Page 1 Symantec™ Gateway Security 400 Series Administrator’s Guide Supported models: Models 420, 440, 460, and 460R...
Page 2: Technical Support
Web-accessible Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering as well as Symantec Security Response to provide Alerting Services and Virus Definition Updates for virus outbreaks and security alerts.
Page 3: Contacting Technical Support
Recent software configuration changes and/or network changes Customer Service To contact Enterprise Customer Service online, go to www.symantec.com/techsupp, select the appropriate Global Site for your country, then select the enterprise Continue link. Customer Service is available to assist with the following types of issues:...
Page 5: Table Of Contents
Intrusion detection and intrusion prevention (IDS and IPS) ............12 LiveUpdate support ..........................12 Managing Symantec Gateway Security 400 Series locally ..............12 Managing Symantec Gateway Security 400 Series through SESA ..........13 Intended audience ............................14 Where to find more information ........................14 Network security best practices ........................15...
Page 6 Contents Configuring static route entries ......................44 Configuring advanced WAN/ISP settings ....................45 High availability ............................45 Load balancing ............................46 SMTP binding ............................46 Binding to other protocols ........................47 Configuring failover ..........................47 DNS gateway .............................47 Optional network settings ........................48 Chapter 4 Configuring internal connections Configuring LAN IP settings ..........................51 Configuring the appliance as a DHCP server ....................52 Monitoring DHCP usage .........................53...
Page 7 Contents Understanding Client-to-Gateway VPN tunnels .................78 Defining client VPN tunnels ........................80 Configuring global policy settings for client-to-gateway VPN tunnels ..........81 Sharing information with your clients ....................81 Monitoring VPN tunnel status ........................82 Chapter 7 Advanced network traffic control How antivirus policy enforcement (AVpe) works ..................83 Before you configure AVpe ..........................84 Configuring AVpe ............................85 Enabling AVpe ............................86...
Page 8 About joining SESA ............................161 Preparing to join SESA ..........................162 Trusted certificates ............................162 Joining Symantec Gateway Security 400 Series to SESA ............... 163 Determining your options for joining SESA ..................163 Joining SESA ............................164 Viewing SESA Agent status ......................... 165 Understanding how security gateways obtain configurations from SESA .........
Page 9: Introducing The Symantec Gateway Security 400 Series
The Symantec Gateway Security 400 Series appliances are Symantec’s integrated security solution for enterprise remote and small branch office environments, with support for secure wireless LANs. The Symantec Gateway Security 400 Series provides integrated security by offering six security functions in the base product:...
Page 10: Firewall Technology
Managing Symantec Gateway Security 400 Series locally You can manage the full set of features of the Symantec Gateway Security 400 Series using the local interface, the Security Gateway Management Interface (SGMI). You can access the SGMI from an external Web browser by entering the appliance’s WAN port IP address, and then supplying the administrator’s user...
Page 11: Managing Symantec Gateway Security 400 Series Through Sesa
Key features Managing Symantec Gateway Security 400 Series through SESA Symantec Event Manager and Advanced Manager for Security Gateways (Group 2) v2.1 are integrated with the Symantec Enterprise Security Architecture (SESA) to provide a common framework to manage multiple Symantec Gateway Security 400 Series appliances and third-party products from a single, centralized location.
Page 12: Intended Audience
If you have separately purchased an Event Collector for a third-party firewall product, you can also view events generated by that product. Symantec Event Manager for Security Gateways is installed on the SESA Manager computer. You join each local security gateway to SESA using the controls provided in the Security Gateway Management Interface (SGMI).
Page 13: Network Security Best Practices
Introducing the Symantec Gateway Security 400 Series Network security best practices Symantec™ Event Manager and Advanced Manager for Security Gateways (Group 2) v2.1 Release Notes. This document provides a summary of new and changed product features, system requirements, and issues and workarounds.
Page 14 Introducing the Symantec Gateway Security 400 Series Network security best practices...
Page 15: Administering The Security Gateway
To ensure compatibility with Web site using older HTTP, you may need to clear the proxy settings in the browser before connecting to the SGMI. Install the appliance according to the instructions in the Symantec Gateway Security 400 Series Quick Start Card or the Symantec Gateway Security 400 Series Installation Guide before connecting to the SGMI.
Page 16: Navigating The User Interface
Command buttons Right pane content Note: The wireless features do not appear in the SGMI until a compatible Symantec Gateway Security WLAN (Wireless Local Area Network) Access Point option is properly installed and configured. See the Symantec Gateway Security 300/400 Series Wireless Implementation Guide for more information.
Page 17: Understanding Left Pane Main Menu Options
Administering the security gateway Navigating the user interface Understanding left pane main menu options The menu options in the left pane of the SGMI let you do the following: Logging/Monitoring Configure logging and monitoring functions. You can set up the size and rollover rate of the system log file and view current log files, archived log files, and current system status.
Page 18: Tips For Using The Sgmi
SGMI to people who have been given the password. You must have installed the appliance and connected your browser to the SGMI to set the password. See the Symantec Gateway Security 400 Series Installation Guide for more information about setting up the appliance.
Page 19: Configuring Remote Management
Administering the security gateway Managing administrative access To set the administration password “Basic Management tab field descriptions” on page 121. To configure a password In the SGMI, in the left pane, click Administration. In the right pane, on the Basic Management tab, under Administration Password, in the admin’s Password text box, type the password.
Page 20 Managing administrative access Figure 2-2 shows a remote management configuration. Figure 2-2 Remote management SGMI Symantec Gateway Security 400 Series appliance 192.168.0.2 192.168.0.3 Protected devices To configure remote management, specify both a start and end IP address. To remotely manage from only one IP address, type it as both the start and end IP address.
Page 21: Managing The Security Gateway Using The Serial Console
Administering the security gateway Managing the security gateway using the serial console Managing the security gateway using the serial console You can configure or reset the security gateway through the serial port using the null modem cable that is supplied with the security gateway. Configuring the security gateway from the serial console is useful when installing the appliance in an existing network, because it prevents the security gateway from interfering with the network when it is connected.
Page 22 Administering the security gateway Managing the security gateway using the serial console After the terminal session has been established, on the rear panel of the appliance, quickly press the reset button. 10 At the Select? prompt, do one of the following: Local IP Address Type 1 to change the IP address of the appliance.
Page 23: Configuring A Connection To The Outside Network
See the Symantec Gateway Security 400 Series Installation Guide for worksheets to help you plan the configuration process. Symantec Gateway Security 400 Series models 420 and 440 have one WAN port to configure. Models 460 and 460R appliances have two WAN ports that you can configure separately and differently depending on your needs.
Page 24: Network Examples
Configuring a connection to the outside network Network examples Network examples This section describes the most common ways in which the Symantec Gateway Security 400 Series can be installed and deployed in your network. Figure 3-1 shows a network diagram of a Symantec Gateway Security 400 Series connected to the Internet.
Page 25 Enclave traffic from the protected network passes through the Symantec Gateway Security 400 Series appliance and through the Symantec Gateway Security 5400 Series appliance to the Internet.
Page 26 Traffic from each protected network passes through the Symantec Gateway Security 400 Series to the Internet. One Symantec Gateway Security 400 Series is managed locally by the SGMI and the other is managed by the Symantec management console.
Page 27: Understanding The Setup Wizard
In this scenario, each appliance protects its internal network and its wireless clients from unauthorized internal users. Traffic from the protected network passes through the Symantec Gateway Security 400 Series to the Internet. Again, one network is managed using SGMI and one using the Symantec management console.
Page 28: About Dual-Wan Port Appliances
You can rerun the Setup Wizard at any time after the initial installation. To run the Setup Wizard, on the WAN/ISP tab > Main Setup window, click Run Setup Wizard. See the Symantec Gateway Security 400 Series Installation Guide for more information.
Page 29: Understanding Connection Types
Configuring a connection to the outside network Understanding connection types Understanding connection types To connect the appliance to an outside or internal network, you must understand your connection type. First, determine if you have a dial-up or broadband account. Typical dial-up accounts are analog (through a normal phone line connected to an external modem) and ISDN (through a special phone line).
Page 30: Configuring Connectivity
Configuring a connection to the outside network Configuring connectivity Configuring connectivity Once you have determined your connection type, you can configure the appliance to connect to the Internet or intranet using the settings appropriate for that connection. DHCP Dynamic Host Configuration Protocol (DHCP) automates the network configuration of computers. It lets a network with many clients extract configuration information from a single DHCP server.
Page 31 Configuring a connection to the outside network Configuring connectivity By default, all settings are associated with Session 1. For multi-session PPPoE accounts, configure each session individually. If you have multiple PPPoE accounts, assign each one to a different session in the SGMI.
Page 32 Configuring a connection to the outside network Configuring connectivity Verifying PPPoE connectivity Once the appliance is configured to use the PPPoE account, verify that it connects correctly. To verify connectivity “PPPoE tab field descriptions” on page 129. “Status tab field descriptions” on page 118.
Page 33: Static Ip And Dns
Configuring a connection to the outside network Configuring connectivity Static IP and DNS When you establish an account with an ISP, you may have the option to purchase a static (permanent) IP address. This lets you run a Web or FTP server, because the address remains the same all of the time. Any type of account (dial-up or dedicated) can have a static IP address.
Page 34: Pptp
Point-to-Point-Tunneling Protocol (PPTP) is a protocol that enables secure data transfer from a client to a server by creating a tunnel over a TCP/IP-based network. Symantec Gateway Security 400 Series appliances act as a PPTP access client (PAC) when you connect to a PPTP Network Server (PNS), generally with your ISP.
Page 35: Dial-Up Accounts
Configuring a connection to the outside network Configuring connectivity For models 460 and 460R, do the following: In the right pane, on the PPTP tab, under WAN Port, in the WAN Port drop-down list, select the WAN port to connect. Under Manual Control, click Connect.
Page 36 460 and 460R appliances. Figure 3-5 Rear panel of Symantec Gateway Security models 420 and 440 appliances Serial port Figure 3-6 Rear panel of Symantec Gateway Security models 460 and 460R appliances...
Page 37 Configuring a connection to the outside network Configuring connectivity In the right pane, on the Main Setup tab, under Connection Type, click Analog/ISDN. Click Save. On the Dial-up Backup & Analog/ISDN tab, under ISP Account Information, do the following: User Name Type the account user name.
Page 38: Configuring Advanced Connection Settings
Configuring a connection to the outside network Configuring advanced connection settings To connect to the dial-up account, on the Dial-up Backup & Analog/ISDN tab, under Manual Control, click Dial. To disconnect from the dial-up account, on the Dial-up Backup & Analog/ISDN tab, under Manual Control, click Hang Up.
Page 39: Advanced Ppp Settings
Configuring advanced connection settings You can tell the appliance at any time to request a new IP address by forcing a DHCP renew. However, you should only do this if requested by Symantec Technical Support. To configure advanced DHCP settings You can configure the idle renew time and manually force a DHCP renew request.
Page 40: Configuring Dynamic Dns
DHCP Idle Renew settings to their default values. Configuring dynamic DNS Symantec Gateway Security 400 Series can use a dynamic DNS service to map dynamic IP addresses to a domain name to which users can connect. If you receive your IP address dynamically from your ISP, dynamic DNS services let you use your own domain name (mysite.com, for example) or their domain name and your subdomain to connect to your...
Page 41: Forcing Dynamic Dns Updates
When you force a dynamic DNS update, the appliance sends its current IP address, host name, and domain to the service. Do this only if requested by Symantec Technical Support. For models 420 and 440, you can force a dynamic DNS update for the WAN port. For models 460 and 460R, you can force a dynamic DNS update for WAN1, WAN2, or both ports.
Page 42: Configuring Routing
Click Save. Configuring routing If you install Symantec Gateway Security 400 Series appliances on a network with more than one directly connected router, you must specify to which router to send traffic. The appliance supports two types of routing: dynamic and static. Dynamic routing chooses the best route for packets and sends the packets to the appropriate router.
Page 43: Configuring Advanced Wan/Isp Settings
Configuring a connection to the outside network Configuring advanced WAN/ISP settings On the Routing tab, under Static Routes, do the following: Destination IP Type the IP address to which to send packets. Netmask Type the net mask of the router to which to send packets. Gateway Type the IP address of the interface to which packets are sent.
Page 44: Load Balancing
Click Save. Load balancing Symantec Gateway Security 400 Series models 460 and 460R appliances each have two WAN ports. On these appliances, you can configure HA/LB between the two WAN ports. You can set the percentage of packets that is sent over WAN1 or WAN2. You enter a percentage only for WAN1;...
Page 45: Binding To Other Protocols
Configuring a connection to the outside network Configuring advanced WAN/ISP settings On the Advanced tab, under Load Balancing, in the Bind SMTP with WAN Port drop-down list, select a binding option. Under DNS Gateway, click Save. Binding to other protocols You can use the routing functionality of the firewall to bind other traffic.
Page 46: Optional Network Settings
(DHCP) services. You can clone your computer’s adapter address to connect to your ISP with the Symantec Gateway Security 400 Series appliances. This is called MAC cloning or masking. For models 420 and 440, you configure the settings for the WAN port. For models 460 and 460R, you can configure the network settings for one or both WAN ports.
Page 47 Configuring a connection to the outside network Configuring advanced WAN/ISP settings For models 460 and 460R, do the following: To configure WAN1 or WAN 2, in the right pane, on the Main Setup tab, under Optional Network Settings, under WAN1 (External) or WAN 2 (External), do the following: Host Name text box Type a host name.
Page 48 Configuring a connection to the outside network Configuring advanced WAN/ISP settings...
Page 49: Configuring Internal Connections
Configuring port assignments Configuring LAN IP settings LAN settings let you configure your Symantec Gateway Security 400 Series appliance to work in a new or existing internal network. Each appliance is assigned an IP address and netmask by default; you can change these settings at any time.
Page 50: Configuring The Appliance As A Dhcp Server
Configuring internal connections Configuring the appliance as a DHCP server Configuring the appliance as a DHCP server Dynamic Host Configuration Protocol (DHCP) allocates local IP addresses to computers on the LAN without manually assigning each computer its own IP address. This eliminates the need to have a static (permanent) IP address for each computer on the LAN and is useful if you have a limited number of IP addresses available.
Page 51: Monitoring Dhcp Usage
If you are connecting a Symantec Gateway Security 400 Series appliances that is configured as a wireless access point to a LAN port, you can secure the wireless connection using VPN technology. See the Symantec Gateway Security 300/400 Series Wireless Implementation Guide.
Page 52 Configuring internal connections Configuring port assignments In the right pane, on the Port Assignments tab, under Physical LAN Ports, from the Port numbers drop- down list, select a port assignment. Click Save. The appliance reboots when the port settings are saved. To restore port assignment default settings In the SGMI, in the left pane, click LAN.
Page 53: Network Traffic Control
Configuring advanced options Planning network access The Symantec Gateway Security 400 Series appliance includes firewall technology that lets you configure the firewall component to meet your security policy requirements. When configuring the firewall, identify all computers (nodes) to be protected on your network.
Page 54: Defining Computer Group Membership
Network traffic control Understanding computers and computer groups Computer groups let you create outbound rules and apply them to computers who should have the same access. Instead of creating a traffic rule for each individual computer in your network, you define computer groups, assign each computer to a computer group, and then create rules for the group.
Page 55: Defining Computer Groups
Network traffic control Understanding computers and computer groups If the computer is an application server to which you want to allow access to an inbound rule, or to reserve an IP address for a computer that is not an application server, under Application Server, check Reserved Host.
Page 56: Defining Inbound Access
Network traffic control Defining inbound access To define computer groups “Computer Groups tab field descriptions” on page 138. In the left pane, click Firewall. In the right pane, on the Computer Groups tab, under Security Policy, on the Computer Group drop- down list, select the computer group that you want to configure.
Page 57: Defining Outbound Access
Network traffic control Defining outbound access On the Service drop-down list, select an inbound service. Click Add. To update an existing inbound rule In the left pane, click Firewall. In the right pane, on the Inbound Rules tab, in the Rule drop-down list, select an existing inbound rule. Click Select.
Page 58: Outbound Rule Example
Network traffic control Defining outbound access TFTP SNMP If you have services that are not on this list, or a service that does not use its default port, you can create your own custom services. You must create the custom services before creating the outbound rule. “Configuring services”...
Page 59: Configuring Services
Network traffic control Configuring services To update an existing outbound rule In the SGMI, in the left pane, click Firewall. In the right pane, on the Outbound Rules tab, under Computer Groups, on the Computer Group drop- down list, select a computer group. To see a list of rules for the selected computer group, click View.
Page 60: Configuring Special Applications
Network traffic control Configuring special applications To redirect inbound traffic to the original destination port, leave the redirect fields blank. Configuring a service Create a service before you add it to an inbound rule. Once you create a service, you can update or delete it. “Services tab field descriptions”...
Page 61 Network traffic control Configuring special applications incoming port range for that computer. Once the communication is done, the appliance starts listening again so that another computer can trigger the ports to be opened for it. Port triggers can be used very quickly (milliseconds), but for only one computer at a time. The speed with which port triggers are used gives the illusion of allowing multiple computers having the same ports opened.
Page 62: Configuring Advanced Options
Network traffic control Configuring advanced options Configuring advanced options Symantec Gateway Security 400 Series has several advanced firewall options for special circumstances. These include: Enabling the IDENT port Disabling NAT mode Blocking ICMP requests Enabling WAN broadcast storm protection Enabling IPsec pass-thru...
Page 63: Blocking Icmp Requests
ADI - Assured Digital 2 SPI (default) Standard (Symantec, Cisco Pix, and Nortel Contivity) clients 2 SPI-C Cisco Concentrator 30X0 Series clients Others Redcreek Ravlin None Note: Only change the IPsec pass-thru setting if instructed to do so by Symantec Technical Support.
Page 64: Configuring An Exposed Host
Network traffic control Configuring advanced options To configure IPsec pass-thru settings “Advanced tab field descriptions” on page 143. In the SGMI, in the left pane, click Firewall. On the Advanced tab, under IPsec Passthru Settings, select the IPsec types that you want to allow through the security gateway.
Page 65: Establishing Secure Vpn Connections
If you do not have significant network or IT experience or have never configured a security gateway (Symantec or otherwise), you should read the first half of each section before configuring the feature. At the end of “Configuring gateway-to-gateway tunnels”...
Page 66: Creating Security Policies
2 renegotiation. Phase 2 renegotiation is referred to as quick mode renegotiation. Note: Symantec Gateway Security 400 Series does not support VPN tunnel compression. To create a gateway-to-gateway tunnel between a Symantec Gateway Security 400 Series appliance and a remote Symantec Gateway Security 5400 Series appliance or Symantec Enterprise Firewall, set the compression to NONE on the remote gateway.
Page 67: Creating Custom Phase 2 Vpn Policies
Establishing secure VPN connections Creating security policies VPN Policies (Phase 2, configurable) The security gateway includes the following four pre-defined, configurable VPN policies that apply to Phase 2 tunnel negotiations: Ike_default_crypto Ike_default_crypto_strong Static_default_crypto Static_default_crypto_strong Rather than configuring data privacy, data integrity, and data compression algorithms for each tunnel you create, the security gateway lets you configure standard, reusable VPN policies and then later associate them with multiple secure tunnels.
Page 68: Viewing Vpn Policies List
Establishing secure VPN connections Identifying users To use Perfect Forward Secrecy, do the following: On the Perfect Forward Secrecy drop-down list, select a Diffie-Hellman group. Next to Perfect Forward Secrecy, click Enable. 10 Click Add. Viewing VPN Policies List The VPN Policies List section of the VPN Policies window displays a summary of each VPN Policy that is configured on the appliance.
Page 69: Defining Users
Establishing secure VPN connections Identifying users Defining users Ensure that you obtain all pertinent authentication information from your RADIUS administrator to pass on to your users with extended authentication. To define users Users must be defined on the appliance, and may also use extended authentication. Dynamic users must use extended authentication and are not defined on the appliance.
Page 70: Viewing The User List
Establishing secure VPN connections Configuring gateway-to-gateway tunnels Viewing the User List The User List section in the Client Users window displays a summary of each static user that is configured on the appliance. Table 6-3 defines each field in the summary. Table 6-3 User list fields Field...
Page 71 VPN > Dynamic Tunnels or VPN > Static Tunnels tabs. If you have another (additional) subnet on the LAN side of the Symantec Gateway Security 400 Series security gateway, VPN client tunnels to the LAN side of the security gateway are not supported for computers on this separate subnet.
Page 72: Configuring Dynamic Gateway-To-Gateway Tunnels
Establishing secure VPN connections Configuring gateway-to-gateway tunnels The Symantec Gateway Security 400 Series VPN tunnel definition must be Main Mode (default), or the VPN tunnel will not be established. While the Symantec Gateway Security 5400 Series and Symantec Enterprise Firewall accept either Main Mode or Aggressive Mode Phase 1 negotiations from a remote gateway.
Page 73: Configuring Static Gateway-To-Gateway Tunnels
When defining a global tunnel to Symantec Enterprise Firewall or Symantec Gateway Security 5400 Series appliance, for the remote gateway, enter 0.0.0.0 for the remote subnet IP address. For global tunnels to another Symantec Gateway Security 400 Series appliance, enter 0.0.0.0 for the remote subnet IP address.
Page 74 Establishing secure VPN connections Configuring gateway-to-gateway tunnels When defining static tunnels, you must enter an authentication key, as well as an encryption key (if encryption is used). The keys must match on both sides of the VPN. In addition, a Security Parameter Index (SPI) is manually typed and included with every packet transmitted between security gateways.
Page 75: Sharing Information With The Remote Gateway Administrator
When defining a global tunnel to Symantec Enterprise Firewall or Symantec Gateway Security 5400 Series appliance, for the remote gateway, enter 0.0.0.0 for the remote subnet IP address. For global tunnels to another Symantec Gateway Security 400 Series appliance, enter 0.0.0.0 for the remote subnet IP address.
Page 76: Configuring Client-To-Gateway Vpn Tunnels
Note: Wireless clients can use client-to-gateway tunnels to secure their connections. See Symantec Gateway Security 300/400 Series Wireless Implementation Guide. When Symantec Client VPN begins to negotiate a VPN tunnel with the security gateway, it does so in Aggressive mode. The security gateway will respond to this negotiation. Client-to-gateway VPN tunnels are always initiated by the client and are always in Aggressive mode.
Page 77 LAN. The appliance does not support the transmission of decrypted VPN traffic on the WAN port. This means that, if a global tunnel is defined between two Symantec Gateway Security 400 Series appliances, traffic is only allowed to pass between the LAN of one appliance and the...
Page 78: Defining Client Vpn Tunnels
Establishing secure VPN connections Configuring client-to-gateway VPN tunnels Configuration tasks for client-to-gateway VPN tunnels Table 6-9 describes the tasks that are required to configure a client-to-gateway VPN tunnel. Table 6-9 Client-to-gateway VPN tunnel configuration tasks Task SGMI Configure a VPN Policy (Phase 2 IKE negotiation) (optional) VPN > VPN Policies Select the VPN policy that applies to the tunnel VPN >...
Page 79: Configuring Global Policy Settings For Client-To-Gateway Vpn Tunnels
Establishing secure VPN connections Configuring client-to-gateway VPN tunnels To log a warning to the Symantec Gateway Security log that a user is connecting that is not compliant with AVpe policy, click Warn Only. To stop the user’s traffic if they are not compliant with the AVpe policy, click Block Connections.
Page 80: Monitoring Vpn Tunnel Status
Establishing secure VPN connections Monitoring VPN tunnel status Table 6-10 Client configuration information (Continued) Information Value RADIUS shared secret (user with extended authentication) (Optional) Phase 1 ID (Optional) Monitoring VPN tunnel status The VPN Status window lets you view the status for each configured dynamic and static gateway-to- gateway VPN tunnel.
Page 81: Advanced Network Traffic Control
AVpe monitors the AV configuration of supported Symantec connected policy masters and client workstations attempting to gain access to your corporate network. See the Symantec Gateway Security 400 Series Release Notes for the version of the product you are using to determine the supported AV products and how their configuration and usage differs from the information in this chapter.
Page 82: Before You Configure Avpe
Note: You must place UNIX/Linux clients or clients with a non-supported AV client in a computer group where AVpe is disabled. If you plan to use Symantec AntiVirus Corporate Edition servers, obtain the name of the primary and optionally the secondary servers used in your network.
Page 83: Configuring Avpe
Advanced network traffic control Configuring AVpe an active Symantec antivirus client, and have a connection to the Internet where it can download virus definition updates. If your network topology includes a configuration in which client workstations are located behind an enclave firewall, and if the firewall performs address transforms, which changes the client’s actual IP...
Page 84: Enabling Avpe
Advanced network traffic control Configuring AVpe To enable the appliance to validate whether a client is using the latest virus definitions, check Verify Latest Virus Definitions. In the Query Clients Every text box, type an interval (in minutes) for the appliance to query clients to validate whether they are using updated virus definitions.
Page 85: Configuring The Antivirus Clients
To configure the AV clients Install or configure each client’s supported Symantec antivirus product in unmanaged mode. Insert the Symantec Gateway Security 400 Series product CD into the CD-ROM drive on a client computer. In the Tools folder on the CD-ROM, copy SGS300_AVpe_client_Activation.reg to the client’s desktop.
Page 86: About Content Filtering
If this message is present, then your AVpe feature is correctly configured and operational. If you are able to connect to www.symantec.com, recheck your AVpe configuration settings and group assignments. Make sure that you uninstalled Symantec AntiVirus Corporate Edition from the client workstation, and that the client is a member of a group with AVpe enabled, with connections blocked.
Page 87: Managing Content Filtering Lists
For wild card functionality, specify only the domain name in the allow or deny list for specific sites. For example, to allow traffic to any Symantec site, add symantec.com to the allow list. This allows traffic to liveupdate.symantec.com, www.symantec.com, fileshare.symantec.com, and so on.
Page 88: Monitoring Content Filtering
Advanced network traffic control Monitoring content filtering To enable content filtering for a computer group “Computer Groups tab field descriptions” on page 138. In the left pane, click Firewall. On the Computer Groups tab, under Security Policy, in the Computer Group drop-down list, select the computer group for which you want to enable content filtering.
Page 89: Preventing Attacks
The IDS engine provides atomic packet inspection by comparing each inbound packet against a list of signatures (known attacks). Matching packets are considered intrusion attempts and dropped. The Symantec Gateway Security 400 Series has signatures for, and can detect, the following types of intrusions:...
Page 90: Trojan Horse Notification
Preventing attacks Setting protection preferences Teardrop Winnuke HTML buffer overflow TCP/UDP flood protection Trojan horse notification Any attempt to connect to a blocked port that is commonly used by Trojan horse programs is logged and classified as a possible attack. The log message warns the user that an illegal connection attempt was made and that they should audit their internal systems to verify they are not compromised.
Page 91: Enabling Advanced Protection Settings
Certain port mapping tools, such as NMAP, use invalid TCP flag combinations to detect a firewall on a network or map the security policy implemented on the firewall. Symantec Gateway Security 400 Series blocks and logs any traffic with illegal flag combinations for traffic that is not being denied by the security policy.
Page 92 Preventing attacks Enabling advanced protection settings...
Page 93: Logging, Monitoring And Updates
Chapter Logging, monitoring and updates This chapter includes the following topics: Managing logging Updating firmware Backing up and restoring configurations Interpreting LEDs LiveUpdate and firmware upgrade LED sequences Managing logging The firewall, IDS, IPS, VPN, content filtering, and AVpe features log messages when certain events occur. You can configure the events that are logged so you view only the log messages of interest.
Page 94: Using Syslog
WAN Link up (connected) WAN Link down (disconnected) A GET is a request from the SNMP server for status information from the Symantec Gateway Security 400 Series appliance. The appliance supports all SNMP v1 MIBS (information variables) using GETs. A TRAP collects status information set from Symantec Gateway Security 400 Series appliance to the SNMP server.
Page 95 Configuring SNMP There are two parts to configuring SNMP: Configuring SNMP Verifying communication between the SNMP server and the Symantec Gateway Security 400 Series appliance. Before you begin configuring SNMP, collect the following information: For TRAPs, you must have SNMP v 1.0 servers or applications running on your network to receive the network event alert messages and you need the SNMP server IP addresses to configure SNMP on the appliance.
Page 96: Managing Log Messages
Logging, monitoring and updates Managing logging In the right pane, on the Log Settings tab, under Log Type, check the types of information you want to be logged. Click Save. Setting log times Network Time Protocol (NTP) is an Internet standard protocol that ensures accurate synchronization, to the millisecond, of computer clock times in a network.
Page 97: Updating Firmware
Non-destructive firmware updates overwrite the firmware but keep the configurations intact. Symantec periodically releases updates to the firmware. There are three ways to update the firmware on your appliance: Automatically using the Scheduler in LiveUpdate...
Page 98 LiveUpdate optional settings let you configure a connection to a LiveUpdate server through an HTTP proxy server. Use this feature only in the following situations: The appliance is located behind a Symantec Gateway Security appliance using an HTTP proxy server. The appliance is located behind a third party device using HTTP proxy server.
Page 99 LiveUpdate server configurations Location Description Symantec LiveUpdate server: http://liveupdate.symantec.com. This is the standard Symantec corporate LiveUpdate site which broadcasts firmware availability. It is the default configuration in your appliance. Internal Live Update server at a remote internal location, protected by a VPN tunnel.
Page 100: Upgrading Firmware Manually
Symantec Technical Support, you should check the Symantec Web for the latest version of the firmware. Your current firmware version number is available on the Status tab.
Page 101 Figure 9-3 shows the rear panel of models 460 and 460R. This figure is for reference only; the full description of each feature is available in the Symantec Gateway Security 400 Series Installation Guide. Figure 9-3 Models 460 and 460R rear panel To flash the firmware To turn off the power, press the power button on the back panel of the appliance.
Page 102: Checking Firmware Update Status
If a LiveUpdate fails because of an HTTP error, the failure is logged along with the HTTP error message reported by the HTTP client. To check firmware update status It is important to know the version of the firmware on the appliance if you plan to contact Symantec Technical Support. “Status tab field descriptions”...
Page 103: Backing Up And Restoring Configurations
Note: You should not use a configuration backup file from an older version of the firmware to restore your settings unless instructed to do so by Symantec Technical Support. The backup file is created in the same folder on your hard drive where you put the symcftpw application. In the symcftpw application, you can specify where to store the backup file, such as a a floppy disk.
Page 104: Resetting The Appliance
Reset to the reserved application The firmware resets to the last all.bin firmware file that was used to flash the appliance. This is either the factory firmware or a firmware upgrade that you downloaded from the Symantec Web site and applied to the appliance.
Page 105: Interpreting Leds
Figure 9-6 shows the front panel on all 400 Series appliances. This figure is for reference only; the full description of each feature is available in the Symantec Gateway Security 400 Series Installation Guide. Figure 9-6 Symantec Gateway Security 400 Series appliance front panel Table 9-2 describes each LED.
Page 106: Liveupdate And Firmware Upgrade Led Sequences
Logging, monitoring and updates Interpreting LEDs The LEDs on the front panel of the appliance have three states: solid on, flashing, and solid off. The combination of the Error and Transmit LED states indicate the status of the appliance. Table 9-3 describes the LEDs state combinations and appliance status that they indicate.
Page 107: Appendix A Troubleshooting
The Debug information feature provides a high level of detail of the system events information in the log. Debug mode gives more detailed information in the status log that is useful for Symantec Technical Support or for troubleshooting. The default user mode provides general information about actions taken defined by the security policy.
Page 108: Accessing Troubleshooting Information
On the top of the home page, click support. Under Product Support > enterprise, click Continue. On the Support enterprise page, under Technical Support, click knowledge base. Under select a knowledge base, scroll down and click Symantec Gateway Security 400 Series.
Page 109 Troubleshooting Accessing troubleshooting information Click your specific product name and model. On the knowledge base page for your appliance model, do any of the following: On the Hot Topics tab, click any of the items in the list to view a detailed list of knowledge base articles on that topic.
Page 110 Troubleshooting Accessing troubleshooting information...
Page 111: Appendix B Licensing
This license governs any releases, revisions, or enhancements to the Software that the Licensor may furnish to You. Except as may be modified by a Symantec license certificate, license coupon, or license key (each a “License Module”) which accompanies, precedes, or follows this license, and as may be further...
Page 112 Licensing SYMANTEC GATEWAY SECURITY APPLIANCE (300/400 SERIES) LICENSE AND WARRANTY AGREEMENT of the Software, Symantec consents to the transfer and the transferee agrees in writing to the terms and conditions of this agreement. You may not: A. ________________ sublicense, rent or lease any portion of the Software; reverse engineer, decompile, disassemble, modify, translate, make any attempt to discover the source code of the Software, or create derivative works from the Software;...
Page 113 Appliance, Symantec will return such repaired or replacement Appliance to You, freight and insurance prepaid. In the event that Symantec, in its sole discretion, determines that it is unable to replace or repair the Hardware, Symantec will refund to You the F.O.B. price paid by You for the defective Appliance.
Page 114 Designated Narcotics Traffickers, or Specially Designated Terrorists. Furthermore, Licensee agrees not to export, or re-export, Symantec products to any military entity not approved under the EAR, or to any other entity for any military purpose, nor will it sell any Symantec product for use in connection with chemical, biological, or nuclear weapons or missiles capable of delivering such weapons.
Page 115 Certificate. An auditor, selected by Symantec and reasonably acceptable to Licensee, may, upon reasonable notice and during normal business hours, but not more often than once each year, inspect Licensee's records in order to confirm the legal use of the Software. Symantec shall bear the costs of any such audit.
Page 116 Licensing SYMANTEC GATEWAY SECURITY APPLIANCE (300/400 SERIES) CLIENT-TO-GATEWAY VPN ADDITIVE LICENSE AND 8.0 MEDIA KIT...
Page 117: Appendix C Field Descriptions
Appendix Field descriptions This chapter includes the following topics: Logging/Monitoring field descriptions Administration field descriptions LAN field descriptions WAN/ISP field descriptions Firewall field descriptions VPN field descriptions IDS/IPS field descriptions Antivirus Policy field descriptions Content Filtering field descriptions Logging/Monitoring field descriptions The security gateway provides configurable system logging features and tabs for viewing the system logs and monitoring system status.
Page 118: Status Tab Field Descriptions
Field descriptions Logging/Monitoring field descriptions Status tab field descriptions The Status tab shows the current conditions and settings of the security gateway. Table C-1 Status tab field descriptions Section Field Description WAN (External Port) Connection Status Displays whether the WAN port is connected or disconnected to the Internet or an internal network.
Page 119: View Log Tab Field Descriptions
Field descriptions Logging/Monitoring field descriptions Table C-1 Status tab field descriptions (Continued) Section Field Description Unit Firmware Version Displays the factory firmware version or the firmware version from the most recent LiveUpdate or manual update. Language Version Displays the factory version or the most recent update. Model Displays the model number of the security gateway.
Page 120: Log Settings Tab Field Descriptions
Field descriptions Logging/Monitoring field descriptions Log Settings tab field descriptions The Log Settings tab lets you configure settings that control email notification, the types of messages that are logged, and the time listed for each log message. Table C-3 Log Settings field descriptions Section Field Description...
Page 121: Troubleshooting Tab Field Descriptions
Field descriptions Administration field descriptions Troubleshooting tab field descriptions The Troubleshooting tab helps you troubleshoot your security gateway with debug options, and testing tools. Table C-4 Troubleshooting tab field descriptions Section Field Description Broadcast Debug Level Forward WAN packets Enables forwarding of WAN packets to LAN. This is useful to check to LAN the WAN packets for troubleshooting without having to set up additional equipment.
Page 122: Advanced Management Tab Field Descriptions
Allows a firmware upgrade from the range of IP addresses. Firmware Upgrade Advanced Management tab field descriptions The Advanced Management tab lets you configure your security gateway to be managed by the Symantec Management Console. Table C-6 Advanced Management tab field descriptions...
Page 123: Snmp Tab Field Descriptions
Field descriptions Administration field descriptions Table C-6 Advanced Management tab field descriptions (Continued) Section Field Description Local SESA Agent Refresh Click Refresh to refresh the Local SESA Agent Status. Status Get Configuration Click Get Configuration to download the configuration from the organizational unit selected above.
Page 124: Liveupdate Tab Field Descriptions
General Settings LiveUpdate Server IP address or fully qualified domain name of the LiveUpdate server from which to get firmware updates. The default address is http:// liveupdate.symantec.com. Automatic Updates Enable Scheduler Enables the LiveUpdate scheduler. This lets you schedule times for the security gateway to automatically check for firmware updates, and then apply them.
Page 125: Lan Field Descriptions
Field descriptions LAN field descriptions Table C-9 LiveUpdate tab field descriptions (Continued) Section Field Description Optional Settings HTTP Proxy Server Enables the security gateway to contact the LiveUpdate server through a HTTP proxy server. Proxy Server Address IP address of the HTTP proxy server through which the LiveUpdate server gets the firmware updates.
Page 126 Field descriptions LAN field descriptions Table C-10 LAN IP & DHCP tab field descriptions (Continued) Section Field Description DHCP DHCP Server Clicking Enable makes the security gateway act as a DHCP server. To use another DHCP server, or if the clients use static IP addresses, click Disable.
Page 127: Port Assignments Tab Field Descriptions
WAN/ISP field descriptions The Symantec Gateway Security 300/400 Series WAN/ISP functionality provides connections to the outside world. This can be the Internet, a corporate network, or any other external private or public network. You can also configure the WAN port to connect to an internal LAN when the security gateway is protecting an internal subnet.
Page 128: Main Setup Tab Field Descriptions
Field descriptions WAN/ISP field descriptions Main Setup tab field descriptions On the Main Setup tab, you select your connection type and configure the security gateway’s identification settings. Table C-12 Main Setup tab field descriptions Section Fields Description Connection Type Connection Type The following connection types are supported: DHCP (Auto IP) (Single WAN port...
Page 129: Static Ip & Dns Tab Field Descriptions
Field descriptions WAN/ISP field descriptions Static IP & DNS tab field descriptions Use the Static IP & DNS tab to configure the security gateway to connect to the Internet with a static IP address and DNS servers, or to connect to your intranet. Table C-13 Static IP and DNS tab field descriptions Section...
Page 130: Dial-Up Backup & Analog/Isdn Tab Field Descriptions
Field descriptions WAN/ISP field descriptions Table C-14 PPPoE tab field descriptions (Continued) Section Field Description Connection Connect on Demand Lets the security gateway create a connection to the PPPoE account only when an internal user makes a request, such as browsing to a Web page.
Page 131 Field descriptions WAN/ISP field descriptions Table C-15 Dial-up or ISDN tab field descriptions (Continued) Section Field Description ISP Account User Name User name for the dial-up account. Information Password Password for the dial-up account. Verify Password Retype the password for the dial-up account. IP Address If you have a static IP address with your ISP, type it here;...
Page 132: Pptp Tab Field Descriptions
Field descriptions WAN/ISP field descriptions Table C-15 Dial-up or ISDN tab field descriptions (Continued) Section Field Description Analog Status Port Status Describes the status of the serial port on the security gateway where the modem is connected. Possible port status values include: Idle Dialing Internet Access...
Page 133: Dynamic Dns Tab Field Descriptions
WAN Port WAN port on which you want to configure dynamic DNS. (Dual WAN port models) Force DNS Update Clicking Update sends updated IP information to the dynamic DNS service. Select this field only if requested by Symantec Technical Support.
Page 134: Routing Tab Field Descriptions
Field descriptions WAN/ISP field descriptions Table C-17 Dynamic DNS tab field descriptions (Continued) Section Field Description TZO Dynamic DNS An alphanumeric string of characters that acts as a password for the Service TZO account. TZO sends the key when the account is created. The maximum TZO key length is 16 characters.
Page 135 Field descriptions WAN/ISP field descriptions Table C-18 Routing tab field descriptions (Continued) Section Field Description Static Routes Route Entry Select an entry from the list to edit or delete. Destination IP IP address/subnet for traffic requiring routing. Netmask Netmask (used with the destination IP address) to set range of IP addresses for traffic requiring routing.
Page 136: Advanced Tab Field Descriptions
Field descriptions WAN/ISP field descriptions Advanced tab field descriptions Use the Advanced tab to configure optional connection settings and the DNS gateway. Table C-19 Advanced tab field descriptions Section Field Description Load Balancing WAN 1 Load Percentage of traffic to pass through WAN 1. The remainder of traffic passes through WAN 2.
Page 137: Firewall Field Descriptions
Firewall field descriptions Firewall field descriptions The Symantec Gateway Security 300/400 Series includes firewall technology that lets you define inbound and outbound rules governing the traffic that passes through the security gateway. When configuring the firewall you need to identify all nodes (computers) that are protected on your network.
Page 138: Computer Groups Tab Field Descriptions
Block Connections A client with non-compliant virus software or virus definitions is denied access to the external network. The client is allowed access to the Symantec Antivirus CE Server or LiveUpdate server to bring their virus definitions into compliance.
Page 139: Inbound Rules Field Descriptions
Field descriptions Firewall field descriptions Table C-21 Computer Groups tab field descriptions (Continued) Section Field Description Content Filtering Enable Content If you enable content filtering for the selected computer group, the Filtering security gateway allows or blocks access to URLs contained in the Content Filtering allow and deny lists.
Page 140: Outbound Rules Tab Field Descriptions
Field descriptions Firewall field descriptions Outbound Rules tab field descriptions The Outbound Rules tab lets you define the types of traffic that can leave your network to access other networks or the Internet. Table C-23 Outbound Rules tab field descriptions Section Field Description...
Page 141: Special Applications Tab Field Descriptions
Field descriptions Firewall field descriptions Table C-24 Services tab field descriptions (Continued) Section Field Description Application Settings Name Name of the service you are creating. Protocol Select the protocol associated with the service. Options include: The default depends on the selection you made in the Application drop-down list.
Page 142 Field descriptions Firewall field descriptions Table C-25 Special Applications tab field descriptions (Continued) Section Field Description Special Application Name Name of the special application. Settings Enable Enables the special application for all computer groups. Incoming Protocol Protocol for the incoming packets. Options include: Listen on Port(s) Range of ports on which the packets are received.
Page 143: Advanced Tab Field Descriptions
Keep this setting at the default 2 SPI (Security Parameter Indices) unless instructed by Symantec Technical Support to change it. The None setting lets VPN clients be used in exposed host mode if they are having problems connecting from behind the security gateway.
Page 144: Vpn Field Descriptions
(such as the Internet) to safely transport sensitive data. VPNs are used to allow a single user or a remote network access to the protected resources of another network. The Symantec Gateway Security 300/400 Series security gateways support two types of VPN tunnels: Gateway-to-Gateway and Client-to-Gateway.
Page 145: Dynamic Tunnels Tab Field Descriptions
The default value is Main Mode. VPN Policy Select a policy that dictates authentication, encryption, and timeout settings. The list contains Symantec pre-defined policies and any policies you created on the VPN Policies tab.
Page 146 Field descriptions VPN field descriptions Table C-27 Dynamic Tunnels field descriptions (Continued) Section Field Description Local Security Gateway PPPoE Session The default PPPoE session is Session 1. This requires an ISP PPPoE account. If you have a single-session PPPoE account, leave the PPPoE session at Session 1. Local Endpoint Port on the security gateway where you want the tunnel to end.
Page 147 Field descriptions VPN field descriptions Table C-27 Dynamic Tunnels field descriptions (Continued) Section Field Description Remote Security Gateway Address IP address or fully qualified domain name of the remote gateway (the Gateway gateway to which the tunnel will connect). The maximum number of alphanumeric characters for this text box is 128.
Page 148: Static Tunnels Tab Field Descriptions
Field descriptions VPN field descriptions Static Tunnels tab field descriptions The Static Tunnels tab lets you configure static Gateway-to-Gateway VPN tunnels for the security gateway. Table C-28 Static Tunnel tab field descriptions Section Field Description IPSec Security VPN Tunnel Select a tunnel to update or delete. Association Tunnel Name Name of the static tunnel.
Page 149: Client Tunnels Tab Field Descriptions
Field descriptions VPN field descriptions Table C-28 Static Tunnel tab field descriptions (Continued) Section Field Description Remote Security Gateway Address IP address or fully qualified domain name of the security gateway to Gateway which you are creating a tunnel. The maximum length for this field is 128 alphanumeric characters. NetBIOS Broadcast Clicking Enable allows browsing of the VPN network in the Network Neighborhood and file sharing on a Microsoft Windows computer.
Page 150: Client Users Tab Field Descriptions
User Name User name for the client user. The maximum number of alphanumeric characters for this value is 31. It must match the remote Client ID in Symantec Client VPN software. You can add up to 50 client users. Pre-Shared Key ISAKMP (IKE) authenticating key.
Page 151: Vpn Policies Tab Field Descriptions
Table C-31 VPN policies field descriptions Section Field Description IPsec Security VPN Policy Select a policy to update or delete. You cannot delete Symantec pre- Association (Phase 2) defined policies. Options include: Parameters ike_default_crypto ike_default_crypto_strong Static_default_crypto Static_default_crypto_strong Any VPN policies you created Name Name to assign to the policy.
Page 152: Vpn Status Tab Field Descriptions
Field descriptions VPN field descriptions Table C-31 VPN policies field descriptions (Continued) Section Field Description Data Volume Limit Maximum number of kilobytes allowed through a tunnel before a rekey is required. The default value is 2100000 KB (2050 MB). The maximum value is 4200000 KB (4101 MB).
Page 153: Advanced Tab Field Descriptions
The maximum value is 31 alphanumeric characters. VPN Policy VPN policy for VPN client tunnels for phase 2 tunnel negotiation. The list shows pre-defined Symantec policies and any policies you created on the VPN Policies tab. Dynamic VPN Client Enable Dynamic VPN...
Page 154: Ids/Ips Field Descriptions
IDS/IPS field descriptions IDS/IPS field descriptions The Symantec Gateway Security 300/400 Series provides intrusion detection and intrusion prevention (IDS/IPS). The IDS/IPS functions are enabled by default, and provide atomic packet protection with spoof protection and IP. You may disable IDS/IPS functionality at any time.
Page 155: Advanced Tab Field Descriptions
Field descriptions IDS/IPS field descriptions Table C-34 IDS Protection tab field descriptions (Continued) Section Field Description Protection List Attack Name Name of the IDS signatures. Block and Warn Displays Y for yes or N for no. Indicates if the Block and Warn protection setting is enabled for this signature.
Page 156: Antivirus Policy Field Descriptions
Policy Validation Verify AV Client is When enabled, this field lets you verify that Symantec antivirus Active software is installed and active on a client’s workstation. Options include:...
Page 157: Content Filtering Field Descriptions
Last Update Date and time when the client’s antivirus compliance was last checked. Product Name of the Symantec antivirus product that the client is using. Engine Version of the scan engine in the Symantec antivirus product that the client is using.
Page 158 Input URL Type a URL to add to the deny or allow list and then click Add. For example, www.symantec.com or myadultsite.com/mypics/me.html. The maximum length of a URL is 128 characters. Each filtering list can hold up to 100 entries. You add URLs one at a time.
Page 159: Appendix D Joining Security Gateways To Sesa
Management Interface (SGMI). As the local administrator, you must also have administrative privileges on the SESA Manager to join SESA. Note: Your SESA environment must be installed and fully operational before installing the Symantec Event Manager and Advanced Manager for Security Gateways (Group 2) v2.1. See the Symantec Enterprise Security Architecture Installation Guide for further information.
Page 160: Preparing To Join Sesa
By default, the SESA Manager runs with a self-signed anonymous certificate. You can configure SESA to use a certificate signed by a Certificate Authority (CA). See the Symantec Event Manager and Advanced Manager for Security Gateways (Group 2) v2.1 Administrator’s Guide for details.
Page 161: Joining Symantec Gateway Security 400 Series To Sesa
SESA password Determining your options for joining SESA For Symantec Gateway Security 400 Series appliances, there are two options for joining a security gateway to SESA. The option that you use depends on the selection you make from the Centralized Management area of the Advanced Management tab in the SGMI.
Page 162: Joining Sesa
Join a security gateway to SESA for the purpose of logging and reporting events only. To join SESA Use one of the following procedures to join Symantec Gateway Security 400 Series appliances to SESA. To join the local security gateway to SESA using the default organizational unit In the SGMI, in the left pane, click Administration.
Page 163: Viewing Sesa Agent Status
In the right pane, on the Advanced Management tab, under Centralized management, click Centralized Monitoring (Alerting, Logging, and Reporting). Under Symantec Enterprise Security Architecture (SESA) Registration, do the following: Management Server Type the IP address or the fully-qualified domain name of the SESA server.
Page 164: Understanding How Security Gateways Obtain Configurations From Sesa
In the right pane, on the Advanced Management tab, click Get Configuration. Logging on to the Symantec Management Console Once your security gateway joins SESA, you log on to the Symantec Management Console to begin managing the security gateway. To log on to the Symantec management console On your local security gateway system, or on the SESA Manager, open a browser window.
Page 165 To return to local management temporarily In the SGMI, in the left pane, click Administration. In the right pane, on the Advanced Management tab, under Symantec Enterprise Security Architecture (SESA) Registration, click Disconnect SESA. The security gateway temporarily leaves SESA and you can perform management functions from the local SGMI.
Page 166 Joining security gateways to SESA Leaving SESA...
Page 167: Glossary
Glossary action A predefined response to an event or alert by a system or application. activation The process of making a configuration available for download and notifying all associated security gateways that it is there. Successful validation is a required piece of the activation process. active A status that indicates that a program, job, policy, or scan is running.
Page 168 A network condition in which broadcast Ethernet or IP packets multiply through switches and cause congestion. Symantec Gateway Security 400 Series appliances offer broadcast storm protection to prevent the condition from affecting normal network traffic. buffer overflow attack An attack that exploits a known bug in one of the applications running on a server.
Page 169 A group of computers sharing the network portion of their host names, for example, symantec.com. Domain entities are registered within the Internet community. Registered domain entities end with an extension such as .com, .edu, or .gov or a country code such as .jp (Japan).
Page 170 FQDN (fully qualified A URL that consists of a host and domain name, including a top-level domain. For example, www.symantec.com is a domain name) fully qualified domain name. www is the host, symantec is the second-level domain, and .com is the top-level domain.
Page 171 Glossary inbound rule A defined security gateway rule that allows or denies inbound traffic (all inbound traffic is blocked by default). Inbound rules are configured to match specific protocols or services (like FTP or Web) and you can apply them to different computer groups.
Page 172 Glossary logon procedure The process of identifying oneself to a computer after connecting to it by means of a directly connected keyboard or over a communications line. During the logon procedure, the computer usually requests a user name and password. On a computer used by more than one person, the logon procedure identifies authorized users, keeps track of their usage time, and maintains security by controlling access to sensitive files or actions.
Page 173 Glossary OS (operating system) The interface between the hardware of the computer and applications (for example a word-processing program). For personal computers, the most popular operating systems are MacOS, Windows, DOS, and Linux. outbound rule A defined security gateway rule that allows or denies outbound traffic. Outbound rules are configured to match specific protocols or services (like FTP or Web) and you can apply them to different computer groups on the LAN.
Page 174 When you perform a task at the server group level in Symantec System Center, the task runs on the primary server. The primary server forwards the task to its secondary servers. If the primary server is running Alert Management System2, it processes all alerts.
Page 175 A computer that is running Symantec AntiVirus Corporate Edition Server software that is a child of a primary server. In a server group, all secondary servers retrieve information from the same primary server. If the secondary server is a parent server, it in turn passes information on to its managed clients.
Page 176 SESA-integrated product Any of the Symantec or non-Symantec security products from which SESA can receive events or to which SESA can relay events. Some products can be natively integrated through SESA, which provides additional capabilities and functions. See also SESA native product.
Page 177 A standard dial-up telephone connection; the type of line that is established when a call is routed through a switching station. See also leased line. Symantec management A Web-based console that provides SESA content viewing and management capabilities, letting administrators console perform event management, group management, and security policy configuration management.
Page 178 A file that provides information to antivirus software for finding and repairing viruses. In Symantec AntiVirus Corporate Edition, the administrator must regularly distribute updated virus definitions files to Symantec AntiVirus Corporate Edition servers and clients.
Page 179 Glossary wildcard character A symbol that enables multiple matching values to be returned based on a shared feature. The script language has two wildcards: the question mark (?) and the asterisk (*). The question mark stands for any single character, and the asterisk stands for any character string of any length.
Page 180 Glossary...
Page 181 76 allow list 86 client-to-gateway tunnels, global policy settings 79 analog connections 29 clusters antivirus clients 85 creating tunnels to Symantec Gateway 5400 Series Antivirus Policy settings 17, 156 clusters 72 AVpe 83 command buttons 17 antivirus server status 85 compression, tunnel 66 app.bin firmware 97...
Page 182 Index idle renew 38 verifying connectivity 38 internal connections 49 Dial-up Backup & Analog/ISDN tab 36, 130 log preferences 93 Digital Service Unit (DSU) 29 Maximum Transmission Unit (MTU) 39 disabling new computers 54 dynamic DNS 41 password 19 NAT mode 62 port assignments 51 disconnect idle PPPoE connections 30 PPTP 34...
Page 183 Index Global IKE Policy 66 global policy settings, client-to-gateway tunnels 79 LAN IP & DHCP tab 49, 50, 125 LAN IP address 49 LAN IP settings 49 LAN settings 17 HA. See high availability LAN IP & DHCP 49, 50, 125 help 16 Port Assignments 51, 127 Help button 17...
Page 184 SESA management 164 returning to local management rear panel temporarily 165 420 and 440 appliance 36 Symantec Gateway Security 5400 Series 71, 72 460 and 460R 36 Symantec management console 11 redirecting services 59 Syndrop 89 remote gateway administrator, sharing information 75...
Page 185 PPPoE 31, 129 configuring client-to-gateway tunnels 76 PPTP 34, 132 creating custom phase 2 policies 67 Routing 42, 134 creating tunnels to Symantec Gateway Security 5400 Series Static IP & DNS 33, 129 clusters 72 Winnuke 90 encryption key lengths 74...
Page 186 Index...

This manual is also suitable for:

Gateway security 400 series Gateway security 420 Gateway security 440 Gateway security 460

Symantec 460R - Gateway Security Administrator's Manual

Chapter 1 Introducing the Symantec Gateway Security 400 Series

Chapter 2 Administering the Security Gateway

Chapter 3 Configuring a Connection to the Outside Network

Chapter 4 Configuring Internal Connections

Chapter 5 Network Traffic Control

Chapter 6 Establishing Secure VPN Connections

Chapter 7 Advanced Network Traffic Control

Chapter 8 Preventing Attacks

Chapter 9 Logging, Monitoring and Updates

Appendix A Troubleshooting

Appendix B Licensing

Appendix C Field Descriptions

Appendix D Joining Security Gateways to SESA

Quick Links

Troubleshooting

Need help?

Questions and answers

Subscribe to Our Youtube Channel

Related Manuals for Symantec 460R - Gateway Security

Summary of Contents for Symantec 460R - Gateway Security

This manual is also suitable for:

Table of Contents