfer messages, files and media files by IM software. Setting, add the following settings ： Step1. In IM / P2P Blocking Click New Entry Enter the Name called IM_Blocking.
Page 137 CS-2000 UTM Content Security Gateway User’s Manual Step2. In Policy Outgoing, add one policy applied to IM blocking setting. Set the policy applied to IM blocking setting Step3. In Policy Outgoing, complete the policy setting of limit internal user to transfer messages, files and media files.
Page 138 CS-2000 UTM Content Security Gateway User’s Manual Example 2. P2P Blocking Limit internal user access internet resources by P2P software. Step1. In IM / P2P Blocking Setting, add the following settings： Click New Entry. Enter the Name of P2P_Blocking. Select eDonkey, eMule, Bit Torrent, WinMX, Foxy, KuGoo, AppleJuice, AudioGalaxy, DirectConnect, iMesh, MUTE, Thunder5, VNN Client, PPLive, UltraSurf and PPStream.
Page 139 CS-2000 UTM Content Security Gateway User’s Manual Step2. In Policy Outgoing, add one policy applied to P2P blocking setting. Set the policy applied to P2P blocking Step3. In Policy Outgoing, complete the policy setting of limit internal user to access internet resources by P2P software.
Page 140: Virtual Server
IP address. According to this problem, the MIS engineer can use the CS-2000‘s virtual server function to solve the problem. The so called virtual server is to map the real IP address to the private IP address via the CS-2000 appliance.
Page 141 CS-2000 UTM Content Security Gateway User’s Manual Virtual Server WAN IP The external IP address (Real IP Address). Mapped To Virtual IP The WAN real IP address mapped to the LAN server private IP address. Virtual Server Real IP The virtual server mapped to the WAN IP address.
Page 142 CS-2000 UTM Content Security Gateway User’s Manual We set 4 virtual server application environments. No . Range The Application Environment Pages Example 1 Mapped IP To make the single internal server which provides the services of FTP, web, mail, can real working by the policy.
Page 143 CS-2000 UTM Content Security Gateway User’s Manual Example 1 To make the single internal server which provides the services of FTP, web, mail, can real working by the policy. Step1. Sets one LAN server which provides the multiple services. The network adapter IP setting is 192.168.1.100, and the DNS setting correspond to the WAN DNS server.
Page 144 CS-2000 UTM Content Security Gateway User’s Manual Step4. In Service Group , to group the services（DNS , FTP , HTTP , POP3 , SMTP…）provided by the server . Add the new mail service group which can send the mail to external.
Page 145 CS-2000 UTM Content Security Gateway User’s Manual Step7. Complete the IP mapped setting which provided the multiple services to external. Set up the single server environment which provided the multiple services via IP mapped When the MIS engineer set the IP mapped by policy, it is strongly recommended not to select ANY in Service function.
Page 146 CS-2000 UTM Content Security Gateway User’s Manual Example 2 Use the virtual server instead of many of the internal server which only provides single service by policy management. (For example, use the web service) Step1. To set up many LAN server which provide the web service. The IP addresses are 192.168.1.101, 192.168.1.102, 192.168.1.103, 192.168.1.104.
Page 147 CS-2000 UTM Content Security Gateway User’s Manual Step3. In Policy Incoming, add the new policy include Step 2(The virtual server setting. Complete the virtual server setting in the policy If the external user want to link to the homepage provided by the web server，then the user has to modify the port into 8080.
Page 148 CS-2000 UTM Content Security Gateway User’s Manual Example 3 The external users use the VoIP to communicate to the internal user. （ VoIP service port：TCP 1720, TCP 15328-15333, and UDP 15328-15333） Step1. To set the LAN VoIP, its IP address is 192.168.1.100.
Page 149 CS-2000 UTM Content Security Gateway User’s Manual Step4. In Virtual Server Server 1 , add the new following settings： Virtual Server Real IP click here to configure. Virtual Server Real IP, enter 61.11.11.12（ Or click Assist to select）. Click OK.
Page 150 CS-2000 UTM Content Security Gateway User’s Manual Step5. In Policy Incoming, add the new policy included Step4. ( The virtual server setting ) Complete the virtual server setting in policy Step6. In Policy Outgoing, complete the setting of LAN user use VoIP to communicate to external user.
Page 151 CS-2000 UTM Content Security Gateway User’s Manual Example 4 Use the virtual server instead of many of the internal server which provides the same services by policy management. (For example, use the HTTP, POP3, SMTP, DNS service group) Step1. Sets many LAN server which provide multiple services , its network adapter IP address are 192.168.1.101 , 192.168.1.102 , 192.168.1.103 , 192.168.1.104 , and the DNS is correspond to...
Page 152 CS-2000 UTM Content Security Gateway User’s Manual Step4. In Virtual Server Server 1 , add the new following settings： Virtual Server Real IP click here to configure Virtual Server Real IP, enter 211.22.22.23（Or click Assist to select）. Click OK. Click New Entry.
Page 153 CS-2000 UTM Content Security Gateway User’s Manual Step5. In Policy Incoming, add the new policy included Step4. ( The virtual server setting ) Complete the incoming setting in policy Step6. In Policy Outgoing, add the new policy included Step2, Step3, to make the server can send the e-mail to external mail server via the mail service.
Page 154: Vpn
CS-2000 UTM Content Security Gateway User’s Manual 5.9 VPN The CS-2000 appliance provides the features of data encryption and authentication with the IKE (Internet Key Exchange) support. And its IPSec VPN module offers the secure network protection with the high performance data encryption.
Page 155 CS-2000 UTM Content Security Gateway User’s Manual The RSA is a kind of asymmetric cryptography. User has two keys, one is the secret key can use it to encrypt as connected. The other one is the opened key, which the sender can get it if authenticated, and use it to encrypt the data to recipient.
Page 156 CS-2000 UTM Content Security Gateway User’s Manual The data encryption standard for encrypting data and using a 56-byte key. 3DES The triple strength version of the DES cryptographic standard, usually using a 168-byte key. The advanced encryption standard (AES) is a symmetric key encryption technique, usually using a 128- byte, 192-byte and 256-byte key which will replace the commonly used DES standard.
Page 157: Vpn Wizard
CS-2000 UTM Content Security Gateway User’s Manual 5.9.1 VPN Wizard VPN Wizard VPN Wizard will guide user to finish the VPN settings. In VPN VPN Wizard, add the following settings： Select the VPN connection method, and click Next. Build up the VPN Policy setting, and click Next.
Page 158 CS-2000 UTM Content Security Gateway User’s Manual Select the VPN Trunk setting to apply to VPN policy VPN setup finished Complete the outgoing policy setting of VPN Trunk Complete the incoming policy setting of VPN Trunk - 152 -...
Page 159 To change the IPSec VPN Setting. Click Configure, or click Remove to delete the setting. The IPSec Autokey setting In the default setting, the CS-2000 use the Dead Peer Detection mechanism to auto create the VPN Connection. In To Destination...
Page 160 Remove to delete the setting. PPTP Server setting In the default setting, the CS-2000 use the Echo-Request mechanism to auto create the PPTP VPN. On the other hand, enable the Manual Disconnect, the MIS engineer can disconnect the VPN link to PPTP server.
Page 161 To change the PPTP VPN client settings. Click Modify, to change the PPTP client parameter, click Remove. PPTP client There are two ways to create the VPN connection: To let the CS-2000 auto build up the VPN connection by Echo-Request mechanism, or the MIS engineer can manually create the VPN connection. - 155 -...
Page 162 CS-2000 UTM Content Security Gateway User’s Manual The icons and terms in VPN Trunk option Use the icon to display the VPN trunk connection status. Icon Connotation The Policy is not Disconnected Connected used Name To define the VPN trunk name without repeating.
Page 163 Pages Example 1 IPSec Autokey To access the static subnet resources via the IPSec VPN connection between two CS-2000 appliances. The way to set the CS-2000 appliance IPSec VPN connection in Example 2 IPSec Autokey Windows 2000. Example 3 IPSec Autokey The way to set the IPSec VPN connection between two CS-2000 appliances.
Page 164: Example 1
WAN IP is 211.22.22.22 LAN IP is 192.168.20.X Multiple Subnet is 192.168.85.X We use two CS-2000 devices to be the platform. We assume the A Company IP 192.168.10.100 connects to B Company IP 192.168.85.100 by using the VPN, to access the files download.
Page 165 CS-2000 UTM Content Security Gateway User’s Manual Step2. In IPSec Autokey Name, enter VPN_A. In WAN Interface, select WAN 1, to build up the VPN connection. ( A Company ) The name and WAN interface settings in IPSec VPN Step3.
Page 166 CS-2000 UTM Content Security Gateway User’s Manual Step5. In Encapsulation, select ISAKMP Algorithm, as both sides start to build the connection, and select the algorithm to use. In ENC Algorithm (3DES/DES/AES), select 3DES. In AUTH Algorithm (MD5/SHA1), select MD5. In Group (GROUP 1, 2, 5), select GROUP 1, the both sides need to select the same group.
Page 167 CS-2000 UTM Content Security Gateway User’s Manual In Perfect Forward Secrecy （NO-PFS/ GROUP 1,2,5） , select GROUP 1. In ISAKMP Lifetime, Step7. enter 3600. In IPSec Lifetime, enter 28800. In Mode, select Main mode. The IPSec Perfect Forward Secrecy setting Step8.
Page 168 CS-2000 UTM Content Security Gateway User’s Manual Step9. In VPN VPN Trunk , add the following settings： In Name, enter the Trunk Name. In From Source, select LAN. In From Source Subnet /Mask, enter A Company LAN address 192.168.10.0 and Mask 255.255.255.0.
Page 169 CS-2000 UTM Content Security Gateway User’s Manual Step10. In Policy Outgoing , add the following settings： Authentication User, select auth_group. Schedule, select Working_Time. Qos, select QoS_1. VPN Trunk, select IPSec_VPN_Trunk. Click OK. Set the outgoing policy included VPN trunk Complete the outgoing policy setting included VPN trunk...
Page 170 CS-2000 UTM Content Security Gateway User’s Manual Incoming ： Step11. In Policy Schedule, select Working_Time. Qos, select QoS_1. VPN Trunk, select IPSec_VPN_Trunk. Click OK. Set the incoming policy setting included VPN trunk Complete the incoming policy setting included VPN trunk...
Page 171 CS-2000 UTM Content Security Gateway User’s Manual The B Company‘s default gateway is the LAN IP 192.168.20.1 of the CS-2000. Step1. In System Multiple Subnet , add the following setting： Multiple Subnet Step2. Enter the B Company‘s default IP 192.168.20.1 in the CS-2000. In Policy Object IPSec Autokey, click New Entry.
Page 172 CS-2000 UTM Content Security Gateway User’s Manual Step3. In IPSec Autokey, enter VPN_B in the VPN Name. In WAN interface, select WAN 1, to build the B Company‘s VPN connection. The IPSec VPN connection name and WAN interface setting Step4.
Page 173 CS-2000 UTM Content Security Gateway User’s Manual Step6. In Encapsulation, select ISAKMP Algorithm, and choose the needed algorithm as build up the connection. In ENC Algorithm (3DES/DES/AES), select 3DES. In AUTH Algorithm (MD5/SHA1), select MD5. In Group (GROUP 1, 2, 5), select GROUP 1, both sides need to select the same group.
Page 174 CS-2000 UTM Content Security Gateway User’s Manual In Perfect Forward Secrecy （NO-PFS/ GROUP 1, 2, 5）, select GROUP 1. In ISAKMP Step8. Lifetime, enter 3600 seconds. In IPSec Lifetime, enter 28800 seconds. In Mode, select main mode. The IPSec Perfect Forward Secrecy setting Step9.
Page 175 CS-2000 UTM Content Security Gateway User’s Manual Step10. In VPN VPN Trunk , add the following setting： Name, enter the Trunk name. From Source, select LAN. From Source Subnet / Mask , enter LAN IP address (B Company) 192.168.85.0 and mask 255.255.255.0...
Page 176 CS-2000 UTM Content Security Gateway User’s Manual Step11. In Policy Outgoing, add the following setting： Authentication User, select auth_group. Schedule, select Working_Time. Qos, select QoS_1. VPN Trunk, select IPSec_VPN_Trunk. Click OK. Set the outgoing policy setting included VPN trunk Complete the outgoing policy setting included VPN trunk...
Page 177 CS-2000 UTM Content Security Gateway User’s Manual Step12. In Policy Incoming , add the following settings： Schedule, select Working_Time. Qos, select QoS_1. VPN Trunk, select IPSec_VPN_Trunk. Click OK. Set the incoming policy setting included VPN trunk Complete the incoming policy setting included VPN trunk...
Page 178 CS-2000 UTM Content Security Gateway User’s Manual Step13. Complete to set the IPSec VPN connection. The IPSec VPN deployment - 172 -...
Page 179: Example 2
B Company The PC with Windows 2000 inside. WAN IP is 211.22.22.22 We use the CS-2000 and Windows 2000 VPN-IPsec to be the platform. On the other hand, we assume that B Company 211.22.22.22 want to build the VPN to A Company 192.168.10.100, in order to download the shared document.
Page 180 CS-2000 UTM Content Security Gateway User’s Manual The A Company’s default gateway is the LAN IP 192.168.10.1 in the CS-2000. Add the following settings： Step1. Enter the A Company’s CS-2000 default IP 192.168.10.1. Click VPN IPSec Autokey Entry. IPSec Autokey Step2.
Page 181 CS-2000 UTM Content Security Gateway User’s Manual Step5. In Encapsulation select ISAKMP Algorithm. Select the needed algorithm as both sides start the connection. In ENC Algorithm (3DES/DES/AES), select 3DES. In AUTH Algorithm (MD5/SHA1), select MD5. In Group (GROUP 1, 2, 5), select GROUP 2. The both sides need to select the same group.
Page 182 CS-2000 UTM Content Security Gateway User’s Manual In Perfect Forward Secrecy （NO-PFS/ GROUP 1,2,5） , select GROUP 1. In ISAKMP Lifetime, Step7. enter 3600 seconds. In IPSec Lifetime, enter 28800 seconds. In Mode, select main mode. The IPSec Perfect Forward Secrecy setting Step8.
Page 183 CS-2000 UTM Content Security Gateway User’s Manual Step9. In VPN VPN Trunk , add the following settings： Name, enter the Trunk Name. From Source, select LAN. From Source Subnet / Mask, enter Source LAN IP192.168.10.0 (A Company), and Mask 255.255.255.0.
Page 184 CS-2000 UTM Content Security Gateway User’s Manual Step10. In Policy Outgoing , add the following settings： Authentication User, select auth_group. Secedule, select Working_Time. Qos, select QoS_1. VPN Trunk, select IPSec_VPN_Trunk. Click OK. Set the outgoing policy setting included the VPN trunk...
Page 185 CS-2000 UTM Content Security Gateway User’s Manual Step11. In Policy Incoming , add the following settings： Schedule, select Working_Time. Qos, select QoS_1. VPN Trunk, select IPSec_VPN_Trunk. Click OK. Set the incoming policy setting included the VPN trunk Complete the incoming policy setting included the VPN trunk...
Page 186 CS-2000 UTM Content Security Gateway User’s Manual The B Company’s PC Real IP is 211.22.22.22, add the following settings: Step1. Click Start Run in Windows 2000. Start the IPSec VPN setting in Windows 2000 - 180 -...
Page 187 CS-2000 UTM Content Security Gateway User’s Manual Step2. In Run Open column, enter mmc. To startup the Windows 2000 IPSec VPN setting Step3. In Console 1 Console Add/Remove Snap-in. Add / Remove Snap-in - 181 -...
Page 188 CS-2000 UTM Content Security Gateway User’s Manual Step4. In Add / Remove Snap-in, click Add. In Add Standalone Snap-ins, add IP Security Policy Management. Add IP Security Policy Management - 182 -...
Page 189 CS-2000 UTM Content Security Gateway User’s Manual Step5. Select Local Computer, click finish. Select the type of IP Security Policy Management - 183 -...
Page 190 CS-2000 UTM Content Security Gateway User’s Manual Step6. Complete to set the IP Security Policy Management. Complete to set the IP Security Policy Management Step7. Right click on the IP Security Policies on Local Machine, and select Create IP Security Policy.
Page 191 CS-2000 UTM Content Security Gateway User’s Manual Step8. Click Next. Open IP Security Policy Wizard Step9. Enter the VPN Name and Description, and click Next. Set the VPN name and description - 185 -...
Page 192 CS-2000 UTM Content Security Gateway User’s Manual Step10. Disable to Activate the default response rule, and click Next. Disable to activate the default response rule Step11. In IP Security Policy Wizard, select Edit properties, click Finish. Complete the IP Security Policy Wizard settings...
Page 193 CS-2000 UTM Content Security Gateway User’s Manual Step12. In VPN_B Properties, do not select Use Add Wizard, and click Add. VPN_B Properties - 187 -...
Page 194 CS-2000 UTM Content Security Gateway User’s Manual Step13. In New Rule Properties, Click Add. New Rule Properties - 188 -...
Page 195 CS-2000 UTM Content Security Gateway User’s Manual Step14. In IP Filter List, do not select Use Add Wizard. Modify the Name into VPN_B WAN TO LAN, click Add. IP Filter List - 189 -...
Page 196 CS-2000 UTM Content Security Gateway User’s Manual Step15. In Filter Properties Source address A specific IP Address, enter B Company’s WAN IP address 211.22.22.22 , Subnet mask 255.255.255.255 . In Destination address specific IP Subnet, enter A Company‘s LAN IP address 192.168.10.0, subnet mask 255.255.255.0.
Page 197 CS-2000 UTM Content Security Gateway User’s Manual Step16. Complete the setting, and close the IP Filter List. Complete the IP Filter List setting - 191 -...
Page 198 CS-2000 UTM Content Security Gateway User’s Manual Step17. In New Rule Properties Filter Action Require Security. Click Edit. Filter Action setting - 192 -...
Page 199 CS-2000 UTM Content Security Gateway User’s Manual Step18. In Require Security Properties, select Session Key Perfect Forward Secrecy. Select Session Key Perfect Forward Secrecy - 193 -...
Page 200 CS-2000 UTM Content Security Gateway User’s Manual Step19. Select Custom / None / 3DES / MD5 Security Method, click Edit. Edit the Security Method Step20. Click Custom (for expert users), and click Settings. Custom Security Method - 194 -...
Page 201 CS-2000 UTM Content Security Gateway User’s Manual Step21. Select Data integrity and encryption, choose Integrity algorithm MD5. Encryption algorithm 3DES. Select Generate a new key every, enter 28800 seconds, then click OK to back to New Rule Properties. Custom Security Method settings Step22.
Page 202 CS-2000 UTM Content Security Gateway User’s Manual Step23. In New Rule Properties Tunnel Setting, select The tunnel endpoint is specified by this IP Address. Enter A Company’s WAN IP address - 61.11.11.11. Tunnel setting Step24. In New Rule Properties Authentication Methods, click Edit.
Page 203 CS-2000 UTM Content Security Gateway User’s Manual Step25. Select Use this string to protect the key exchange (preshared key), enter the Preshared Key, 123456789. Set the VPN Preshared Key Step26. Click Apply Close. Complete the Authentication Methods setting - 197 -...
Page 204 CS-2000 UTM Content Security Gateway User’s Manual Step27. Complete the VPN_B WAN TO LAN settings. Complete the VPN_B WAN TO LAN policy setting Step28. In VPN _B Properties, do not select Use Add Wizard. Click Add, to add the second IP security policy.
Page 205 CS-2000 UTM Content Security Gateway User’s Manual Step29. In New Rule Properties, click Add. New Rule Properties Step30. In IP Filter List, do not select Use Add Wizard. Modify the Name into VPN_B LAN TO WAN, click Add. IP Filter List...
Page 206 CS-2000 UTM Content Security Gateway User’s Manual Step31. In Filter Properties Source address, select A specific IP Subnet, enter A Company‘s LAN IP Address 192.168.10.0, subnet mask 255.255.255.0. In Destination address, select A specific IP Address, enter B Company‘s WAN IP Address 211.22.22.22, subnet mask 255.255.255.255.
Page 207 CS-2000 UTM Content Security Gateway User’s Manual Step32. Complete the settings, close the IP Filter List. Complete the IP Filter List setting - 201 -...
Page 208 CS-2000 UTM Content Security Gateway User’s Manual Step33. In New Rule Properties Filter Action, select Required Security, then click Edit. Filter Action - 202 -...
Page 209 CS-2000 UTM Content Security Gateway User’s Manual Step34. In Require Security Properties, select Session key Perfect Froward Secrecy. Select Session key Perfect Forward Secrecy - 203 -...
Page 210 CS-2000 UTM Content Security Gateway User’s Manual Step35. Select Custom / None / 3DES / MD5 Security Method. Click Edit. Set the Security Method - 204 -...
Page 211 CS-2000 UTM Content Security Gateway User’s Manual Step36. Select Custom (for expert users), click Settings. Custom Security Method settings - 205 -...
Page 212 CS-2000 UTM Content Security Gateway User’s Manual Step37. Select Data integrity and encryption (ESP). Integrity algorithm, select MD5. Encryption algorithm, select 3DES. Also select Generate a new key every, enter 28800 seconds. Click OK to back to New Rule Properties.
Page 213 CS-2000 UTM Content Security Gateway User’s Manual Step38. In New Rule Properties Connection Type, select All network connections. Connection Type setting - 207 -...
Page 214 CS-2000 UTM Content Security Gateway User’s Manual Step39. In New Rule Properties Tunnel Setting, select The tunnel endpoint is specified by this IP Address. Enter B Company‘s WAN IP address 211.22.22.22. Tunnel setting - 208 -...
Page 215 CS-2000 UTM Content Security Gateway User’s Manual Step40. In New Rule Properties Authentication Methods, click Edit. Authentication Methods - 209 -...
Page 216 CS-2000 UTM Content Security Gateway User’s Manual Step41. Select Use this string to protect the key exchange (preshared key). Enter the Preshared Key - 123456789. VPN Preshared key setting - 210 -...
Page 217 CS-2000 UTM Content Security Gateway User’s Manual Step42. Click Apply and close the setting window. Complete the New Rule setting - 211 -...
Page 218 CS-2000 UTM Content Security Gateway User’s Manual Step43. Complete the VPN_B LAN TO WAN setting. Complete the VPN_B LAN TO WAN Rule setting - 212 -...
Page 219 CS-2000 UTM Content Security Gateway User’s Manual Step44. In VPN_B Properties General, click Advanced. The VPN_B General setting Step45. Select Master Key Perfect Forward Secrecy, click Methods. Key Exchange settings - 213 -...
Page 220 CS-2000 UTM Content Security Gateway User’s Manual Step46. Click Move up or Move down to arrange IKE / 3DES / MD5 / to the Top, and click OK. To arrange the Security Methods Step47. Complete all the Windows 2000 VPN settings.
Page 221 CS-2000 UTM Content Security Gateway User’s Manual Step48. Right click on VPN_B, select Assign. To assign the VPN_B Security Rules Step49. We need to restart the IPsec Service. Click Start Setting Control Panel. Enter the Control Panel - 215 -...
Page 222 CS-2000 UTM Content Security Gateway User’s Manual Step50. In Control Panel, double click Administrative Tools icon. Enter the Administrative Tools Step51. In Administrative Tools, double click Services icon. Enter the Services - 216 -...
Page 223 CS-2000 UTM Content Security Gateway User’s Manual Step52. In Services, right click on IPsec Policy Agent, select Restart. Restart IPSec Policy Agent - 217 -...
Page 224 CS-2000 UTM Content Security Gateway User’s Manual Step53. Complete all the settings. The CS-2000 and Windows 2000 IPSec VPN deployment - 218 -...
Page 225: Example 3
VPN to B Company 192.168.20.100, in order to download the shared documents. (Aggressive mode). The A Company‘s default gateway is the CS-2000 LAN IP 192.168.10.1. Make the following settings: Step1 Enter A Company‘s CS-2000 default IP Address 192.168.10.1. In Policy Object IP Sec Autokey New Entry.
Page 226 CS-2000 UTM Content Security Gateway User’s Manual Step2 In IPSec Autokey, enter VPN_A in the VPN Name. In WAN interface, select WAN 1, which the A Company uses it to build the VPN. The IPSec VPN name and WAN interface setting Step3 In To Destination, select Remote Gateway –...
Page 227 CS-2000 UTM Content Security Gateway User’s Manual Step5 In Encapsulation, select ISAKMP Algorithm, to select the needed algorithm. In ENC Algorithm (3DES/DES/AES), select 3DES. In AUTH Algorithm (MD5/SHA1), select SHA1. In Group (GROUP 1, 2, 5), select Group 2, the both sides need to choose the same group.
Page 228 CS-2000 UTM Content Security Gateway User’s Manual In Perfect Forward Secrecy （NO-PFS/ GROUP 1,2,5） , select GROUP 1. In ISAKMP Lifetime, Step7 enter 3600 seconds, and the IPSec Lifetime, enter 28800 seconds. The IPSec Perfect Forward Secrecy setting Step8 In Mode, select Aggressive mode.
Page 229 CS-2000 UTM Content Security Gateway User’s Manual Step10 In VPN VPN Trunk add the following settings： Name, enter the Trunk name. From Source, select LAN. From Source Subnet / Mask, enter the LAN address (A Company) 192.168.10.0 and Mask 255.255.255.0.
Page 230 CS-2000 UTM Content Security Gateway User’s Manual Step11 In Policy Outgoing , add the following settings： Authentication User, select auth_group. Schedule, select Working_Time. Qos, select QoS_1. VPN Trunk, select IPSec_VPN_Trunk. Click OK. Set the outgoing policy included the VPN trunk...
Page 231 CS-2000 UTM Content Security Gateway User’s Manual Step12 In Policy Incoming , add the following settings： Schedule, select Working_Time. Qos, select QoS_1. VPN Trunk, select IPSec_VPN_Trunk. Click OK. Set the incoming policy included the VPN trunk Complete the incoming policy setting included the VPN trunk...
Page 232 CS-2000 UTM Content Security Gateway User’s Manual The B Company’s default gateway is the CS-2000’s LAN IP 192.168.20.1. Add the following settings. Step1 Enter B Company‘s default IP address 192.168.20.1. Click VPN IPSec Autokey, click New Entry. IPSec Autokey Step2 In IPSec Autokey, enter VPN_B in Name.
Page 233 CS-2000 UTM Content Security Gateway User’s Manual Step3 In To Destination, select Remote Gateway –Fixed IP or Domain Name, enter the Remote IP address to link to A Company. The IPSec To Destination IP setting Step4 In Authentication Method, select Preshare, enter the Preshared Key. (The maximum Preshared Key is 100 bytes.)
Page 234 CS-2000 UTM Content Security Gateway User’s Manual Step6 In IPSec Algorithm, select Data Encryption + Authentication or Authentication Only. In ENC Algorithm (3DES/DES/AES/NULL), select 3DES. In AUTH Algorithm (MD5/SHA1), select MD5, to assure the authentication methods. The IPSec Algorithm setting In Perfect Forward Secrecy （...
Page 235 CS-2000 UTM Content Security Gateway User’s Manual Step10 In VPN Trunk New Entry , add the following settings： Name, enter the Trunk Name. From Source, select LAN. From Source Subnet / Mask, enter the LAN IP address (B Company) 192.168.20.0 and mask 255.255.255.0.
Page 236 CS-2000 UTM Content Security Gateway User’s Manual Step11 In Policy Outgoing , add the following settings： Authentication User, select auth_group. Schedule, select Working_Time. Qos, select QoS_1. VPN Trunk, select IPSec_VPN_Trunk. Click OK. Set the outgoing policy included the VPN trunk...
Page 237 CS-2000 UTM Content Security Gateway User’s Manual Step12 In Policy Incoming, add the following settings： Schedule, select Working_Time. Qos, select QoS_1. VPN Trunk, select IPSec_VPN_Trunk. Click OK. Set the incoming policy included the VPN trunk Complete the incoming policy setting included the VPN trunk...
Page 238 CS-2000 UTM Content Security Gateway User’s Manual Step13 Complete the IPSec VPN aggressive mode settings. The IPSec VPN aggressive mode deployment - 232 -...
Page 239: Example 4
CS-2000 UTM Content Security Gateway User’s Manual 5.9.5 Example 4 The way to set the outbound load balance connection in IPSec VPN between two CS-2000 appliances. (The GRE / IPSec packets algorithm.) The Deployment A Company WAN1 IP is 61.11.11.11 WAN2 IP is 61.22.22.22...
Page 240 CS-2000 UTM Content Security Gateway User’s Manual Step1 Enter the A Company’s default IP address 192.168.10.1. In VPN IPSec Autokey, click New Entry. IPSec Autokey Step2 In IPSec Autokey Name, enter VPN_01. In WAN interface, select WAN 1. The IPSec VPN name and WAN interface setting Step3 In To Destination, select Remote Gateway—Fixed IP or Domain Name, enter the remote...
Page 241 CS-2000 UTM Content Security Gateway User’s Manual Step5 In Encapsulation, select ISAKMP algorithm, to select the needed algorithm. In ENC Algorithm (3DES/DES/AES), select 3DES. In AUTH Algorithm (MD5/SHA1), select MD5. In Group (GROUP 1, 2, 5), select GROUP 1. The both sides need to select the same group.
Page 242 CS-2000 UTM Content Security Gateway User’s Manual Step7 In Perfect Forward Secrecy ( NO-PFS/ GROUP 1, 2, 5）, select GROUP 1 . In ISKMP Lifetime, enter 3600 seconds. In IPSec Lifetime, enter 28800 seconds. In Mode, select main mode. The IPSec Perfect Forward Secrecy setting...
Page 243 CS-2000 UTM Content Security Gateway User’s Manual Step10 Enter the A Company’s default IP address 192.168.10.1. In VPN IPSec Autokey, click New Entry. IPSec Autokey window Step11 In IPSec Autokey Name, enter VPN_02. In WAN interface, select WAN 2, which the A Company uses it to build up the VPN.
Page 244 CS-2000 UTM Content Security Gateway User’s Manual Step14 In Encapsulation, select ISAKMP algorithm, to choose the needed algorithm. In ENC Algorithm (3DES/DES/AES), select 3DES. In AUTH Algorithm (MD5/SHA1), select MD5. In Group (GROUP 1, 2, 5), select GROUP 1. The both sides need to choose the same group.
Page 245 CS-2000 UTM Content Security Gateway User’s Manual In Perfect Forward Secrecy （NO-PFS/ GROUP 1,2,5） , select GROUP 1. In ISAKMP Lifetime, Step16 enter 3600 seconds. In IPSec Lifetime, enter 28800 seconds. In Mode, select main mode. The IPSec Perfect Forward Secrecy setting...
Page 246 CS-2000 UTM Content Security Gateway User’s Manual Step19 In VPN VPN Trunk , add the following settings： Name, enter the Trunk Name. From Source, select LAN. In From Source Subnet / Mask, enter the LAN source IP (A Company) 192.168.10.0 and mask 255.255.255.0.
Page 247 CS-2000 UTM Content Security Gateway User’s Manual Step20 In Policy Outgoing , add the following settings： Authentication User, select auth_group. Schedule, select Working_Time. Qos, select QoS_1. VPN Trunk, select IPSec_VPN_Trunk. Click OK. Set the outgoing policy setting included the VPN trunk...
Page 248 CS-2000 UTM Content Security Gateway User’s Manual Step21 In Policy Incoming , add the following settings： Schedule, select Working_Time. Qos, select QoS_1. VPN Trunk, select IPSec_VPN_Trunk. Click OK. Set the incoming policy setting included the VPN trunk Complete the incoming policy setting included the VPN trunk...
Page 249 CS-2000 UTM Content Security Gateway User’s Manual Step1 Enter the B Company‘s default IP address 192.168.20.1. In VPN IPSec Autokey Entry. IPSec Autokey Step2 In IPSec Autokey Name, enter VPN_01. In WAN interface, select WAN 1, which the B Company uses it to build the VPN.
Page 250 CS-2000 UTM Content Security Gateway User’s Manual Step5 In Encapsulation, select ISAKMP algorithm, to choose the needed algorithm. In ENC Algorithm (3DES/DES/AES), select 3DES. In AUTH Algorithm (MD5/SHA1), select MD5. In Group (GROUP 1, 2, 5), select GROUP 1. The both sides need to choose the same group.
Page 251 CS-2000 UTM Content Security Gateway User’s Manual In Perfect Forward Secrecy （ NO-PFS/ GROUP 1,2,5） , select GROUP 1 . In ISAKMP Lifetime, Step7 enter 3600 seconds. In IPSec Lifetime, enter 28800 seconds. In Mode, select main mode. The IPSec Perfect Forward Secrecy setting...
Page 252 CS-2000 UTM Content Security Gateway User’s Manual Step10 Enter the B Company‘s default IP address 192.168.20.1. In VPN IPSec Autokey Entry. The IPSec Autokey Step11 In IPSec Autokey Name, enter VPN_02. In WAN interface, select WAN 2, which the B Company uses it to build the VPN.
Page 253 CS-2000 UTM Content Security Gateway User’s Manual Step14 In Encapsulation, select ISAKMP algorithm, to choose the needed algorithm. In ENC Algorithm (3DES/DES/AES), select 3DES. In AUTH Algorithm (MD5/SHA1), select MD5. In Group (GROUP 1, 2, 5), select GROUP 1. The both sides need to choose the same group...
Page 254 CS-2000 UTM Content Security Gateway User’s Manual In Perfect Forward Secrecy （ NO-PFS/ GROUP 1,2,5） , select GROUP 1 . In ISAKMP Lifetime, Step16 enter 3600 seconds. In IPSec Lifetime, enter 28800 seconds. In Mode, select main mode. The IPSec Perfect Forward Secrecy setting...
Page 255 CS-2000 UTM Content Security Gateway User’s Manual Step19 In VPN VPN Trunk , add the following settings： In Name, enter the trunk name. From Source, select LAN. In From Source Subnet/ Mask, enter B Company‘s LAN source IP 192.168.20.0 and mask 255.255.255.0.
Page 256 CS-2000 UTM Content Security Gateway User’s Manual Step20 In Policy Outgoing , add the following settings： Authentication User, select auth_group. Schedule, select Working_Time. Qos, select QoS_1. VPN Trunk, select IPSec_VPN_Trunk. Click OK. To set the outgoing policy included the VPN trunk...
Page 257 CS-2000 UTM Content Security Gateway User’s Manual Step21 In Policy Incoming , add the following settings： Schedule, select Working_Time. Qos, select QoS_1. VPN Trunk, select IPSec_VPN_Trunk. Click OK. To set the incoming policy included the VPN trunk Complete to set the incoming policy included the VPN trunk...
Page 258 CS-2000 UTM Content Security Gateway User’s Manual Step22 Complete the IPSec VPN GRE/IPSec settings. The IPSec VPN GRE/IPSec deployment - 252 -...
Page 259: Example 5
LAN IP is 192.168.10.X B Company Use the Windows 2000 PC. WAN IP is 211.22.22.22 We use the CS-2000 and Windows 2000 VPN-PPTP to be the platform. Assume the B Company 211.22.22.22 link to A Company 192.168.10.100 via the VPN, in order to download the shared files.
Page 260 Auto-Disconnect if idle, enter 0. To enable PPTP VPN setting As create the CS-2000 PPTP server VPN, the MIS engineer can allow or limit the external user to link to network via the CS-2000. Auto-Disconnect if idle：When the VPN is not in use, it will automatically disconnect.（Time unit：...
Page 261 CS-2000 UTM Content Security Gateway User’s Manual Step2 In A Company’s CS-2000 , VPN PPTP Server , add the following settings： Click New Entry. User Name, enter PPTP_Connection. Password, enter 123456789. Client IP assigned by, select IP Range. Click OK.
Page 262 CS-2000 UTM Content Security Gateway User’s Manual Step3 In VPN VPN Trunk , add the following settings： Name, enter the trunk name. From Source, select LAN. From Source Subnet / Mask, enter the A Company’s LAN IP address 192.168.10.0 and mask 255.255.255.0.
Page 263 CS-2000 UTM Content Security Gateway User’s Manual Step4 In Policy Outgoing , add the following settings： Authentication User, select auth_group. Schedule, select Working_Time. Qos, select QoS_1. VPN Trunk, select PPTP_VPN_Trunk. Click OK. To set the outgoing policy included the VPN trunk...
Page 264 CS-2000 UTM Content Security Gateway User’s Manual Step5 In Policy Incoming , add the following settings： Schedule, select Working_Time. Qos, select QoS_1. VPN Trunk, select PPTP_VPN_Trunk. Click OK. To set the incoming policy included the VPN trunk Complete to set the incoming policy included the VPN trunk...
Page 265 CS-2000 UTM Content Security Gateway User’s Manual The B Company’s PC use the Real IP（211.22.22.22）. Add the following settings： Step1 Right click on My Network Places, and select Properties. To start the Windows 2000 PPTP VPN setting Step2 In Network and Dial-up Connection, click Make New Connection.
Page 266 CS-2000 UTM Content Security Gateway User’s Manual Step3 In Location Information, enter the Country /Region, Area code and select the phone system, then click OK. The Local Information setting Step4 In Phone And Modem Options, click OK. Phone and Modem Options...
Page 267 CS-2000 UTM Content Security Gateway User’s Manual Step5 In Network Connection Wizard, click Next. Network Connection Wizard Step6 In Network Connection Wizard, select Connect to a private network through the Network. Click Next. To connect to a private network through the Internet...
Page 268 CS-2000 UTM Content Security Gateway User’s Manual Step7 In New Connection Wizard, enter the IP Address, and then click Next. Setup the Host name or IP address Step8 In Network Connection Wizard Connection Availability, select For all users. Click Next.
Page 269 CS-2000 UTM Content Security Gateway User’s Manual Step9 In New Connection Wizard, enter the Connection Name, click Finish. Complete the New Connection Wizard - 263 -...
Page 270 CS-2000 UTM Content Security Gateway User’s Manual Step10 In Connect Virtual Private Connection, add the following settings： User Name, enter PPTP_Connection. Password, enter 123456789. Select Save Password. Click Connect. It shows Connecting to Virtual Private Connection window. Connection Complete. Connect Virtual Private Connection...
Page 271 CS-2000 UTM Content Security Gateway User’s Manual Step11 Complete to setup the PPTP VPN connection. The PPTP VPN deployment - 265 -...
Page 272: Chapter 6: Policy
Chapter 6: Policy The CS-2000 can detect every packet pass by the devices, and to valuate if the packets can fit the policy. When the packets can qualified by the policy, the CS-2000 will allow the packets to go through the policy. In other words, if the packets can not fit the policy, then it will be blocked.
Page 273 CS-2000 UTM Content Security Gateway User’s Manual The CS-2000‘s VPN function use the trunk technology by policy management, in order to monitor the packets through the data exchange. - 267 -...
Page 274 CS-2000 UTM Content Security Gateway User’s Manual Policy Comment The description of policy. Source Address and Destination Address The active connection is the source IP and the passive connection is the destination IP . Service It represents the service item. The MIS engineer can select to use the system default setting or choose...
Page 275 CS-2000 UTM Content Security Gateway User’s Manual Icon Name Definition To permit the qualified packets can go through PERMIT ALL WAN1, WAN2, and WAN3. PERMIT WAN1 To permit the qualified Packets can pass by WAN1. PERMIT WAN2 To permit the qualified Packets can pass by WAN2.
Page 276 , to modify the contents. Move To click the drop down menu and change the policy sorting. (The CS-2000 will check the passing packet depends on the policy sorting.) - 270 -...
Page 277 CS-2000 UTM Content Security Gateway User’s Manual We will setup 6 Policy Application Environments. Range The Application Environment Pages Example. 1 Outgoing To set the policy to monitor the internal user link to the network. (use traffic log , statistics and quota per session) To deny the user to access the specify network resources.（For...
Page 278 CS-2000 UTM Content Security Gateway User’s Manual Example 1 To set the policy to monitor the internal user link to the network. (Use traffic log, statistics and quota per session) Outgoing , add the following settings ： Step1 In Policy Click New Entry.
Page 279 In Traffic Log Filtered, click the IP address displayed in the window, then it will filter the IP packets record. If the MIS engineers want to monitor all the CS-2000’s packets, click Traffic Log Traffic. The Traffic Log Filtered window...
Page 280 CS-2000 UTM Content Security Gateway User’s Manual Traffic Log Web UI - 274 -...
Page 281 CS-2000 UTM Content Security Gateway User’s Manual Step4 In Monitor Statistics Policy, it shows the traffic statistics through the policy. Traffic statistics - 275 -...
Page 282 CS-2000 UTM Content Security Gateway User’s Manual Example 2 To deny the user to access the specific network resources.（For example, the static IP and content blocking.） Step1 In Content Blocking Script Download , add the following settings： Content blocking setting...
Page 283 CS-2000 UTM Content Security Gateway User’s Manual Download blocking setting Upload blocking setting - 277 -...
Page 284 CS-2000 UTM Content Security Gateway User’s Manual Step2. In IM / P2P Blocking New Entry, add IM / P2P blocking setting. Set IM / P2P blocking setting Complete IM /P2P blocking setting 1. The MIS engineer can limit the user to browse only specific web site through the content blocking by policy management.
Page 285 CS-2000 UTM Content Security Gateway User’s Manual Step2 In Address WAN and WAN Group , add the following settings： Set the WAN IP to block Group the WAN The MIS engineer can customize to group the address and apply it to policy.
Page 286 CS-2000 UTM Content Security Gateway User’s Manual Step3 In Policy Outgoing , add the following settings： Click New Entry. Destination Address, select WAN _Group set in Step2.（Use the IP to block .） Action, WAN Port, select DENY ALL. Click OK.
Page 287 CS-2000 UTM Content Security Gateway User’s Manual Step4 In Policy Outgoing , add the following settings： Click New Entry. Select Content Blocking. Select IM/P2P Blocking. Click OK. To set the content blocking policy - 281 -...
Page 288 CS-2000 UTM Content Security Gateway User’s Manual Step5 Complete to set the policy to deny users access the network resources. Complete to set the policy to deny users access the network resources The DENY action can block the packets correspond to the policy .The MIS engineer can move the policy to first priority, to limit users link to the specific IP address.
Page 289 CS-2000 UTM Content Security Gateway User’s Manual Example 3 To permit the authenticated user can access the network resources on specific time. Step1 In Schedule , add the following settings： Add new schedule Step2 In Authentication User and User Group, add the following settings：...
Page 290 CS-2000 UTM Content Security Gateway User’s Manual Step3 In Policy Outgoing , add the following setting： Click New Entry. Authentication User, select laboratory. Schedule, select Working_Time. Click OK. To set the authentication and schedule policy Step4 Complete the setting to permit the user can access the network resources on specific time via the authentication.
Page 291 CS-2000 UTM Content Security Gateway User’s Manual Example 4 The external user use the remote control software to control the internal PCs. （For example, PcAnywhere） Step1 To set up a LAN PC remote by the external PC, the server virtual IP is 192.168.1.2.
Page 292 CS-2000 UTM Content Security Gateway User’s Manual Step3 In Policy Incoming , add the following settings： Click New Entry. Destination Address, select Virtual Server 1(203.67.31.11). Service, select PC-Anywhere (5631-5632). Click OK. To set the policy of LAN PC remote by the external PC Step4 Complete to set the policy of LAN PC remote by the external PC.
Page 293 CS-2000 UTM Content Security Gateway User’s Manual Example 5 Sets a FTP server in the DMZ by NAT mode, and to limit the external user’s downstream bandwidth, MAX.concurrent sessions and quota per day. Step1 In DMZ, to set up a FTP server and the server virtual IP is 192.168.3.2.（The DMZ interface address is 192.168.3.1/24）...
Page 294 CS-2000 UTM Content Security Gateway User’s Manual Step3 In Qos , add the following settings： Set the QoS Step4 In Policy WAN To DMZ , add the following settings： Click New Entry. Destination Address, select Virtual Server 1(61.11.11.12). Service, select FTP (21).
Page 295 CS-2000 UTM Content Security Gateway User’s Manual Step5 Limit users access the DMZ server services and network resources. Complete to set the policy - 289 -...
Page 296 CS-2000 UTM Content Security Gateway User’s Manual Example 6 Sets a mail server in the DMZ by TRANSARENT mode, and to permit the internal and external user to send and receive e-mail. Step1 In DMZ, to set a mail server and the IP is 61.11.11.12. The DNS set to correspond to the external DNS server.
Page 297 CS-2000 UTM Content Security Gateway User’s Manual Step4 In Policy WAN To DMZ , add the following settings： Click New Entry. Destination Address, select Mail_Server. Service, select Mail_Service. Click OK. To set the WAN To DMZ mail service policy Step5 Complete to set the WAN To DMZ mail service policy.
Page 298 CS-2000 UTM Content Security Gateway User’s Manual Step6 In Policy LAN To DMZ , add the following settings： Click New Entry. Destination Address, select Mail_Server. Service, select Mail_Service. Click OK To set the LAN To DMZ mail service policy Step7 Complete to set the LAN To DMZ mail service policy.
Page 299 CS-2000 UTM Content Security Gateway User’s Manual Step8 In Policy DMZ To WAN , add the following settings： Click New Entry. Destination Address, select Mail_Server. Service, select Mail_Service. Click OK To set the DMZ To WAN Mail service policy Step9 Complete to set the DMZ To WAN mail service policy.
Page 300: Chapter 7: Mail Security
Chapter 7: Mail Security 7.1 Configure The so called mail configure is the CS-2000’s mail process standard. In this Chapter, we will define it to be the mail setting, mail relay, mail account and mail notice. Only set the mail relay function as scanning the mails in internal mail server through the CS-2000’s anti-spam and anti-virus process.
Page 301: Setting
CS-2000 UTM Content Security Gateway User’s Manual 7.1.1 Setting Scanned Mail Setting The MIS engineer can set the scanned spam and virus mail size separately, and let the CS-2000 to self-identify which mail to scan. Unscanned Mail Setting It is focus on the mail which is over the scanning standard. The MIS engineer can select to add the unscanned mail message to the subject line.
Page 302 CS-2000 UTM Content Security Gateway User’s Manual Storage lifetime of spam / virus mails in the quarantine The MIS engineer can assign the storage lifetime of spam/virus mails in the quarantine, and also delete these spam/virus mails on the expire date.
Page 303 CS-2000 UTM Content Security Gateway User’s Manual When received the notice mail, it shows the customized mail subject and notice contents. Notice mail include the customized mail subject and contents - 297 -...
Page 304 CS-2000 UTM Content Security Gateway User’s Manual When the user received the unscanned mail, the system will add the message to the subject line. To display the unscanned mail message to the subject line - 298 -...
Page 305: Mail Relay
CS-2000 UTM Content Security Gateway User’s Manual 7.1.2 Mail Relay Example 1 We use the CS-2000 to be the Gateway（To set the mail server in DMZ , and use the Transparent mode） The Deployment WAN1 IP is 61.11.11.11 Mail Server IP is 61.11.11.12 To mapped the DNS domain name (test.com) applied from the ISP , to the DNS server IP（To set the MX...
Page 306 LDAP server every 30 minutes, in order to valuate the mail relay necessity.（When the LDAP is disable , the CS-2000 will confirm if the mail account exist in mail server ，to valuate the mail relay necessity.）...
Page 307 CS-2000 UTM Content Security Gateway User’s Manual Example 2 To put the CS-2000 between the Company’s original gateway and mail server. (To set the mail server in DMZ, and use the Transparent mode.) The Deployment The Company’s original Gateway is 172.1.1.0/16 (LAN segment) WAN IP is 61.11.11.11...
Page 308 CS-2000 UTM Content Security Gateway User’s Manual Step1 In Configure Mail Relay , add the first setting： Select Domain Name of Internal Mail Server. Domain Name of Mail Server, enter the applied domain name. IP Address of Mail Server, enter the IP address which the domain name of mail server correspond to.
Page 309 CS-2000 UTM Content Security Gateway User’s Manual Example 3 The headquarter company use CS-2000 to be the gateway (To set the mail server in DMZ, and use Transparent mode), in order to let the employees can send mails through the mail server.
Page 310 CS-2000 UTM Content Security Gateway User’s Manual Step1 In Configure Mail Relay , add the first setting： Select Domain Name of Internal Mail Server. Domain Name of Mail Server, enter the applied domain name. IP Address of Mail Server, enter the IP address which the domain name of mail server correspond to.
Page 311: Mail Account
CS-2000 UTM Content Security Gateway User’s Manual 7.1.3 Mail Account Use the CS-2000’s mail account, to allow or deny mails from the internal mail server. Step1 In Configure Mail Relay , add the following settings： The mail relay setting - 305 -...
Page 312 CS-2000 UTM Content Security Gateway User’s Manual Step2 In Configure Mail Account , it shows the domain name of internal mail server： Click Modify, it shows the Mail Account Scanned Account list, which is confirmed by the internal mail server.
Page 313 CS-2000 UTM Content Security Gateway User’s Manual After complete to set the Mail Relay settings, the MIS engineer can add the legal Mail account into the Scanned Account list by importing address book, the MIS engineer can select to use the function to import address book from Client in Mail Account .（For example , use the Outlook Express）...
Page 314 CS-2000 UTM Content Security Gateway User’s Manual Export the Address Book The Address Book Export Tool - 308 -...
Page 315 CS-2000 UTM Content Security Gateway User’s Manual Save exported files Select the fields MIS engineer wish to export - 309 -...
Page 316 On the other hand, the MIS engineer can store or clean the legal mail account in internal mail server by export the mail account. The CS-2000 can re-export the list when the Scanned Account is missing.
Page 317 CS-2000 UTM Content Security Gateway User’s Manual Step3 In Mail Account , add new mail account： Add new mail account, click New Entry. In Add new mail account, enter the new mail account. Click OK. In Mail Account window, click OK again.
Page 318 To set which recipient account is not allowed to receive mails in internal mail server Step5 In Mail Account Scanned Account, the CS-2000 will confirm if the recipient mail account is legal mail account, and then send the external sender’s mail to internal mail server. - 312 -...
Page 319 The CS-2000 will confirm if the recipient‘s mail account (receive mails sent from the external sender) is fit to the Mail Account list by the internal mail server‘s confirmation. 1. When the recipient’s mail account fit to Scanned Account，the CS-2000 will send the mails to internal mail server .
Page 320: Mail Notice
CS-2000 UTM Content Security Gateway User’s Manual 7.1.4 Mail Notice Example 1 Use the CS-2000’s mail notice, to send the spam mail (virus) notification to recipient. In other words, the recipient can select the needed mails from the list. (For example, use the Outlook Express)
Page 321 CS-2000 UTM Content Security Gateway User’s Manual Step2 In Configure Mail Notice , it shows the domain name of internal mail server： Click Modify, the mail account will displayed in mail notice selectable list. The domain name of internal mail server...
Page 322 Click OK. When add the new account in Mail Account, the new account will synchronize added into the Selected Account. The CS-2000 will send the spam mail (virus) notification to the recipients’ mail box on time. The mail notice setting...
Page 323 After the recipient got the spam (virus) mail notice, the CS-2000 will not send any mail notice if the recipient did not receive any spam mail from the external mail server via the internal mail server before the next spam (virus) mail notice start to send.
Page 324 When the recipient receive the Spam Mail Notice ( or Virus Mail Notice): In Inbound list, choose the spam (virus) mail to retrieve, click Retrieve. After the CS-2000 sends the spam (virus) mails, it shows the message of Retrieve is Completed.
Page 325 CS-2000 UTM Content Security Gateway User’s Manual Complete to retrieve the spam (virus) mail There are two ways to retrieve all the spam / virus mails in spam / virus mail notice. A： When receive the spam / virus mail notice by attached type, user has to open the attachment.
Page 326 CS-2000 UTM Content Security Gateway User’s Manual Open the attachment in spam (virus) mail notice Confirm to open the attachment - 320 -...
Page 327 CS-2000 UTM Content Security Gateway User’s Manual To retrieve all the spam (virus) mails from the spam (virus) mail notice To retrieve all the spam (virus) mail from the preview spam (virus) mail notice - 321 -...
Page 328 CS-2000 UTM Content Security Gateway User’s Manual Example 2 Personal Rule Setting Step1. Click Spam (Virus) Mail Notice Personal Rule. Login the personal rule - 322 -...
Page 329 Click Language. Select English Version. Click OK. Complete to set the recipient can receive the CS-2000 mail notice of English version by the rule setting from Monday to Friday. The personal rule mail notice setting The mail notice language setting...
Page 330 CS-2000 UTM Content Security Gateway User’s Manual In Personal Rule Notice, disable the Enable Notice, and then user can not receive the mail notice from CS-2000. The way to solve the problem: 1. Login the CS-2000 89 port Personal Rule Login Notice Enable Notice.
Page 331 CS-2000 UTM Content Security Gateway User’s Manual Step1. Allow the user to customize the login password： Enable the local database in Login Authentication of Personal Rule. Click Password. Enter 123456789 of Password. Click OK. Enter the E-mail address and password as using the 89 port to login the personal rule via the CS-2000.
Page 332 CS-2000 UTM Content Security Gateway User’s Manual Type the password Log in the personal rule authentication window Complete to login the personal rule - 326 -...
Page 333: Anti -Spam
CS-2000 UTM Content Security Gateway User’s Manual 7.2 Anti-Spam The CS-2000 can filter the mails in internal and external mail server. The function can also improve the efficiency of the company’s mail server and let recipients can select to read the needed mails. In other words, it can also improve the employee’s working efficiency;...
Page 334: Setting
When adjust the spam mail scanning options, the CS-2000 can compare the priority of Personal Rule and Global Rule. The CS-2000 will use the default rules to scan the mails if the MIS engineer did not select any spam mail action.
Page 335 CS-2000 UTM Content Security Gateway User’s Manual Action of Spam Mail The CS-2000 can delete the inbound spam mail, select to deliver to the recipient or forward it to another mail account or just save it in quarantine. The CS-2000 can directly send the inbound spam mail to the recipient and also save it in quarantine.
Page 336 CS-2000 UTM Content Security Gateway User’s Manual The internal and external recipient will received the spam mail which has been added the score tag and spam string to the subject line. The spam mail subject line included the score tag and spam string...
Page 337 CS-2000 UTM Content Security Gateway User’s Manual The internal and external recipient received the non-spam mail which has been only added the score tag in subject line. The non-spam mail subject line only included the score tag - 331 -...
Page 338: Personal Rule
Search, Global Rule, Whitelist and Blacklist. On the other hand , when the normal user login Personal Rule Search , Whitelist and Blacklist setting through Mail Notice or CS-2000 interface 89 Port , it will not shows the Training function.
Page 339: Global Rule
CS-2000 UTM Content Security Gateway User’s Manual 7.2.3 Global Rule Global Rule： Rule Name To customize the mail rule name. Comments The description of customized mail rules. Combination And：To identify the spam or ham mail depends on the mails which must be corresponding to all the customized mail rules.
Page 340 CS-2000 UTM Content Security Gateway User’s Manual Item To identify if the mail signature of Header, Body, and Attach File Name correspond to the Spam Mail depends on the condition. The detected mail ‘s Header Item included Received , Envelope-To , From , To , Cc , Bcc , Subject , Sender , Reply-To , Errors-To , Message-ID and Date.
Page 341: Whitelist
CS-2000 UTM Content Security Gateway User’s Manual 7.2.4 Whitelist Whitelist： Whitelist To allow the specific mail account can freely send / retrieve mails. Direction From：To distinguish the mail sender address. To：To distinguish the mail recipient addresses. 7.2.5 Blacklist Blacklist： Blacklist To forbid the specific mail account to send / retrieve mails.
Page 342: Training
The MIS engineer can import ham mail files, in order to improve the ham mail filtering accuracy. Spam Account for Training User can send the spam mail to assigned mail address, and the CS-2000 can receive these mails from the mail account on time, in order to improve the spam mail filtering accuracy.
Page 343: Spam Mail
Spam Mail： Search To search all the records correspond to the condition in CS-2000 , according to the keywords or phrases of Recipient , Sender , Subject , Received Time , Spam Mail , Ham Mail , Attached and Non-Attached .
Page 344 In Spam Mail and Sender List ， the CS-2000 can make the sorting by the recipient , sender , total spam and total mail . In Spam List, the CS-2000 can make the sorting by the subject and received time.
Page 345: The Advanced Description
CS-2000 UTM Content Security Gateway User’s Manual 7.2.8 The Advanced Description The so called mail server is the medium between the mail send and retrieve process. The E-mail address format is: For example, account@server.name , the mail account is in front of the @, the server name is after the @.
Page 346 CS-2000 UTM Content Security Gateway User’s Manual Mail Transferring Process： The 3 elements of the e-mail send / retrieve：MUA, MTA, MDA. MUA ( Mail User Agent )：The client PC needs to use the MUA provided by the OS to process send / retrieve.
Page 347 CS-2000 UTM Content Security Gateway User’s Manual Mail transferring process (sends and retrieves) There are several steps of mail sending process： To send the mails to MTA via MUA：The user has to make the following settings , when edit the mails through MUA ：...
Page 348 CS-2000 UTM Content Security Gateway User’s Manual The Protocol used in the mail send / retrieve process： 1. Send E-Mail：It means the process of users send the mails to MTA via MUA and transfer the mails to the next MTA. Most of the mail server use the SMTP Protocol ( Simple Mail Transfer Protocol ) ，and the port number is 25 .
Page 349: Anti-Spam Examples
To detect if the received mails are spam mails on mail server. Example. 2 Set the CS-2000 to be the gateway, and use the whitelist and blacklist to filter the mails. (Set the mail server in DMZ and use transparent mode.) Example.
Page 350 CS-2000 UTM Content Security Gateway User’s Manual Example 1 To detect if the received mails are spam mails on mail server. Step1 To allow the LAN PC can receive mails from the external mail server. Set the network adapter IP correspond to the external DNS server.
Page 351 Set the anti-spam mail action The default setting of Anti-Spam is enabled. The MIS engineer only need to add the mail relay setting, then the CS-2000 will start the anti-spam action to the internal mail server and external mail server. - 345 -...
Page 352 Internal Mail Server, please always enable Deliver to the recipient option, because it is the default setting. On the other hand, the user can select to Store in the quarantine. The CS-2000 will add the message to the subject line when it detects the spam mail, whatever the spam mail action that MIS engineer has selected.
Page 353 CS-2000 UTM Content Security Gateway User’s Manual Step5 When the internal user receive mails from the external mail account js1720@ms21.pchome.com.tw , the CS-2000 will filter these mails and results the list in Anti-Spam Spam Mail.（Click Inbound and External） The spam mail list...
Page 354 CS-2000 UTM Content Security Gateway User’s Manual Step7 Click Sender mail address of magafifa@pchome.com.tw, it shows the Attached, Received Time, Subject, Mail Size, and Quarantine information. Select the mails saved in Quarantine to training. In Spam List, click Training. In the spam list confirm window, click OK, then the mails will be training to be the non-spam mails.
Page 355 CS-2000 UTM Content Security Gateway User’s Manual Spam mail for training Retrieve the spam mail - 349 -...
Page 356 CS-2000 UTM Content Security Gateway User’s Manual Example 2 Set the CS-2000 to be the gateway, and use the whitelist and blacklist to filter the mails. (Set the mail server in DMZ and use transparent mode.) Step1 In DMZ, set a mail server, the network adapter IP is 61.11.11.12, DNS correspond to the external DNS server, and server name is test.com.
Page 357 CS-2000 UTM Content Security Gateway User’s Manual Step5 In Policy DMZ To WAN , add the following settings： Set the DMZ To WAN policy Step6 In Configure Mail Relay , add the following settings： The mail relay setting of the external mails send to internal mail server In Mail Relay, it can relay the mail to the assigned domain name which corresponds to the mail server.
Page 358 In Action of Spam Mail, when select Delete the Spam mail, the MIS engineer can not select Deliver to the recipient, Store in the quarantine and Notice to the sender. In other words, the CS-2000 will delete all the spam mails. In the Spam Mail, it still shows the related Lists.
Page 359 CS-2000 UTM Content Security Gateway User’s Manual Step8 In Anti-Spam Whitelist , add the following settings： Click New Entry. Whitelist, enter share2k01@yahoo.com.tw Direction, select From. Enable Auto-Training. Click OK. Click New Entry again. Whitelist, enter share2k01@yahoo.com.tw Direction, select To. Enable Auto-Training.
Page 360 CS-2000 UTM Content Security Gateway User’s Manual Add whitelist setting 2 Add whitelist setting 3 Add whitelist setting 4 Complete the whitelist setting - 354 -...
Page 361 CS-2000 UTM Content Security Gateway User’s Manual The MIS engineers can Import Whitelist From Client, in order to manage the related settings. On the other hand, the CS-2000 can clear the List and Import Whitelist From Client, when the Whitelist is in disorder.
Page 362 CS-2000 UTM Content Security Gateway User’s Manual Step9 In Anti-Spam Blacklist , add the following settings： Click New Entry. Blacklist, enter *yahoo*. Direction, select From. Enable Auto-Training. Click OK. Click New Entry. Blacklist, enter *yahoo*. Direction, select To. Enable Auto-Training.
Page 363 The MIS engineers can Export Blacklist To Client, in order to manage the related settings. On the other hand, the CS-2000 can clear the list and Import Blacklist From Client, when the Blacklist is disorder. When enable Auto-Training, the CS-2000 will identify the Blacklist to be the spam mails through training function depends on the training time setting.
Page 364 In other words, the CS-2000 will identify the mails send to steve@test.com to be the spam mails and save it in quarantine. After the CS-2000 filtered this mails, it will results the list in Anti-Spam Spam Mail. （Click Inbound Internal , to see the internal List .）...
Page 365 Attached, Subject, Received Time, Mail Size and Quarantine. Select the mail saved in quarantine to training. In Spam List, click Training. In confirm training dialogue box, Click OK, the CS-2000 will identify mails to be non–spam mails. Select the mails saved in quarantine to retrieve. In Spam List, click Retrieve.
Page 366 When use the Training or Retrieve function, the MIS engineer must select the spam mails saved in Quarantine. In Anti-Spam Spam Mail, click Clear, and then the CS-2000 will delete all the list records. In other words, the MIS engineer can not find this deleted file in Spam Mail function. - 360 -...
Page 367 CS-2000 UTM Content Security Gateway User’s Manual Example 3 Set the CS-2000 between the company’s original gateway and mail server. Use the global rule to filter mails. (Set the mail server in DMZ, and use transparent mode.) The Company’s LAN segment：172.16.1.0/16 in original gateway WAN port IP is 61.11.11.11...
Page 368 CS-2000 UTM Content Security Gateway User’s Manual Step4 In Policy WAN To DMZ , add the following setting： Set the WAN To DMZ policy Step5 In Policy DMZ To WAN , add the following settings： Set the DMZ To WAN policy...
Page 369 CS-2000 UTM Content Security Gateway User’s Manual Step7 In Anti-Spam Setting , add the following settings： The action of anti-spam setting The mails which fit to the Global Rule, will be processed depends on Global Rule Action . - 363 -...
Page 370 CS-2000 UTM Content Security Gateway User’s Manual Global Rule , add the following settings ： Step8 In Anti-Spam Click New Entry. Rule Name, enter HamMail. Comments, enter Ham Mail. Combination, select Or. Classification, select Ham (Non-Spam). Enable Auto-Training. In first Item, select From. Condition, select Contains. Pattern, enter share2k01.
Page 371 Complete the first global rule setting In Global Rule setting, when the MIS engineer select Classification Ham (Non-Spam), the Action function would be disabled. It is because the CS-2000 will send the non-spam mails to recipient directly without any additional process. - 365 -...
Page 372 CS-2000 UTM Content Security Gateway User’s Manual Step9 In Anti-Spam Global Rule , add the following settings： Click New Entry. Rule Name, enter SpamMail. Comments enter Spam Mail. Combination, select Or. Action, select Store in quarantine. Classification, select Spam. Enable Auto-Training.
Page 373 IP address in RBL . In Global Rule, the CS-2000 will make the comparison depends on rule priority. Select one of the mails from Outlook Express，and right click on the mail Properties Details，...
Page 374 In other words, the CS-2000 will identify the mails send to steve@test.com to be the spam mails and save it in quarantine. After the CS-2000 filtered this mails, it will results the list in Anti-Spam Spam Mail. （Click Inbound Internal, to see the Internal list.）...
Page 375 Attached, Subject, Received Time, Mail Size and Quarantine. Select the mail saved in quarantine to training. In Spam List, click Training. In confirm training dialogue box, Click OK, the CS-2000 will identify mails to be non–spam mails. Select the mails saved in quarantine to retrieve. In Spam List, click Retrieve.
Page 376 When use the Training or Retrieve function, the MIS engineer must select the spam mails saved in Quarantine. In Anti-Spam Spam Mail, click Clear, and then the CS-2000 will delete all the list records. In other words, the MIS engineer can not find this deleted file in Spam Mail function. - 370 -...
Page 377 CS-2000 UTM Content Security Gateway User’s Manual Example 4 Use spam or non-spam mail training to improve the Bayesian filtering. （ For example, Outlook Express） To identify the mails to be spam mails through training. Step1 In Outlook Express , add a new folder called SpamMail：...
Page 378 CS-2000 UTM Content Security Gateway User’s Manual The create folder window - 372 -...
Page 379 CS-2000 UTM Content Security Gateway User’s Manual Step2 In Outlook Express Inbox , move the spam mails to the spam mail folder： In Inbox, right click on all the selected spam mails, and select Move to Folder. In Move window, select Spam mail folder, click OK.
Page 380 CS-2000 UTM Content Security Gateway User’s Manual Step3 In Outlook Express SpamMail folder, to compact the spam mail folder and import it to CS-2000‘s training system. Click Spam Mail folder. In File, select Folder Compact. Select spam mail folder Compact the spam mail folder...
Page 381 CS-2000 UTM Content Security Gateway User’s Manual Step4 In Outlook Express SpamMail , copy the folder path and import it to CS-2000’s training system ： Right click on SpamMail folder, and select Properties. In SpamMail Properties, copy the folder saved path.
Page 382 ASCII. If the CS-2000’s training data is a kind of .pst files which exported from the Microsoft Office Outlook，the MIS engineer must close the Microsoft Office Outlook then import the training data to CS-2000.
Page 383 CS-2000 UTM Content Security Gateway User’s Manual Step6 In Outlook Express SpamMail , delete all the spam mails , in order to easy compact and import the training data into CS-2000 : In SpamMail folder, right click on all the selected mails, and select Delete.
Page 384 CS-2000 UTM Content Security Gateway User’s Manual To identify the mails to be the non-spam mails through training. Step1 In Outlook Express , add a new folder called HamMail： Right click on Local Folders, and select New Folder. In Create Folder Folder name, enter HamMail, and then click OK.
Page 385 CS-2000 UTM Content Security Gateway User’s Manual Inbox , move the non- spam mails to the ham mail folder ： Step2 In Outlook Express In Inbox, right click on all the selected non-spam mails, and select Move to Folder. In Move window, select Ham Mail Folder, click OK.
Page 386 CS-2000 UTM Content Security Gateway User’s Manual Step3 In Outlook Express HamMail folder, to compact the ham mail folder and import it to CS-2000‘s training system. Click Ham Mail folder. In File, select Folder Compact. Select the ham mail folder...
Page 387 CS-2000 UTM Content Security Gateway User’s Manual Step4 In Outlook Express HamMail , copy the folder path and import it to CS-2000’s training system ： Right click on HamMail folder, and select Properties. In HamMail Properties, copy the folder saved path.
Page 388 Ham Mail for Training , enter the following settings： In Import Ham Mail for Training, paste the HamMail folder saved path. Click OK, to import the folder into CS-2000 and define the mails to be ham mails depends on the assigned training time.
Page 389 CS-2000 UTM Content Security Gateway User’s Manual Step6 In Outlook Express HamMail, delete all the ham mails , in order to easy compact and import the training data into CS-2000 : In HamMail folder, right click on all the selected mails, and select Delete.
Page 390 CS-2000 UTM Content Security Gateway User’s Manual Example 5 Use spam or non-spam mail account training to improve the Bayesian filtering. Step1 To add a spam mail responds account in the mail server .（For example, spam@test.com）. Step2 To add a ham mails respond account in the mail server .（For example, ham@test.com）.
Page 391 CS-2000 UTM Content Security Gateway User’s Manual The ham and spam mail account for training - 385 -...
Page 392 CS-2000 UTM Content Security Gateway User’s Manual To identify the mails to be spam mails through training Step5 In Outlook Express Inbox , to send the attached spam–mails to spam mails respond account via forwarding ： In Inbox, Right click on the selected spam mails and select Forward As Attachment.
Page 393 CS-2000 UTM Content Security Gateway User’s Manual Forward the spam mails - 387 -...
Page 394 CS-2000 UTM Content Security Gateway User’s Manual To identify the mails to be ham mails through training Step6 In Outlook Express Inbox , to send the attached ham–mails to ham mails respond account via forwarding ： In Inbox, Right click on the selected ham-mails and select Forward As Attachment.
Page 395 CS-2000 UTM Content Security Gateway User’s Manual Forward the ham mails Step7 The CS-2000 will receive mails from the respond mail account on time , and identify these mails to be spam mails （） or ham mails （） depends on the assigned spam@test.com...
Page 396: Anti -Virus
CS-2000 UTM Content Security Gateway User’s Manual 7.3 Anti-Virus The CS-2000 can detect mails from the internal and external mail server. It can also prevent the company to be paralyzed by the virus mails. In this Chapter, we will make the introduction of Anti-Virus.
Page 397: Setting
Clam：It is free charge to use the function. (Default setting is free charge to use). Sophos：Users have to pay the charge. The MIS engineer can check if the CS-2000 can connect to the virus definition server through Test function. - 391 -...
Page 398 The MIS engineer can select to deliver virus mails to the recipient (Deliver a notification mail instead of the original virus mail or just deliver the original virus mail), or store in the quarantine, when the CS-2000 has detected the inbound mail infected.
Page 399 CS-2000 UTM Content Security Gateway User’s Manual If the internal and external recipient received the infected mails, the CS-2000 would add the messages to the subject line. The infected mails with the messages in subject line The Virus Scan Engine included Clam, Sophos and Clam+Sophos.
Page 400: Virus Mail
7.3.2 Virus Mail Search It can search the record stored in CS-2000 depends on Recipient , Sender , Subject , Virus Name , Date , Virus , Non-Virus , Attached , Non-Attached , such keywords or phrases . Add the following settings：...
Page 401 Select the specific mails in Virus List and Search Search Results. 1. Use the Retrieve function，to send the virus mails to assigned mail account. (The CS-2000 can only send the mails stored in quarantine.) In Virus List and Sender List, the CS-2000 can make the sorting by Recipient, Sender, Total Virus and Total Mail.
Page 402: Anti-Virus Examples
To detect the infected mails on mail server. Example. 2 Use CS-2000 to be the gateway , in order to detect the infected mails in internal or external mail server.( Set the mail server in LAN and use the NAT mode)
Page 403 CS-2000 UTM Content Security Gateway User’s Manual Example 1 To detect the infected mails on mail server. Step1 To allow the LAN PC can receive the mails from external mail server, and set the network adapter DNS correspond to external DNS server.
Page 404 CS-2000 UTM Content Security Gateway User’s Manual Step4 In Anti-Virus Setting , add the following settings： The setting of infected mails inspection and action - 398 -...
Page 405 On the other hand, the user can select to Store the Infected Mail in the quarantine. The CS-2000 can add the messages to the subject line or deliver a notification mail instead of the original virus mail or deliver the original virus mail whatever the actions we selected.
Page 406 CS-2000 UTM Content Security Gateway User’s Manual Step5 When the internal user receive mails from the external mail account js1720@ms21.pchome.com.tw , the CS-2000 will filter these mails and results the list in Virus Mail. （Click Inbound and External） Anti-Virus The virus mail list...
Page 407 CS-2000 UTM Content Security Gateway User’s Manual Step7 Click Sender mail address of magafifa@pchome.com.tw , it shows the Attached , Received Time , Subject , Virus Name , Mail Size , and Quarantine information . Select the mails saved in quarantine to retrieve. In Virus List, click Retrieve.
Page 408 CS-2000 UTM Content Security Gateway User’s Manual Example 2 Use CS-2000 to be the gateway, in order to detect the infected mails in internal or external mail server. (Set the mail server in LAN and use the NAT mode) CS-2000 WAN1 IP is 61.11.11.12 CS-2000 LAN segment is 192.168.2.0 / 24...
Page 409 CS-2000 UTM Content Security Gateway User’s Manual Step4 In Virtual Server Server 1 , add the following setting： Virtual server setting Step5 In Policy Incoming , add the following setting： Set the incoming policy Step6 In Policy Outgoing , add the following setting：...
Page 410 Deliver to the recipient, Forward to, Store in the quarantine and Notice to the sender. In other words, the CS-2000 will delete all the infected mails after it has detected the virus mails. In Virus Mail, the MIS engineer still can see some related Lists.
Page 411 The sender account (share2k01@yahoo.com.tw) send the virus mail. The sender account (share2k003@yahoo.com.tw ) send the non-virus mail. Virus Mail. （Click After the CS-2000 filtered this mails, it will results the list in Anti-Virus Inbound Internal, to see the internal list.） The virus mail list Step10 Click Recipient mail address of josh@test.com...
Page 412 When use the Retrieve function, the MIS engineer must select the infected mails saved in Quarantine In Anti-Virus Virus Mail, click Clear, and then the CS-2000 will delete all the List records. In other words, the MIS engineer can not find this deleted file in Virus Mail function.
Page 413: Mail Report
CS-2000 UTM Content Security Gateway User’s Manual 7.4 Mail Report The CS-2000 can display the mail scanned record by statistics and logs, it can let the user easy to know the status of mail process. In this Chapter, we will make the introduction of Mail Report.
Page 414: Setting
1. Enable sending periodic report by mail, select Yearly report, Monthly report, Weekly report, Daily report. 2. Click OK. 3. When the time arrived, the CS-2000 will send the report to recipient. 4. In History Report, select the date to send the report. 5. Click Send Report.
Page 415 CS-2000 UTM Content Security Gateway User’s Manual To send the period report Receive the period report - 409 -...
Page 416 CS-2000 UTM Content Security Gateway User’s Manual The first page in period report - 410 -...
Page 417 CS-2000 UTM Content Security Gateway User’s Manual The second page in period report The mail report will attached as PDF format to send to the recipient. - 411 -...
Page 418 CS-2000 UTM Content Security Gateway User’s Manual The history report setting Received the history report - 412 -...
Page 419 CS-2000 UTM Content Security Gateway User’s Manual The first page in history report The mail report will attached as PDF format to send to the recipient. - 413 -...
Page 420: Statistics
7.4.2 Statistics Step1 In Mail Report Statistics, it shows the scanned mail statistics report in CS-2000. Step2 In Statistics, click Day, to view the daily report. Click Week, to view the weekly report. Click Month, to view the monthly report. Click Year, to view the yearly report.
Page 421 CS-2000 UTM Content Security Gateway User’s Manual Step3 The mail scanned statistics. Ordinate：The amount of scanned mails. Horizontal ordinate：Time. The mail scanned statistics - 415 -...
Page 422: Log
7.4.3 Log Search It can search all the records correspond to the condition in CS-2000, depends on the Recipient , Sender , Subject , IP Address , Date , Attribute , Action , Attached or Non-Attached . Add the following settings：...
Page 423 In Log, click Sender mail address, then it shows the Recipient List. If the user clicks Recipient mail address, then it shows the Sender List. In Log, Recipient List and Sender List, the CS-2000 can make sorting by the Sender, Recipient, Subject, and Date.
Page 424 CS-2000 UTM Content Security Gateway User’s Manual Step1 In Mail Report Log, it shows the mail scan status in CS-2000. The scanned mail log In Log, to display the spam and virus mails stored in quarantine, which can be Retrieved by the specific recipient or click Subject to view the mail contents.
Page 425 CS-2000 UTM Content Security Gateway User’s Manual The Icon description in Log： 1.Attribute： Icon Description Allowed Spam Virus Unscanned Invalid Recipient 2.Action ： Icon Description Delete Deliver Forward Store Retrieved 3.Attached： - 419 -...
Page 426: Chapter 8: Idp
Chapter 8: IDP 8.1 Configure The CS-2000 can detect the anomaly flow packets and notice the MIS engineer to handle the situation, in order to prevent any suspicious program to invade the destination PC. In other words, the CS-2000 can provide the instant network security protection as detects any internal or external attacks, in order to enhance the enterprises network stability.
Page 427 The CS-2000 can send the NetBIOS notification through e-mail when system detected the attacks and infected files. The MIS engineer can click Test, in order to make sure the CS-2000 can connect to the signature definition server normally. - 421 -...
Page 428 CS-2000 UTM Content Security Gateway User’s Manual Set default action of all signatures The internet attack risks included High, Medium and Low. The MIS engineer can select the action of Pass, Drop, Log or Alarm to the default signatures. In System...
Page 429 CS-2000 UTM Content Security Gateway User’s Manual When the CS-2000 detected the attack types corresponded to the signature, then it will send the NetBIOS notification through e-mail and results the Log in IDP IDP Report. Send the IDP notification The MIS engineer must enable the alarm function to send mail notification in Anomaly, Pre-defined and Custom.
Page 430 CS-2000 UTM Content Security Gateway User’s Manual Send the NetBIOS notification to MIS engineer The IDP Log The MIS engineer must enable the Log function in Anomaly, Pre-defined and Custom, in order to result the IDP log. - 424 -...
Page 431: Signature
CS-2000 UTM Content Security Gateway User’s Manual 8.2 Signature The CS-2000 can provide the correspond comparison rules included Anomaly, Pre-defined and Custom according to different attack types. The Anomaly can detect and prevent the anomaly flow and packets via the signature updating. The Pre-defined can also detect and prevent the intrusion through the signature updating.
Page 432: Anomaly
User can manage the specific anomaly flow packets. User can modify the action of pass, drop, log or alarm. The CS-2000 can display all the anomaly detection signature attribute of name, enable, risk, action, log and alarm. The anomaly signature setting...
Page 433: Pre-Defined
X11. On the other hand, every type included its attack signature. User can modify the signature action of pass, drop, log or alarm in every type. The CS-2000 can display all the attack signature attribute of name, risk, action, log and alarm. - 427 -...
Page 434 CS-2000 UTM Content Security Gateway User’s Manual The pre-defined setting In Configure Setting, the CS-2000 will access the default action of risk setting when the user modifies the Pre-defined. User can modify the action of every signature depends on the user demand after the IDP configuration.
Page 435 CS-2000 UTM Content Security Gateway User’s Manual Name The MIS engineer can define the signature name. Protocol The detection and prevention protocol setting includes TCP, UDP, ICMP and IP. Source Port To set the attack PC port.（Range:0~65535）. Destination Port To set the attacked (victim) PC port.（Range:0~65535）...
Page 436 CS-2000 UTM Content Security Gateway User’s Manual Example 1 To detect the anomaly flow and packets with the custom and pre-defined settings, in order to detect and prevent the intrusion. Step1 In Configure Setting , add the following settings： The IDP configure setting...
Page 437 CS-2000 UTM Content Security Gateway User’s Manual Step2 In Signature Anomaly , add the following settings： The anomaly setting - 431 -...
Page 438 CS-2000 UTM Content Security Gateway User’s Manual Step3 In Signature Custom , add the following setting： Click New Entry. Name, enter Software_Crack_Website. Protocol, select TCP. Source Port, enter 0:65535. Destination Port, enter 80:80. Risk, select High. Action, select Drop, Log and Alarm.
Page 439 CS-2000 UTM Content Security Gateway User’s Manual Step4 In Policy Outgoing , add the new policy and enable IDP： The IDP setting in policy Complete the IDP setting in policy - 433 -...
Page 440: Idp Report
CS-2000 UTM Content Security Gateway User’s Manual 8.3 IDP Report The CS-2000 can display the IDP record by statistics and log. So that the enterprises can easily know the whole network status. In this Chapter, we will make the introduction of IDP Report.
Page 441: Setting
Enable sending period report by mail, select Yearly report, Monthly report, Weekly report, Daily report. Click OK. 3. When the time arrived, the CS-2000 will send the report to recipient. 4. In History Report, select the date to send the report. 5. Click Send Report.
Page 442 CS-2000 UTM Content Security Gateway User’s Manual The periodic report setting Receive the periodic report - 436 -...
Page 443 CS-2000 UTM Content Security Gateway User’s Manual The IDP report content - 437 -...
Page 444 CS-2000 UTM Content Security Gateway User’s Manual The history report setting Receive the history report - 438 -...
Page 445 CS-2000 UTM Content Security Gateway User’s Manual The history report content The IDP report will attached as PDF format to send to the recipient. - 439 -...
Page 446: Statistics
8.3.2 Statistics Step1 In IDP Report Statistics, it shows the scanned mail statistics report in CS-2000. Step2 In Statistics, click Day, to view the daily report. Click Week, to view the Weekly report. Click Month, to view the Monthly report. Click Year, to view the Yearly report.
Page 447 CS-2000 UTM Content Security Gateway User’s Manual The IDP statistics - 441 -...
Page 448: Log
CS-2000 UTM Content Security Gateway User’s Manual 8.3.3 Log Search The CS-2000 can search the records correspond to the condition depends on the Event , Signature Classification , Attack IP , Victim IP , Interface , Date and Risk . Add the following settings：...
Page 449 CS-2000 UTM Content Security Gateway User’s Manual To search the specific record - 443 -...
Page 450 CS-2000 UTM Content Security Gateway User’s Manual In Log Search, click Time link, then it shows the Event Detail. The event detail - 444 -...
Page 451 CS-2000 UTM Content Security Gateway User’s Manual In Log, the CS-2000 can make the sorting by Time, Event, Signature Classification, Interface, Attack IP, Victim IP Port and Action. Step1 In IDP Report Log, it shows the IDP status in CS-2000.
Page 452: Chapter 9: Anomaly Flow Ip
CS-2000 UTM Content Security Gateway User’s Manual Chapter 9: Anomaly Flow IP When the CS-2000 received the intrusion packets from internal PCs, it will block this abnormal packets, to prevent the Company‘s network be paralyzed. In this chapter, we will make the introduction and settings of Anomaly Flow IP.
Page 453 CS-2000 UTM Content Security Gateway User’s Manual Example 1 The CS-2000 can make the alert and also prevent the DDoS attack packets from the internal virus-infected PCs. Setting ： Step1. In Anomaly IP The threshold sessions of virus-infected is ( default is 100 sessions/sec) Select Enable Virus-infected IP Blocking ( Blocking Time 600 seconds) Select Enable E-Mail alert notification.
Page 454 After complete the setting of anomaly flow IP, the system will show the alert message in Anomaly Flow IP Virus-Infected IP or instant send the NetBIOS alert notification to the virus-infected PC and MIS engineer’s PC when the CS-2000 detect the amount of DDoS attack occurred. The virus-infected IP...
Page 455 Configure SNMP Enable SNMP Trap Alert Notification, then the CS-2000 will show the instant alert message on the SNMP Trap client software installed in administrative PC. The SNMP Trap client receive the virus alert by the client software - 449 -...
Page 456 CS-2000 UTM Content Security Gateway User’s Manual Step5. When internal PCs got virus-infected, the CS-2000 will show the alert message at first time (If the virus-infected user can not solve the problem then the CS-2000 will restrict the virus-infected user and it will make the link speed slow and will not show any alert message again.)
Page 457: Chapter 10: Web Vpn/Ssl Vpn
CS-2000 UTM Content Security Gateway User’s Manual Chapter 10: Web VPN/SSL VPN Since the network secure remote access high demanding large enterprise has risen up. To the users, the most reliable solution is the SSL VPN without installing any software or hardware. Only need to use the web browser and easily access the data transferring by SSL encryption.
Page 458 Setting VPN IP of Client Creates the SSL VPN between the client and the CS-2000 appliance by login authentication, VPN IP range, encryption algorithm, Protocol, server port and connecting time. And set the end user can use the IP address distribute by the DNS or WINS server, to access the internal resources through the NAT mode.
Page 459 To display the authentication name used by client. Real IP To display the client real IP. VPN IP To display the client IP distributed by the CS-2000. Uptime To display the uptime between client and CS-2000. Configure The MIS engineer can choose to disconnect the SSL VPN.
Page 460 CS-2000 UTM Content Security Gateway User’s Manual Example 1 Set the Web / SSL VPN between CS-2000 and WAN Client Step1 In Interface WAN, enable HTTPS. WAN interface setting Step2 In Authentication User , add the following settings： Authentication user setting...
Page 461 CS-2000 UTM Content Security Gateway User’s Manual Step4 In Web VPN / SSL VPN Setting , add the following settings： Click Modify. Enable Web VPN. VPN IP Range, enter 192.168.222.0 / 255.255.255.0. Encryption Algorithm, select 3DES. Protocol, select TCP. Server Port, enter the default value of 1194.
Page 462 CS-2000 UTM Content Security Gateway User’s Manual Step5 Enter the following settings in client web browser： In Address, enter http://210.66.155.77/sslvpn or http://210.66.155.77/webvpn（It is the CS-2000 interface add the sslvpn or webvpn string）. Click Enter. In Security Alert, click OK. In Security Alert, click OK.
Page 463 CS-2000 UTM Content Security Gateway User’s Manual The warning security window The warning security window - 457 -...
Page 464 CS-2000 UTM Content Security Gateway User’s Manual The warning security window The authentication window - 458 -...
Page 465 CS-2000 UTM Content Security Gateway User’s Manual The SSL VPN connection Complete the SSL VPN connection Step6 In Web VPN / SSL VPN Status, it shows the connection status： SSL VPN status - 459 -...
Page 466 CS-2000 UTM Content Security Gateway User’s Manual When the client PC is not installed the SUN JAVA runtime environment software，it will automatically download and install this software as in SSL VPN connection. The Java runtime environment plug-in CA certificate The Java runtime environment plug-in installation...
Page 467: Chapter 11: Advance
The CS-2000 provides the inbound balance to company’s web site. When the main network connection disconnected, the customer can use another connection to link to company’s web site. The CS-2000 can also provide the load balance function to the service connection, and distribute the proper load of to the internal server group.
Page 468 CS-2000 UTM Content Security Gateway User’s Manual Inbound Balance Domain Name It represents the name of DNS which the user applied it from ISP. To the User, the IP address is not suitable to memorize and manage. Because of the reason, we can use domain to instead of the IP address, and its format is xx.xx.xx.xx (For example,...
Page 469 CS-2000 UTM Content Security Gateway User’s Manual Select type：A, CNAME and MX. 1.A： To set the host name mapped to IP address. Example 1：Set up the host name mapped to IP address： Host Name Type host1.test.net.tw 61.11.11.12 host2.test.net.tw 61.11.11.13 host2.test.net.tw 211.22.22.23...
Page 470 CS-2000 UTM Content Security Gateway User’s Manual 3. MX The MX can precede the mail transfer by the DNS search. If user want to change the mail server, then he only need to modify the DNS record, in other words, the destination mail server has no need to know which mail server that the user used to transfer mails.
Page 471 CS-2000 UTM Content Security Gateway User’s Manual Name：It represents the host name in front of domain name. (User can define the name) Reverse：We can use the IP address to search the domain name. The DNS included two mapped functions：Positive and reverse. For example, if we type www.test.com...
Page 472 CS-2000 UTM Content Security Gateway User’s Manual Balance Mode Round-Robin：It use the round-robin mode depends on the weight and priority. Backup：After user confirms the backup mode and it will enabled as disconnection occurred. It shows the setting list: Name：It represents the service name used by domain name.
Page 473 CS-2000 UTM Content Security Gateway User’s Manual Advanced Description The so called DNS mapped represents the domain is managed by which DNS server, and all the domain name internet records are recorded in the DNS host. For example, the real IP address in web site or mail server, so the DNS server must correctly link to internet and its DNS record must be correct.
Page 474 CS-2000 UTM Content Security Gateway User’s Manual Add the following settings of inbound load balance： Name Type Address Reverse Weight Priority test.net.tw 6 1 .11 .11 .11 test.net.tw 211 .22 .22 .2 2 The Primary and Secondary DNS Name mapped to IP The backup can let the secondary DNS replace the primary DNS when the primary DNS is broken.
Page 475 CS-2000 UTM Content Security Gateway User’s Manual Set the following settings of InBound Load Balance： Name Type Address Weight Priority web.test.net.tw 6 1 .11 .11 .11 web.test.net.tw 211 .22 .22 .2 2 www.test.net.tw CNAME web.test.net.tw The CNAME record in www.test.net.tw F or e xample , w e can us e the nslo okup c omman d i n D O S , in o r d e r to t e s t i f th e p o s i t i ve a na l ysis r es u l ts the f ol l ow i ng s i tua t io n .
Page 476 CS-2000 UTM Content Security Gateway User’s Manual I n Fi g . 2 1 - 6 Users enter the www.test.net.tw depends on the following priority. T he 1st use r en ter 61.11 .11 .11 se r ver T he 2nd use r en ter 211 .22 .2 2 .22 server T he 3rd use r en ter 211 .22 .2 2 .22 server...
Page 477: Inbound Load Balance Examples
CS-2000 UTM Content Security Gateway User’s Manual 11.1.1 Inbound Load Balance Examples We set 4 inbound balance environments. Application Environment Pages Example. 1 Set the web server settings in InBound Load Balance A Type Backup. Set the web server settings in InBound Load Balance A Type Round-Robin.
Page 478 CS-2000 UTM Content Security Gateway User’s Manual Example 1 Set the web server settings in InBound Load Balance A Type Backup. Backup：In order to keep the network stability as the web server disconnected. We can add the backup settings in InBound Load Balance ：...
Page 479 CS-2000 UTM Content Security Gateway User’s Manual Step4 Add the first record, Name, enter www. In Address, select WAN 1, click Assist, select 61.11.11.11. The IP address will appear in Address. In Balance Mode Round Robin The first inbound balance setting Step5 Add the second record, Name, enter www.
Page 480 CS-2000 UTM Content Security Gateway User’s Manual Step6 Complete the settings. Complete the settings Step7 In Virtual Server Server 1 click here to configure. Step8 In Add New Virtual Server IP, enter the virtual server real IP (WAN 1), click OK. Click New...
Page 481 CS-2000 UTM Content Security Gateway User’s Manual Step9 In Policy Incoming, add the following settings, and click OK. Add the first policy Step10 In Virtual Server Server 2 Click here to configure. Step11 In Add New Virtual Server IP, enter the virtual server real IP (WAN 2), click OK. Click New...
Page 482 CS-2000 UTM Content Security Gateway User’s Manual Step12 In Policy Outgoing, add the following setting, and click OK. Add the second policy Step13 Complete the settings. To deploy the web server backup environment CS-2000 interface： WAN1 IP：61.11.11.11 WAN2 IP：211.22.22.22 LAN Port IP：192.168.1.1 The WAN 2 will enable as WAN 1 breaks down.
Page 483 CS-2000 UTM Content Security Gateway User’s Manual Example 2 Set the web server settings in InBound Load Balance A Type Round-Robin. Round-Robin let the web server can provide service to user depends on the priority and weight of inbound load balance. We will make the inbound load balance settings as following：...
Page 484 CS-2000 UTM Content Security Gateway User’s Manual Step4 Add the first record, Name, enter www. In Address, select WAN 1, click Assist, select 61.11.11.11. The IP address will appear in Address. In Balance Mode Round Robin The first inbound balance setting Step5 Weight, select 1, Priority, select 1 and complete the settings.
Page 485 CS-2000 UTM Content Security Gateway User’s Manual Step7 In Add New Virtual Server IP, enter the virtual server real IP (WAN 1), click OK. Click New Entry Service HTTP (80) and click OK. Server 1 setting Step8 In Policy Incoming, add the following settings , and click OK.
Page 486 CS-2000 UTM Content Security Gateway User’s Manual Step9 Add the second record, Name, enter www. In Address, select WAN 2, click Assist, select 211.22.22.22. The IP address will appear in Address. In Balance Mode Round-Robin The second inbound balance setting Step10 Weight, select 2, Priority, select 2 and complete the setting.
Page 487 CS-2000 UTM Content Security Gateway User’s Manual Step11 In Virtual Server Server 2 Click here to configure. Step12 In Add New Virtual Server IP, enter the virtual server real IP (WAN 2), click OK. Click New Entry Service HTTP (80) and click OK.
Page 488 CS-2000 UTM Content Security Gateway User’s Manual Step14 Complete the settings. To deploy the web server Round-Robin environment CS-2000 interface ： WAN1 IP：61.11.11.11 WAN2 IP：211.22.22.22 LAN Port IP：192.168.1.1 - 482 -...
Page 489 CS-2000 UTM Content Security Gateway User’s Manual Name Type Address Weight Priority www.test.com 61.11.11.11 www.test.com 211.22.22.22 The weight and priority of web server When user link to www.test.com , to look for the web server service. Web server will distribute round-robin depends on the weight and priority.
Page 490 CS-2000 UTM Content Security Gateway User’s Manual Example 3 Set the web server settings in InBound Load Balance CNAME Round-Robin . ： To deploy the web server environment. (use the CNAME) Round-Robin let the web server can provide service to user depends on the priority and weight of inbound load balance.
Page 491 CS-2000 UTM Content Security Gateway User’s Manual Step4 Add the first record, Name, enter web. In Address, select WAN 1, click Assist, select 61.11.11.11. The IP address will appear in Address. In Balance Mode Round Robin The first inbound balance setting Step5 Weight, select 1, Priority, select 1 and complete the setting.
Page 492 CS-2000 UTM Content Security Gateway User’s Manual Step7 Add the second record, Name, enter web. In Address, select WAN 2, click Assist, select 211.22.22.22. The IP address will appear in Address. In Balance Mode Round-Robin The second inbound balance setting Step8 Weight, select 2, Priority, select 2 and complete the settings.
Page 493 CS-2000 UTM Content Security Gateway User’s Manual Step10 Alias Name, enter www. Real Name, enter web.test.com. CNAME（alias）setting Step11 Complete the settings. Complete the CNAME（alias）setting Step12 In Virtual Server Server 1 Click here to configure. - 487 -...
Page 494 CS-2000 UTM Content Security Gateway User’s Manual Step13 In Add New Virtual Server IP, enter the virtual server real IP (WAN 1), click OK. Click New Entry Service HTTP (80) and click OK. Server 1 setting Step14 In Policy Incoming, add the following setting, and click OK.
Page 495 CS-2000 UTM Content Security Gateway User’s Manual Step15 In Virtual Server Server 2 Click here to configure. Step16 In Add New Virtual Server IP, enter the virtual server real IP (WAN 2), click OK. Click New Entry Service HTTP (80) and click OK.
Page 496 CS-2000 UTM Content Security Gateway User’s Manual Step18 Complete the setting. Use CNAME to deploy the web server environment CS-2000 interface ： WAN1 IP：61.11.11.11 WAN2 IP：211.22.22.22 LAN Port IP：192.168.1.1 - 490 -...
Page 497 CS-2000 UTM Content Security Gateway User’s Manual Name Type Address Weight Priority web.test.com 61.11.11.11 web.test.com 211.22.22.22 www.test.com CNAME web.test.com The weight, priority and CNAME setting of web server When user link to the CNAME of www.test.com , to look for the web server service and will correspond to the real name of web.test.com.
Page 498 CS-2000 UTM Content Security Gateway User’s Manual Example 4 Set the mail server settings in InBound Load Balance Round-Robin. To deploy the mail server, we will make the inbound load balance settings as following: Step1 In InBound Balance New Entry.
Page 499 CS-2000 UTM Content Security Gateway User’s Manual Step4 Add the first record, Name, enter main. In Address, select WAN 1, click Assist, select 61.11.11.11. The IP address will appear in Address. In Balance Mode Round Robin The first inbound balance setting Step5 Weight, select 1, Priority, select 1 and complete the setting.
Page 500 CS-2000 UTM Content Security Gateway User’s Manual Step7 Add the first record, Name, enter main. In Address, select WAN 2, click Assist, select 61.11.11.11. The IP address will appear in Address. In Balance Mode Round Robin The second inbound balance setting Step8 Weight, select 2, Priority, select 2 and complete the setting.
Page 501 CS-2000 UTM Content Security Gateway User’s Manual Step9 In InBound Balance Configuration Select type MX (Mail exchanger). Step10 Name, enter mail. Mail Server, enter main.test.com. MX（mail exchanger）setting Step11 Complete the settings. Complete the MX（mail exchanger）setting - 495 -...
Page 502 CS-2000 UTM Content Security Gateway User’s Manual Step12 In Virtual Server Server 1 Click here to configure. Step13 In Add New Virtual Server IP, enter the virtual server real IP (WAN 1), click OK. Click New Entry Service POP3 110 and click OK.
Page 503 CS-2000 UTM Content Security Gateway User’s Manual Step14 In Add New Virtual Server IP, enter the virtual server real IP (WAN 1), click OK. Click New Entry Service SMTP 25 and click OK. The second setting in Server1 Step15 In Policy Incoming, add the following setting, and click OK.
Page 504 CS-2000 UTM Content Security Gateway User’s Manual Step17 In Add New Virtual Server IP, enter the virtual server real IP (WAN 2), click OK. Click New Entry Service POP3 110 and click OK. The first setting in Server 2 Step18 In Add New Virtual Server IP, enter the virtual server real IP (WAN 2), click OK.
Page 505 CS-2000 UTM Content Security Gateway User’s Manual Step19 In Policy Incoming, add the following settings, and click OK. The third and fourth settings in policy Step20 Complete the settings. To deploy the mail server environment CS-2000 interface： WAN1 IP：61.11.11.11 WAN2 IP：211.22.22.22 LAN Port IP：192.168.1.1...
Page 506 CS-2000 UTM Content Security Gateway User’s Manual Name Type Address Weight Priority main.test.com 61.11.11.11 main.test.com 211.22.22.22 mail.test.com. main.test.com The weight, priority and MX setting of web server When user link to the CNAME of mail.test.com , to look for the web server service and will correspond to the real name of main.test.com.
Page 507: High Availability
CS-2000 UTM Content Security Gateway User’s Manual 11.2 High Availability CS-2000 offers the high availability function. If there is one of the CS-2000 device malfunction, then the backup device can replace the master device to ensure the network stability. In this chapter, we will make the specific introduction of high availability.
Page 508 After enabled high availability function, MIS engineer can respectively use two IP addresses to log in the CS-2000 master and backup devices via Web UI.（The two IP addresses must be different and at the same segment as in LAN port interface.）...
Page 509 CS-2000 UTM Content Security Gateway User’s Manual Example 1 To deploy a high availability environment： Step1 Set a CS-2000 master device connect to the Switch which connected to LAN. To deploy the master device environment in high availability mode - 503 -...
Page 510 CS-2000 UTM Content Security Gateway User’s Manual Step2 Set the high availability settings in master device： Interface IP address, enter 192.168.10.1. High Availability Enable High Availability. IP Address (for Management) enters 192.168.10.100. High Availability Mode MASTER. In Synchronize configuration settings of system, select the hour of a day, to let the master device can synchronize configure settings.
Page 511 CS-2000 UTM Content Security Gateway User’s Manual Step3 To take the master device LAN port away from the LAN Switch port and connect the backup device to LAN Switch port. To deploy the backup device environment in high availability mode...
Page 512 CS-2000 UTM Content Security Gateway User’s Manual Step4 Set the backup device settings in high availability mode. Interface LAN, to make sure the LAN IP is the same as master LAN IP. (192.168.10.1） High Availability Enable High Availability. In Permitted IPs, enter the IP 192.168.10.200, which is differing from master device but in the same segment as LAN.
Page 513 CS-2000 UTM Content Security Gateway User’s Manual The high availability deployment CS-2000 interface ： WAN1 IP：61.11.11.11 WAN2 IP：211.22.22.22 LAN Port IP：192.168.10.1 DMZ Port：Transparent Mode MASTER Management IP：192.168.10.100 BACKUP Management IP：192.168.10.200 - 507 -...
Page 514 Synchronize configuration settings of master and backup immediately. Enter the LAN IP in address (the address column in browser), and log in to the high availability mode Web UI in CS-2000 master device. Continue the unfinished settings. In High Availability, click Sync Now.
Page 515 CS-2000 UTM Content Security Gateway User’s Manual Comments 1. After finished the deployment, the backup device offers the backup function when the master device is malfunction. 2. When the synchronize configuration settings of time arrived, the master device will confirm if the backup device has the same settings, if not, the master device will synchronize configuration settings to backup device.
Page 516 CS-2000 UTM Content Security Gateway User’s Manual Use restriction: 1. High Availability mode： a. Set the WAN Port to be Static IP or non-Static IP, the device can process the system configuration and session backup. b. When set the WAN port to be the non-Static IP and enable the HA backup, the session backup will stop after regain the WAN port IP.
Page 517: Chapter 12: Monitor
MIS engineer can set the Traffic parameters in Policy, or select View Log & Report Privilege in System. Log, record the data packets contents by Policy setting. Traffic function can also record the CS-2000 destination and source data packets by System setting.
Page 518 To send the log to assigned syslog server. The settings of traffic , event and connection： MIS engineer can assign the storage lifetime and CS-2000 can refresh and delete all the record correspond to the setting, when storage lifetime arrived.
Page 519 CS-2000 UTM Content Security Gateway User’s Manual Traffic Search MIS engineer can search the record depends on the keywords of Policy, NO, Source IP, Destination IP, Port, From, To. Add the following setting： 1. Policy, select All Policy. 2. NO, select ALL.
Page 520 CS-2000 UTM Content Security Gateway User’s Manual Search the specific record - 514 -...
Page 521 CS-2000 UTM Content Security Gateway User’s Manual Event Search MIS engineer can search the record depends on the keywords of time and event. Add the following settings： 1. To enable the From and To function, to assign the time period.
Page 522 CS-2000 UTM Content Security Gateway User’s Manual Connection Search MIS engineer can search the record depends on the keywords of time and event. Add the following settings： 1. To enable the From and To function, to assign the time period.
Page 523: Log Examples
View the status of MIS engineer log into CS-2000 to process the Example. 2 Event management and external interface. Example. 3 Connection View the external interface record of bandwidth management. Example. 4 Log Backup MIS engineer can receive or save the record results from the CS-2000. - 517 -...
Page 524 CS-2000 UTM Content Security Gateway User’s Manual Example 1. Traffic View the user’s used Protocol and Port, to access the internal and external resources via CS-2000. Step1 Policy DMZ To WAN , add the following settings： Traffic setting in policy...
Page 525 CS-2000 UTM Content Security Gateway User’s Manual Step3 Monitor Traffic, it shows the packets traffic through policy. The traffic log Web UI - 519 -...
Page 526 CS-2000 UTM Content Security Gateway User’s Manual Step4 Click Source IP or Destination IP, it shows the Protocol, Port and Traffic information. The IP address traffic log Web UI - 520 -...
Page 527 CS-2000 UTM Content Security Gateway User’s Manual Step5 Click Clear, it shows the confirm window, and then click OK. All the records will be deleted in CS-2000. Delete all the traffic log - 521 -...
Page 528 CS-2000 UTM Content Security Gateway User’s Manual Example 2. Event View the status of the WAN interface and the MIS engineer action as his log into the CS-2000 appliance. Step1 Monitor Event, it shows the status of MIS engineer log into CS-2000 to process the management and external interface.
Page 529 CS-2000 UTM Content Security Gateway User’s Manual Example 3. Connection View the external interface connection record as process the bandwidth management. Step1 Monitor Connection , it shows the external interface connection status in CS-2000 Connection log Web UI - 523 -...
Page 530 CS-2000 UTM Content Security Gateway User’s Manual Step2 Click Clear, it shows the confirm window, and then click OK. All the records will be deleted in CS-2000. Delete all the connection log - 524 -...
Page 531 Configure, enable E-mail Alert Notification and enter the e-mail settings. E-mail setting Web UI Step2 Monitor Setting , add the following settings： The log backup setting Select Enable E-mail Log, CS-2000 sends e-mail log when log full 300kbytes then clear all the log. - 525 -...
Page 532: Accounting Report
CS-2000 UTM Content Security Gateway User’s Manual 12.2 Accounting Report MIS engineer can use Accounting Report to view all the internal and external user’s network accessing activities. (Includes the policy and VPN). Accounting Report can record user’s upstream/downstream, first packet / last packet/duration, service and also provides the IP traffic and distribution charts.
Page 533 Account report can record any downstream /upstream service traffic used by LAN and DMZ user via CS-2000. User Display LAN and DMZ user‘s accounting report. Site Display external server accounting report. Service Accounting report can record the service traffic used by LAN or DMZ user via CS-2000. - 527 -...
Page 534 CS-2000 UTM Content Security Gateway User’s Manual Inbound Accounting Report Account report can record any service downstream /upstream traffic used from external user to LAN or DMZ user via CS-2000. User Display the external user’s accounting report. Site Display the LAN and DMZ server accounting report.
Page 535 CS-2000 UTM Content Security Gateway User’s Manual Example 1. Outbound Step1 Accounting Report Outbound , click User , it shows the accounting report of send / retrieve packets in downstream , upstream, first packet , last packet , duration from the external server to access user IP address in CS-2000.
Page 536 CS-2000 UTM Content Security Gateway User’s Manual Outbound user’s information - 530 -...
Page 537 Accounting Report Outbound , click Site , it shows the send/retrieve packet traffic report of downstream , upstream and downstream distribution used by external server via the CS-2000 IP address Site：View the needed record, and every 10 records to be one page.
Page 538 CS-2000 UTM Content Security Gateway User’s Manual Outbound site accounting report - 532 -...
Page 539 Downstream：It means the percentage of traffic and total downstream traffic from external server to access LAN or DMZ user via CS-2000. Upstream：It means the percentage of traffic and total upstream traffic from LAN or DMZ user to access external server via CS-2000.
Page 540 CS-2000 UTM Content Security Gateway User’s Manual Example 2. Inbound Step1 Accounting Report Inbound , click User , it shows the accounting report of send / retrieve packets in downstream , upstream, first packet , last packet duration from external server to access the user IP address in CS-2000.
Page 541 CS-2000 UTM Content Security Gateway User’s Manual Inbound user accounting report - 535 -...
Page 542 CS-2000 UTM Content Security Gateway User’s Manual Inbound user’s information - 536 -...
Page 543 CS-2000 UTM Content Security Gateway User’s Manual Step2 Accounting Report Inbound , click Site , it shows the send / retrieve packet traffic report of downstream , upstream and upstream distribution used by LAN or DMZ server via the CS-2000 IP address Site：View the needed record, and every 10 records to be one page.
Page 544 DMZ server. Downstream：It means the percentage of traffic and total downstream traffic from external user to access LAN or DMZ server via CS-2000. Upstream：It means the percentage of traffic and total upstream traffic from LAN or DMZ server to access external user via CS-2000.
Page 545: Statistics
CS-2000 UTM Content Security Gateway User’s Manual 12.3 Statistics WAN statistics, it includes all the upstream / downstream packets pass through the WAN interface and traffic log in upstream / downstream. Policy statistics, it includes all the upstream / downstream packets pass through the Policy and traffic log in upstream/downstream.
Page 546 Bytes/sec Bytes/sec Utilization Total MIS engineer can modify the ordinate stream unit in statistics charts. Utilization：The maximum stream of CS-2000 (according to the stream setting in Interface.) Total：Use the accumulated total stream to be the ordinate in time unit. - 540 -...
Page 547 CS-2000 UTM Content Security Gateway User’s Manual Example 1. WAN Step1 Statistics WAN, it shows all the downstream / upstream packets and statistics pass through WAN interface. Time：View the statistics charts according to the unit of minute, hour, day, week, month, and year.
Page 548 CS-2000 UTM Content Security Gateway User’s Manual View the network flow - 542 -...
Page 549 CS-2000 UTM Content Security Gateway User’s Manual Example 2. Policy Step1 As enabled Policy Statistics option, then the Policy statistics charts enabled in Statistics Policy. The policy statistics If the MIS engineer wants to enable the Policy Statistics, then he must enable the statistic option in Policy.
Page 550 CS-2000 UTM Content Security Gateway User’s Manual Step3 Network flow statistic charts. Ordinate：Network flow. Horizontal ordinate：Time（hour/minute）. View the policy statistics charts - 544 -...
Page 551: Diagnostic
CS-2000 UTM Content Security Gateway User’s Manual 12.4 Diagnostic The MIS engineer can set the CS-2000 proactively send the packets (Ping and Traceroute) to detects the status of WAN interface. We will make the introduction of Diagnostic function. - 545 -...
Page 552 Example 1. Ping Step1. In Diagnostic Ping, the MIS engineer can set the CS-2000 send the packets to specific address, to detects the status of WAN interface： Enter the Destination IP / Domain name. Enter the Packet size. ( Default setting is 32 Bytes ) Enter Count value.
Page 553 CS-2000 UTM Content Security Gateway User’s Manual Ping results - 547 -...
Page 554 CS-2000 UTM Content Security Gateway User’s Manual If the MIS engineer select VPN of Interface, then he must enter the local CS-2000 LAN interface IP , and enter the remote LAN IP (which can send or receive packets via VPN) in to Destination IP / Domain name column.
Page 555 Example 2. Traceroute Step1. In Diagnostic Traceroute, the MIS engineer can set the CS-2000 send the packets to specific address by traceroute command, to detects the status of WAN interface： Enter the Destination IP / Domain name. Enter the Packet size.( Default setting is 40 Bytes ) Enter the MAX Time-to-Live.( Default setting is 30 Hops)
Page 556 CS-2000 UTM Content Security Gateway User’s Manual Traceroute results - 550 -...
Page 557: Wake On Lan
CS-2000 UTM Content Security Gateway User’s Manual 12.5 Wake on Lan The MIS engineer can use the CS-2000 appliance to start up the internal PCs ( by sending packets) which included the network bootable network adapter and can additionally use the remote monitor software such as VNC, Terminal Service and PC Anywhere.
Page 558 CS-2000 UTM Content Security Gateway User’s Manual Example 1 Remote monitor the internal PC Step1. The internal PC to be remote monitored, and its MAC is 00:30:4F:25:96:3B. Step2. In Wake on Lan Setting, add the following settings : Click New Entry.
Page 559: Status
2. System Info：It shows the CPU utilization, memory utilization and Ramdisk utilization. 3. Authentication：It records the authentication information in CS-2000. 4. ARP Table：It records all the ARP information in host PC which connected to the CS-2000. 5. Sessions Info：It records all the session packets pass through CS-2000.
Page 560: Interface
Rx Pkts , Err.Pkts：It shows the received packets and error packets of interface. Tx Pkts , Err.Pkts：It shows the transferred packets and error packets. Ping , HTTP , HTTPS：It shows if the user can ping the CS-2000 interface, or enter the Web UI through HTTP and HTTPS.
Page 561 CS-2000 UTM Content Security Gateway User’s Manual The interface information - 555 -...
Page 562: System Info
CS-2000 UTM Content Security Gateway User’s Manual 12.6.2 System Info Step1 Status System Info, it shows the real system information. CPU Utilization：The CPU utilization in CS-2000. HardDisk Utilization：The hard disk utilization in CS-2000. Memory Utilization ：The memory utilization in CS-2000.
Page 563 CS-2000 UTM Content Security Gateway User’s Manual The system information - 557 -...
Page 564: Authentication
Authentication – User Name：It represents the authenticated login name used by authentication user. Login Time ：It represents the user’s login time (year / month / day / hour / minute / second.) The authentication status Web UI Click Remove, to delete the policy authenticated by CS-2000. - 558 -...
Page 565: Arp Table
CS-2000 UTM Content Security Gateway User’s Manual 12.6.4 ARP Table Step1 Status ARP Table, it shows the information of Net BIOS name, IP address, MAC address and interface. Net BIOS Name：The PC’s network identification name. IP Address：The PC’s IP address.
Page 566: Sessions Info
CS-2000 UTM Content Security Gateway User’s Manual 12.6.5 Sessions Info Step1 Status Sessions Info, and click one of the source IP, then shows the information of sessions packets pass through CS-2000. The sessions information Web UI Step2. Click Source IP, system shows its flow by the used port to access internet resources.
Page 567 CS-2000 UTM Content Security Gateway User’s Manual Step2 Click Source IP or Destination IP, it shows the traffic statistics by user’s IP , host name or domain name to access the network resources in pop up window. Use the IP address to look up the sessions information Click Drop, can immediately stop specific session send packets.
Page 568 CS-2000 UTM Content Security Gateway User’s Manual Sessions Info Search To search the record depends on the Policy, No, Source IP, Destination IP and Port in CS-2000. Add the following settings： 1. Policy, select All Policy. 2. NO, select ALL.
Page 569: Dhcp
CS-2000 UTM Content Security Gateway User’s Manual 12.6.6 DHCP Step1 Status DHCP Clients, it shows the status of IP address distributed by the DHCP server in CS-2000. Net BIOS Name：The PC’s network identification name of IP address distributed by DHCP server.

Planet CS-2000 User Manual

Chapter 1: Introduction

Chapter 2: Hardware Installation

Chapter 3: System

Chapter 4: Interface

Chapter 5: Policy Object

Chapter 6: Policy

Chapter 7: Mail Security

Chapter 8: Idp

Chapter 9: Anomaly Flow Ip

Chapter 10: Web Vpn/Ssl Vpn

Chapter 11: Advance

Chapter 12: Monitor

Quick Links

Related Manuals for Planet CS-2000

Summary of Contents for Planet CS-2000

Table of Contents