Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Subscribe to Our Youtube Channel
Related Manuals for Vasco aXsGUARD AG-3 Series
Summary of Contents for Vasco aXsGUARD AG-3 Series
- Page 1 aXsGUARD Gatekeeper Installation Guide...
- Page 2 VASCO customers and has been provided to you and your organization for the sole purpose of helping you to use and evaluate VASCO Products. As such, it does not constitute a license to use VASCO Software or a contractual agreement to use VASCO Products.
-
Page 3: Table Of Contents
Changing the sysadmin password......................21 Licensing..............................22 Overview............................22 Downloading a System Info file......................22 Acquiring a VASCO License file......................23 8.3.1 Downloading a Commercial License File..................23 8.3.2 Downloading an Evaluation License File..................26 Uploading the License file to the aXsGUARD Gatekeeper..............29 aXsGUARD Gatekeeper Configuration....................... - Page 4 11.4 Users.............................. 53 11.5 Computers and Servers........................54 11.6 System............................55 12 Support..............................56 12.1 Overview............................56 12.2 If you encounter a problem....................... 56 12.3 Return procedure if you have a hardware failure................56 © August 2010 - VASCO Data Security...
- Page 5 Image 13: Changing the System Administrator Password............................21 Image 14: Changing the System Administrator Password: Password entry........................21 Image 15: Downloading the System Info file................................22 Image 16: VASCO's Product Registration Website..............................23 Image 17: VASCO Terms and Conditions................................... 24 Image 18: Registration Menu....................................24 Image 19: Uploading the System Info file...................................
- Page 6 Image 42: E-mail>General: SMTP and E-mail Disabled............................... 48 Image 43: Rules, Policies and Application Levels............................... 50 Image 44: Policy Application to Security Levels................................51 Image 45: Restrictive powers and broadness of application............................52 © August 2010 - VASCO Data Security...
- Page 7 Gatekeeper Installation Guide v2.7 Index of Tables Table 1: System General Fields................................37 Table 2: Network > Devices > Eth > eth0 Fields............................ 39 Table 3: Network > Devices > Eth > eth1 Fields............................ 42 © August 2010 - VASCO Data Security...
-
Page 8: Introduction
Image 1: aXsGUARD Gatekeeper AG-3XXX Image 2: aXsGUARD Gatekeeper AG-5XXX In sections and 1.3, we introduce the aXsGUARD Gatekeeper and VASCO ® In section 2, we provide safety and environmental information. This section must be read before installing your aXsGUARD Gatekeeper. - Page 9 In section 6, we explain how to access the aXsGUARD Gatekeeper Administrator Tool. In section 7, we explain how to change the default sysadmin user password. In section 8, we explain how to acquire and upload a VASCO License for your aXsGUARD Gatekeeper, to support full functionality.
-
Page 10: What Is The Axsguard Gatekeeper
VASCO VASCO is a leading supplier of strong authentication and e-signature solutions and services specializing in Internet security applications and transactions. VASCO has positioned itself as global software company for Internet security serving a customer base of approximately 10,000 companies in more than 100 countries, including approximately 1,500 international financial institutions. -
Page 11: Safety And Environmental Information
Such systems reuse or recycle most end-of-life materials in a safe way. The 'crossed-bin symbol' invites you to use such systems. © August 2010 - VASCO Data Security... -
Page 12: Temperature, Power And Humidity
Gatekeeper by these handles. Temperature, Power and Humidity VASCO recommends installing the aXsGUARD Gatekeeper in a 'server room' with air conditioning and UPS (Uninterrupted Power Supply). If the equipment is built into a server cupboard, make sure there is sufficient ventilation. -
Page 13: Before You Begin
DNS Server IP address(es) for your network DNS Suffix(es) (optional) the Maintenance Reference provided by VASCO for licensing your appliance the Serial Number provided by VASCO for licensing your appliance an appropriate network cable, with maximum length of 3.0 meters (see section 2.2) ©... -
Page 14: Connecting The Axsguard Gatekeeper To A Network
(example stickers are shown in the images below: please check the sticker labeling the interfaces on your aXsGUARD Gatekeeper to identify the correct socket). Image 3: Back of a Typical aXsGUARD Gatekeeper © August 2010 - VASCO Data Security... -
Page 15: Image 4: Example Stickers Labeling Interfaces On The Axsguard Gatekeeper Ag-3Xx3
Image 5: Example Stickers Labeling Interfaces on the aXsGUARD Gatekeeper AG-3XX4 Image 6: Example Stickers Labeling Interfaces on the aXsGUARD Gatekeeper AG-5XX6 Image 7: Example Stickers Labeling Interfaces on the aXsGUARD Gatekeeper AG-7XXX © August 2010 - VASCO Data Security... -
Page 16: Connecting To Your Network
To access the aXsGUARD Gatekeeper, a workstation needs to be temporarily configured with the same TCP/IP settings as the aXsGUARD Gatekeeper. Configure a workstation with the following settings: IP address 192.168.250.1 Subnet Mask 255.255.255.0 Gateway 192.168.250.254 DNS Server 192.168.250.254 © August 2010 - VASCO Data Security... -
Page 17: Image 9: Command Prompt And Testing Tcp/Ip Settings
Once the network settings on the aXsGUARD Gatekeeper have been configured appropriately, (explained in section 9.6.1), the workstation IP address can be reconfigured onto the network, and the aXsGUARD Gatekeeper can be accessed from any browser on the network. © August 2010 - VASCO Data Security... -
Page 18: Installation Steps: An Overview
The default sysadmin user can log on to a spare unit with access rights to: connect the appliance to a network upgrade the appliance to keep it up-to-date configure a Web proxy for connection to the VASCO Support Center, sc.vasco.com backup and restore configurations import licenses... -
Page 19: Logging Into The Administrator Tool
(see image below) to continue. After the certificate has been accepted, the aXsGUARD Gatekeeper login screen appears (see image 10). Note The procedure for accepting a certificate varies between browsers. Image 10: Certificate Screen © August 2010 - VASCO Data Security... -
Page 20: Image 11: Axsguard Gatekeeper Login Screen
Username Password (use lower case only): Username: sysadmin Password: sysadmin Press Enter or click on Log in (see image above) to proceed. The screen below displays. Image 12: Screen on sysadmin first-time logon © August 2010 - VASCO Data Security... -
Page 21: Changing The Sysadmin Password
Documentation button in the Administrator Tool. Image 14: Changing the System Administrator Password: Password entry Note: Changing the sysadmin password is possible at any time in the Administrator Tool, by navigating to the System > General screen. © August 2010 - VASCO Data Security... -
Page 22: Licensing
Overview Licensing your aXsGUARD Gatekeeper to make all features operational requires three steps: Downloading a System Info file from your aXsGUARD Gatekeeper. Acquiring a License file from VASCO's Product Registration website (https://sc.vasco.com/registration) using the: System Info file Maintenance Reference (for a commercial license only) -
Page 23: Acquiring A Vasco License File
Maintenance Reference and Serial Number provided by VASCO for your aXsGUARD Gatekeeper and click on Login. Image 16: VASCO's Product Registration Website If you have read and agree with VASCO's Terms and Conditions, tick the checkbox and click on I AGREE (see image below). ©... -
Page 24: Image 17: Vasco Terms And Conditions
Reference to register a product, the menu option to select will be Register Additional Component. Tip: If VASCO does not have full contact details on file, you may be asked to complete a form providing details, before proceeding with registration. In this case, after completion and submission of the form, an email will be sent to you with a link for validation. -
Page 25: Image 19: Uploading The System Info File
Enter or browse to the System Info file downloaded in section 8.2. Click on Next to continue. Image 19: Uploading the System Info file Right click to download and save the License file (see image below). Image 20: Downloading the License file © August 2010 - VASCO Data Security... -
Page 26: Downloading An Evaluation License File
Browse to VASCO’s Registration website: https://sc.vasco.com/registration (see image below). Select Click here for an evaluation license (see image below). Image 21: VASCO Product Registration Website Select Gatekeeper registration (see image below). Image 22: Product Selection © August 2010 - VASCO Data Security... -
Page 27: Image 23: Vasco Terms And Conditions
Licensing aXsGUARD Gatekeeper Installation Guide v2.7 If you have read and agree with VASCO's Terms and Conditions, tick the checkbox and click on I AGREE (see image below). Image 23: VASCO Terms and Conditions Enter the names of a contact and of your organization, and (optionally) a description (see image below). -
Page 28: Image 24: Uploading The System Info File
Licensing aXsGUARD Gatekeeper Installation Guide v2.7 Image 24: Uploading the System Info file Right click to download and save the evaluation License file (see image below). Image 25: Downloading the License file © August 2010 - VASCO Data Security... -
Page 29: Uploading The License File To The Axsguard Gatekeeper
Gatekeeper Installation Guide v2.7 Uploading the License file to the aXsGUARD Gatekeeper To import the aXsGUARD Gatekeeper License ('.dat') file acquired from the VASCO Product Registration website (as explained in section 8.3): Access the Administrator Tool as explained in section 5. -
Page 30: Axsguard Gatekeeper Configuration
Access the Administrator Tool as explained in section 5. Navigate to Users & Groups > Users and click on Add new. The screen below is displayed. Fields with a description in bold are mandatory (cannot be left blank). © August 2010 - VASCO Data Security... -
Page 31: Image 28: Creating A System Administrator User
(see image below). Mandatory fields are highlighted in bold on screen. Note A log of the actions performed in the aXsGUARD Gatekeeper Administrator Tool is available under System > Logs > Admin Tool. © August 2010 - VASCO Data Security... -
Page 32: Image 29: Configuration Possibilities With Full Administrator Rights
Gatekeeper Configuration aXsGUARD Gatekeeper Installation Guide v2.7 Image 29: Configuration possibilities with full administrator rights © August 2010 - VASCO Data Security... -
Page 33: Customer Information
(and submitted by clicking on Update). Customer information is sent to VASCO back-up servers and automatically entered into the support database. Keeping this information up-to-date helps VASCO to inform you about the latest product updates, features and developments. -
Page 34: Entering Customer Information
Gatekeeper is managed by field. The Dealer contact tab is then displayed for data entry. If you prefer not to receive any mailings from VASCO, uncheck the checkbox shown on the above screen to specify which information to receive. This presents check boxes for the information types, so you can select which if any you prefer to receive. -
Page 35: Menu Structure And Navigation
Navigation instructions in the rest of this manual use the following format: Navigate to Users & Groups > General This example indicates that you need to expand the main menu topic 'Users & Groups' and click on the subtopic 'General'. © August 2010 - VASCO Data Security... -
Page 36: Entering The System Information
1) Fields with a description in bold are mandatory (cannot be left blank). 2) With the Content Filtering feature operational, the aXsGUARD Gatekeeper domain must be added in E-mail > Domains (see section 9.8 ) , as e-mails originating from non-registered domains are rejected. © August 2010 - VASCO Data Security... - Page 37 This is the internal (DNS) name of the aXsGUARD Gatekeeper appliance. The name axsguard is used by default. VASCO does not recommended changing this, unless absolutely necessary, in which case no upper cases, special characters or spaces may be used. Changing the hostname requires Advanced Administrator access (see section 9.2 )
-
Page 38: Network Device Settings
Click on eth0 (secure LAN). The screen below is displayed. Configure the fields as explained in the table below. Click on Update to finish. Image 34: Network > Devices > Eth > eth0 © August 2010 - VASCO Data Security... -
Page 39: Image 35: Fixed Ip Configuration Ip Settings
1) Fields with a description in bold are mandatory (cannot be left blank). 2) If no Internet connectivity is required, the eth1 device Interface Type (see next section) can be set to Not in use. © August 2010 - VASCO Data Security... -
Page 40: Setting Up An Ethernet Internet Device
Click on the Internet device, eth1. The screen below is displayed. Configure the fields as explained in the table below. Click on Update to finish. Image 36: Network > Devices > Eth >eth1 © August 2010 - VASCO Data Security... -
Page 41: Image 37: Pppoe Configuration Account Settings
Settings tab (see second image below). These data are available from your Internet Service Provider. If PPTP Client is selected, settings should be modified appropriately under both the Account and IP Settings tabs. Image 37: PPPoE Configuration Account Settings © August 2010 - VASCO Data Security... -
Page 42: General Network Settings
If you are using the aXsGUARD Gatekeeper exclusively for authentication on your LAN, the name to be entered here is the name of the DNS server on your LAN. Click on Add and Update to finish. Image 39: Network > General © August 2010 - VASCO Data Security... -
Page 43: General E-Mail Settings
Enter a description (optional) for the domain. Select local as the type. Save the settings by clicking on Update (see image below). Image 40: E-mail > Domains > Add New: with SMTP and E-mail Server Features © August 2010 - VASCO Data Security... -
Page 44: Content Scanning Feature Active, E-Mail Server Feature Inactive
Select Unlisted computer in the Server Settings. Enter the DNS name or IP address of the e-mail server in your secure LAN. Enter the port number (Forward Port). Save the settings by clicking on the Save button. © August 2010 - VASCO Data Security... -
Page 45: Content Scanning And E-Mail Server Features Both Inactive
Enter the DNS name or IP address of the SMTP relay server used in your network (see image 42). Click on Update to save the settings. Image 42: E-mail>General: SMTP and E-mail Disabled © August 2010 - VASCO Data Security... -
Page 46: What's Next
Gatekeeper RADIUS Server. For in depth information on each of the features offered with the aXsGUARD Gatekeeper, such as Firewall, Reverse Proxy etc., please also refer to the appropriate How To guides. © August 2010 - VASCO Data Security... -
Page 47: Axsguard Gatekeeper Security Concepts
Password in combination with a static password for authentication. The aXsGUARD Gatekeeper applies Policies at 4 levels: system, computer, group and user levels (see illustration below). Image 43: Rules, Policies and Application Levels © August 2010 - VASCO Data Security... -
Page 48: Image 44: Policy Application To Security Levels
The aXsGUARD Gatekeeper system-wide security policy is valid for all users who are connected to the network, i.e. guests, visitors, etc., (see image below). This policy should therefore enforce the strictest rules. Image 44: Policy Application to Security Levels © August 2010 - VASCO Data Security... -
Page 49: Image 45: Restrictive Powers And Broadness Of Application
Gatekeeper Security Concepts aXsGUARD Gatekeeper Installation Guide v2.7 VASCO recommends the implementation of a security policy which enforces user authentication. User authentication should be widely implemented as more permissions (specific access) can be given at the user level. The image below shows the optimal implementation, with the levels (system, computer, groups and users) varying in terms of broadness of application (e.g. -
Page 50: Groups
Users first need to be registered on the aXsGUARD Gatekeeper and assigned to a group before they can authenticate and be granted firewall and Web access rights. The user automatically adopts the access rights defined for his/her group, unless these rights are overruled and customized at the user level. © August 2010 - VASCO Data Security... -
Page 51: Computers And Servers
VASCO strongly recommends application of Policies with user authentication, rather than Computer registration. Computers from which users authenticate do not need to be registered on the aXsGUARD Gatekeeper. -
Page 52: System
Gatekeeper (not authenticating) whose computer is not registered on the aXsGUARD Gatekeeper is subject to the system-wide policy. It is therefore imperative that the aXsGUARD Gatekeeper system-wide policy enforces the strictest security. © August 2010 - VASCO Data Security... -
Page 53: Support
If there is no solution in the Knowledge Base, please contact the company which supplied you with the VASCO product. If your supplier is unable to solve your problem, they will automatically contact the appropriate VASCO expert. If necessary, VASCO experts can access your aXsGUARD Gatekeeper remotely to solve any problems. - Page 54 Further Configuration................49 System Information................36 General Network Settings..............43 Temperature..................12 Humidity..................... 12 Testing TCP/IP Settings............... 17 Knowledge Base................. 56 Training....................9 LAN Interface..................14 VASCO....................10 Licensing.................... 22 Workstation TCP/IP Settings..............16 © August 2010 - VASCO Data Security...
Need help?
Do you have a question about the aXsGUARD AG-3 Series and is the answer not in the manual?
Questions and answers